mirror of
https://github.com/ENSL/ensl.org.git
synced 2025-01-28 04:00:45 +00:00
Update uers_contoller and add almost working spec.
This commit is contained in:
parent
86d098b74d
commit
a41b28ae23
8 changed files with 307 additions and 40 deletions
4
Gemfile
4
Gemfile
|
@ -104,7 +104,11 @@ group :test do
|
||||||
gem 'test-unit'
|
gem 'test-unit'
|
||||||
gem 'timecop'
|
gem 'timecop'
|
||||||
|
|
||||||
|
# FOr JS test
|
||||||
|
gem 'mime-types'
|
||||||
|
|
||||||
# Use dev versions because of rspec bug
|
# Use dev versions because of rspec bug
|
||||||
|
|
||||||
gem 'rspec-core', git: 'https://github.com/rspec/rspec-core'
|
gem 'rspec-core', git: 'https://github.com/rspec/rspec-core'
|
||||||
gem 'rspec-expectations', git: 'https://github.com/rspec/rspec-expectations'
|
gem 'rspec-expectations', git: 'https://github.com/rspec/rspec-expectations'
|
||||||
gem 'rspec-mocks', git: 'https://github.com/rspec/rspec-mocks'
|
gem 'rspec-mocks', git: 'https://github.com/rspec/rspec-mocks'
|
||||||
|
|
|
@ -464,6 +464,7 @@ DEPENDENCIES
|
||||||
i18n-js
|
i18n-js
|
||||||
i18n_country_select
|
i18n_country_select
|
||||||
jquery-rails
|
jquery-rails
|
||||||
|
mime-types
|
||||||
mysql2
|
mysql2
|
||||||
neat (~> 1.6.0)
|
neat (~> 1.6.0)
|
||||||
newrelic_rpm
|
newrelic_rpm
|
||||||
|
|
|
@ -45,7 +45,7 @@ class ApplicationController < ActionController::Base
|
||||||
end
|
end
|
||||||
|
|
||||||
rescue_from Error do |exception|
|
rescue_from Error do |exception|
|
||||||
render text: exception.message, layout: true
|
render text: exception.message, layout: true, status: 500
|
||||||
end
|
end
|
||||||
|
|
||||||
rescue_from ActiveRecord::StaleObjectError do |exception|
|
rescue_from ActiveRecord::StaleObjectError do |exception|
|
||||||
|
|
|
@ -2,9 +2,11 @@ class UsersController < ApplicationController
|
||||||
before_action :get_user, only: [:show, :history, :popup, :agenda, :edit, :update, :destroy]
|
before_action :get_user, only: [:show, :history, :popup, :agenda, :edit, :update, :destroy]
|
||||||
respond_to :html, :js
|
respond_to :html, :js
|
||||||
|
|
||||||
|
PAGES = ["general", "favorites", "computer", "articles", "movies", "teams", "matches", "predictions", "comments"]
|
||||||
|
|
||||||
def index
|
def index
|
||||||
search = params[:search]
|
search = params[:search]
|
||||||
if search && search.match(/^ip:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/) && cuser && cuser.admin?
|
if search && search.match(/^ip:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/) && cuser&.admin?
|
||||||
@users = User.where(lastip: $1).paginate(per_page: 40, page: params[:page])
|
@users = User.where(lastip: $1).paginate(per_page: 40, page: params[:page])
|
||||||
else
|
else
|
||||||
if params[:filter] == 'lately'
|
if params[:filter] == 'lately'
|
||||||
|
@ -19,26 +21,25 @@ class UsersController < ApplicationController
|
||||||
@page = "general"
|
@page = "general"
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
format.js do
|
format.js do
|
||||||
pages = ["general", "favorites", "computer", "articles", "movies", "teams", "matches", "predictions", "comments"]
|
@page = params[:page] if self.PAGES.include?(params[:page])
|
||||||
if pages.include?(params[:page])
|
|
||||||
@page = params[:page]
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
format.html {}
|
format.html {}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# FIXME: consider merging
|
||||||
|
def popup
|
||||||
|
render layout: false
|
||||||
|
end
|
||||||
|
|
||||||
def agenda
|
def agenda
|
||||||
|
raise AccessError unless @user == cuser or cuser&.admin?
|
||||||
@teamer = Teamer.new
|
@teamer = Teamer.new
|
||||||
@teamer.user = @user
|
@teamer.user = @user
|
||||||
end
|
end
|
||||||
|
|
||||||
def history
|
def history
|
||||||
raise AccessError unless cuser and cuser.admin?
|
raise AccessError unless cuser&.admin?
|
||||||
end
|
|
||||||
|
|
||||||
def popup
|
|
||||||
render layout: false
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def new
|
def new
|
||||||
|
@ -89,37 +90,35 @@ class UsersController < ApplicationController
|
||||||
redirect_to users_url
|
redirect_to users_url
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# FIXME: maybe move to session controller
|
||||||
def login
|
def login
|
||||||
return unless request.post?
|
if params[:login] && (u = User.authenticate(params[:login]))
|
||||||
|
if u.banned? Ban::TYPE_SITE
|
||||||
if u = User.authenticate(params[:login][:username].downcase, params[:login][:password])
|
flash[:notice] = t(:accounts_locked)
|
||||||
raise Error, t(:accounts_locked) if u.banned? Ban::TYPE_SITE
|
else
|
||||||
|
|
||||||
flash[:notice] = t(:login_successful)
|
flash[:notice] = t(:login_successful)
|
||||||
save_session u
|
save_session u
|
||||||
|
end
|
||||||
|
else
|
||||||
|
flash[:error] = t(:login_unsuccessful)
|
||||||
|
end
|
||||||
|
# FIXME: check return on rails 6
|
||||||
if session[:return_to]
|
if session[:return_to]
|
||||||
return_to
|
return_to
|
||||||
else
|
else
|
||||||
redirect_to_back
|
redirect_to_back
|
||||||
end
|
end
|
||||||
else
|
|
||||||
flash[:error] = t(:login_unsuccessful)
|
|
||||||
redirect_to_back
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def logout
|
def logout
|
||||||
if request.post?
|
|
||||||
session[:user] = nil
|
session[:user] = nil
|
||||||
flash[:notice] = t(:login_out)
|
flash[:notice] = t(:login_out)
|
||||||
redirect_to :root
|
redirect_to :root
|
||||||
end
|
end
|
||||||
end
|
|
||||||
|
|
||||||
def forgot
|
def forgot
|
||||||
if request.post?
|
if request.post?
|
||||||
if u = User.first(:conditions => {:username => params[:username], :email => params[:email]}) and u.send_new_password
|
if (user1 = User.where(username: params[:username], email: params[:email]).first) && user1.send_new_password
|
||||||
flash[:notice] = t(:passwords_sent)
|
flash[:notice] = t(:passwords_sent)
|
||||||
else
|
else
|
||||||
flash[:error] = t(:incorrect_information)
|
flash[:error] = t(:incorrect_information)
|
||||||
|
@ -137,6 +136,6 @@ class UsersController < ApplicationController
|
||||||
session[:user] = user.id
|
session[:user] = user.id
|
||||||
user.lastip = request.ip
|
user.lastip = request.ip
|
||||||
user.lastvisit = DateTime.now
|
user.lastvisit = DateTime.now
|
||||||
user.save()
|
user.save
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -299,6 +299,7 @@ class User < ActiveRecord::Base
|
||||||
self.time_zone = "Amsterdam"
|
self.time_zone = "Amsterdam"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Password should store password and password_hash shoulds store
|
||||||
def update_password
|
def update_password
|
||||||
self.password = Digest::MD5.hexdigest(raw_password) if raw_password and raw_password.length > 0
|
self.password = Digest::MD5.hexdigest(raw_password) if raw_password and raw_password.length > 0
|
||||||
end
|
end
|
||||||
|
@ -329,8 +330,8 @@ class User < ActiveRecord::Base
|
||||||
cuser and cuser.admin?
|
cuser and cuser.admin?
|
||||||
end
|
end
|
||||||
|
|
||||||
def self.authenticate(username, password)
|
def self.authenticate(login)
|
||||||
where("LOWER(username) = LOWER(?)", username).where(:password => Digest::MD5.hexdigest(password)).first
|
where("LOWER(username) = LOWER(?)", login[:username]).where(password: Digest::MD5.hexdigest(login[:password])).first
|
||||||
end
|
end
|
||||||
|
|
||||||
def self.get id
|
def self.get id
|
||||||
|
|
|
@ -32,6 +32,8 @@ Ensl::Application.routes.draw do
|
||||||
resources :categories
|
resources :categories
|
||||||
resources :options
|
resources :options
|
||||||
resources :polls
|
resources :polls
|
||||||
|
resources :custom_urls, only: [:create, :update, :destroy]
|
||||||
|
resources :brackets
|
||||||
|
|
||||||
get 'comments/quote'
|
get 'comments/quote'
|
||||||
|
|
||||||
|
@ -51,7 +53,12 @@ Ensl::Application.routes.draw do
|
||||||
get 'forums/down'
|
get 'forums/down'
|
||||||
|
|
||||||
resources :forums
|
resources :forums
|
||||||
resources :users
|
resources :users do
|
||||||
|
collection do
|
||||||
|
get 'forgot'
|
||||||
|
post 'forgot'
|
||||||
|
end
|
||||||
|
end
|
||||||
resources :locks
|
resources :locks
|
||||||
resources :contesters
|
resources :contesters
|
||||||
|
|
||||||
|
@ -84,8 +91,6 @@ Ensl::Application.routes.draw do
|
||||||
get :quote
|
get :quote
|
||||||
end
|
end
|
||||||
|
|
||||||
resources :brackets
|
|
||||||
|
|
||||||
get 'about/action'
|
get 'about/action'
|
||||||
get 'about/staff'
|
get 'about/staff'
|
||||||
get 'about/adminpanel'
|
get 'about/adminpanel'
|
||||||
|
@ -133,13 +138,10 @@ Ensl::Application.routes.draw do
|
||||||
get 'users/login'
|
get 'users/login'
|
||||||
get 'users/logout'
|
get 'users/logout'
|
||||||
get 'users/popup'
|
get 'users/popup'
|
||||||
get 'users/forgot', to: "users#forgot"
|
|
||||||
|
|
||||||
get 'votes/create'
|
get 'votes/create'
|
||||||
get "polls/showvotes/:id", to: "polls#showvotes", as: "polls_showvotes"
|
get "polls/showvotes/:id", to: "polls#showvotes", as: "polls_showvotes"
|
||||||
|
|
||||||
resources :custom_urls, only: [:create, :update, :destroy]
|
|
||||||
|
|
||||||
get "custom_urls", to: "custom_urls#administrate"
|
get "custom_urls", to: "custom_urls#administrate"
|
||||||
|
|
||||||
get ':controller/:action', requirements: { action: /A-Za-z/ }
|
get ':controller/:action', requirements: { action: /A-Za-z/ }
|
||||||
|
|
|
@ -1,3 +1,263 @@
|
||||||
RSpec.describe UsersController, type: :controller do
|
require 'rails_helper'
|
||||||
|
require 'mime/types'
|
||||||
|
|
||||||
|
RSpec.describe UsersController, type: :controller do
|
||||||
|
let!(:params) { FactoryBot.attributes_for(:user) }
|
||||||
|
let!(:invalid_params) { params.merge(:steamid => (50..150).map { (65 + rand(26)).chr }.join) }
|
||||||
|
let!(:admin) { create(:user, :admin) }
|
||||||
|
let!(:user) { create(:user) }
|
||||||
|
|
||||||
|
before :all do
|
||||||
|
create(:user)
|
||||||
|
end
|
||||||
|
|
||||||
|
# TODO: check flash
|
||||||
|
|
||||||
|
describe 'GET #index' do
|
||||||
|
it "renders the template" do
|
||||||
|
get :index
|
||||||
|
expect(response).to render_template("index")
|
||||||
|
end
|
||||||
|
|
||||||
|
it "assigns users" do
|
||||||
|
get :index
|
||||||
|
# TODO
|
||||||
|
expect(assigns(:users))
|
||||||
|
end
|
||||||
|
|
||||||
|
# TODO Test pagination + search
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'GET #popup' do
|
||||||
|
context 'with valid user' do
|
||||||
|
it "renders the template" do
|
||||||
|
login_admin
|
||||||
|
get :popup, params: {:id => user.id}, xhr: true
|
||||||
|
expect(response).to render_template("popup")
|
||||||
|
end
|
||||||
|
# Check for pages TODO
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'GET #agenda' do
|
||||||
|
context 'with valid user' do
|
||||||
|
it "renders the template" do
|
||||||
|
login user.username
|
||||||
|
get :agenda, params: {:id => user.id}
|
||||||
|
expect(response).to render_template("agenda")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with admin access' do
|
||||||
|
it "renders the template" do
|
||||||
|
login_admin
|
||||||
|
get :agenda, params: {:id => user.id}
|
||||||
|
expect(response).to render_template("agenda")
|
||||||
|
end
|
||||||
|
# Check for pages TODO
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with valid user access another user' do
|
||||||
|
it "respond with 403" do
|
||||||
|
user2 = create(:user)
|
||||||
|
login user.username
|
||||||
|
get :agenda, params: {:id => user2.id}
|
||||||
|
expect(response).to have_http_status(:forbidden)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'GET #history' do
|
||||||
|
context 'with admin access' do
|
||||||
|
it "renders the template" do
|
||||||
|
login_admin
|
||||||
|
get :history, params: {:id => user.id}
|
||||||
|
expect(response).to render_template("history")
|
||||||
|
end
|
||||||
|
# Check for pages TODO
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'without admin access' do
|
||||||
|
it "respond with 403" do
|
||||||
|
user2 = create(:user)
|
||||||
|
login user.username
|
||||||
|
get :history, params: {:id => user2.id}
|
||||||
|
expect(response).to have_http_status(:forbidden)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'GET #edit' do
|
||||||
|
let!(:user) { create(:user) }
|
||||||
|
|
||||||
|
it "renders the template" do
|
||||||
|
login_admin
|
||||||
|
get :edit, params: {id: user.id}
|
||||||
|
expect(response).to render_template("edit")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'POST' do
|
||||||
|
before(:each) do
|
||||||
|
expect(:params).not_to eq(:invalid_params)
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'with valid values' do
|
||||||
|
it "creates the model" do
|
||||||
|
login_admin
|
||||||
|
post :create, params: {:user => params}
|
||||||
|
# user.any_instance.should_receive(:update_attributes).with(params)
|
||||||
|
# FIXME: ignore lastvisit and raw_password
|
||||||
|
expect(User.last).to have_attributes(params.except(:raw_password,))
|
||||||
|
end
|
||||||
|
|
||||||
|
it "redirects correctly" do
|
||||||
|
login_admin
|
||||||
|
post :create, params: {:user => params}
|
||||||
|
expect(response).to redirect_to(user_path(User.last))
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'with invalid values' do
|
||||||
|
it "does not create the model" do
|
||||||
|
login_admin
|
||||||
|
count = User.count
|
||||||
|
post :create, params: {:user => invalid_params}
|
||||||
|
# user.any_instance.should_receive(:update_attributes).with(params)
|
||||||
|
expect(User.count).to eq(count)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "renders :new" do
|
||||||
|
login_admin
|
||||||
|
post :create, params: {:user => invalid_params}
|
||||||
|
expect(response).to render_template("new")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'PUT' do
|
||||||
|
describe 'with valid values' do
|
||||||
|
it "updates the model" do
|
||||||
|
login_admin
|
||||||
|
params = FactoryBot.attributes_for(:user)
|
||||||
|
put :update, params: {:id => user.id, :user => params}
|
||||||
|
# user.any_instance.should_receive(:update_attributes).with(params)
|
||||||
|
expect(User.find(user.id).attributes).not_to eq(user.attributes)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "redirects correctly" do
|
||||||
|
login_admin
|
||||||
|
request.env["HTTP_REFERER"] = "where_i_came_from"
|
||||||
|
put :update, params: {:id => user.id, :user => params}
|
||||||
|
|
||||||
|
expect(response).to redirect_to("where_i_came_from")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'with invalid values' do
|
||||||
|
it "does not update the model" do
|
||||||
|
login_admin
|
||||||
|
put :update, params: {:id => user.id, :user => invalid_params}
|
||||||
|
expect(User.find(user.id).attributes).to eq(user.attributes)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "renders :edit" do
|
||||||
|
login_admin
|
||||||
|
put :update, params: {:id => user.id, :user => invalid_params}
|
||||||
|
expect(response).to render_template("edit")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'DELETE' do
|
||||||
|
describe 'with valid parameters' do
|
||||||
|
it "deletes the model" do
|
||||||
|
login_admin
|
||||||
|
count = User.count
|
||||||
|
delete :destroy, params: {:id => user.id}
|
||||||
|
|
||||||
|
expect(User.where(id: user.id).count).to eq(0)
|
||||||
|
expect(User.count).to eq(count - 1)
|
||||||
|
# user.any_instance.should_receive(:update_attributes).with(params)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "redirects correctly" do
|
||||||
|
login_admin
|
||||||
|
request.env["HTTP_REFERER"] = "where_i_came_from"
|
||||||
|
delete :destroy, params: {:id => user.id}
|
||||||
|
|
||||||
|
expect(response).to redirect_to(users_path())
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'without access' do
|
||||||
|
it "does not delete the model" do
|
||||||
|
login(user.username)
|
||||||
|
count = User.all.count
|
||||||
|
delete :destroy, params: {:id => user.id}
|
||||||
|
|
||||||
|
expect(User.count).to eq(count)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'POST #login' do
|
||||||
|
describe 'with valid values' do
|
||||||
|
it "set the session ID (logs in)" do
|
||||||
|
post :login, params: {login: {username: user.username, password: user.raw_password}}
|
||||||
|
expect(session[:user]).to eq(user.id)
|
||||||
|
end
|
||||||
|
|
||||||
|
# TODO
|
||||||
|
#expect(User).to have_received(:authenticate).with(params[:login])
|
||||||
|
|
||||||
|
it "redirects correctly" do
|
||||||
|
request.env["HTTP_REFERER"] = "where_i_came_from"
|
||||||
|
post :login, params: {login: {username: user.username, password: user.raw_password}}
|
||||||
|
expect(response).to redirect_to("where_i_came_from")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'with invalid values' do
|
||||||
|
it "fails to set the session ID" do
|
||||||
|
post :login, params: {login: {username: user.username, password: user.raw_password + "foo"}}
|
||||||
|
expect(session[:user]).not_to eq(user.id)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'banned accounts cannot log in' do
|
||||||
|
it "fails to set the session ID" do
|
||||||
|
ban = create(:ban, user: user)
|
||||||
|
post :login, params: {login: {username: user.username, password: user.raw_password}}
|
||||||
|
expect(session[:user]).not_to eq(user.id)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'GET #forgot' do
|
||||||
|
describe 'with valid values' do
|
||||||
|
it "renders the template" do
|
||||||
|
get :forgot
|
||||||
|
expect(response).to render_template("forgot")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'POST #forgot' do
|
||||||
|
describe 'with valid values' do
|
||||||
|
it "renders the template" do
|
||||||
|
#TODO: mock this function
|
||||||
|
post :forgot, params: {username: user.username, email: user.email}
|
||||||
|
expect(response).to render_template("forgot")
|
||||||
|
end
|
||||||
|
|
||||||
|
it "calls the function" do
|
||||||
|
# User.any_instance.stub(:send_new_password).and_return(true)
|
||||||
|
allow_any_instance_of(User).to receive(:send_new_password).and_return(true)
|
||||||
|
post :forgot, params: {username: user.username, email: user.email}
|
||||||
|
# FIXME
|
||||||
|
# expect_any_instance_of(User).to receive(:send_new_password)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
|
@ -8,7 +8,7 @@ FactoryBot.define do
|
||||||
lastname "Player"
|
lastname "Player"
|
||||||
country "EU"
|
country "EU"
|
||||||
raw_password "PasswordABC123"
|
raw_password "PasswordABC123"
|
||||||
lastvisit "Sun, 15 Mar 2020 13:31:06 +0000"
|
# lastvisit "Sun, 15 Mar 2020 13:31:06 +0000"
|
||||||
|
|
||||||
after(:create) do |user|
|
after(:create) do |user|
|
||||||
create(:profile, user: user)
|
create(:profile, user: user)
|
||||||
|
|
Loading…
Reference in a new issue