require 'rails_helper' require 'mime/types' RSpec.describe UsersController, type: :controller do let!(:params) { FactoryBot.attributes_for(:user) } let!(:invalid_params) { params.merge(:steamid => (50..150).map { (65 + rand(26)).chr }.join) } let!(:admin) { create(:user, :admin) } let!(:user) { create(:user).reload } before :all do create(:user) end # TODO: check flash describe 'GET #index' do it "renders the template" do get :index expect(response).to render_template("index") end it "assigns users" do get :index # TODO expect(assigns(:users)) end # TODO Test pagination + search end describe 'GET #popup' do context 'with valid user' do it "renders the template" do login_admin get :popup, params: {:id => user.id}, xhr: true expect(response).to render_template("popup") end # Check for pages TODO end end describe 'GET #agenda' do context 'with valid user' do it "renders the template" do login user.username get :agenda, params: {:id => user.id} expect(response).to render_template("agenda") end end context 'with admin access' do it "renders the template" do login_admin get :agenda, params: {:id => user.id} expect(response).to render_template("agenda") end # Check for pages TODO end context 'with valid user access another user' do it "respond with 403" do user2 = create(:user) login user.username get :agenda, params: {:id => user2.id} expect(response).to have_http_status(:forbidden) end end end describe 'GET #history' do context 'with admin access' do it "renders the template" do login_admin get :history, params: {:id => user.id} expect(response).to render_template("history") end # Check for pages TODO end context 'without admin access' do it "respond with 403" do user2 = create(:user) login user.username get :history, params: {:id => user2.id} expect(response).to have_http_status(:forbidden) end end end describe 'GET #edit' do let!(:user) { create(:user) } it "renders the template" do login_admin get :edit, params: {id: user.id} expect(response).to render_template("edit") end end context 'POST' do before(:each) do expect(:params).not_to eq(:invalid_params) end describe 'with valid values' do it "creates the model" do login_admin post :create, params: {:user => params} # user.any_instance.should_receive(:update_attributes).with(params) # FIXME: ignore lastvisit and raw_password expect(User.last).to have_attributes(params.except(:raw_password,)) end it "redirects correctly" do login_admin post :create, params: {:user => params} expect(response).to redirect_to(user_path(User.last)) end end describe 'with invalid values' do it "does not create the model" do login_admin count = User.count post :create, params: {:user => invalid_params} # user.any_instance.should_receive(:update_attributes).with(params) expect(User.count).to eq(count) end it "renders :new" do login_admin post :create, params: {:user => invalid_params} expect(response).to render_template("new") end end end context 'PUT' do describe 'with valid values' do it "updates the model" do login_admin params = FactoryBot.attributes_for(:user) put :update, params: {:id => user.id, :user => params} # user.any_instance.should_receive(:update_attributes).with(params) expect(User.find(user.id).attributes).not_to eq(user.attributes) end it "redirects correctly" do login_admin request.env["HTTP_REFERER"] = "where_i_came_from" put :update, params: {:id => user.id, :user => params} expect(response).to redirect_to("where_i_came_from") end end describe 'with invalid values' do it "does not update the model" do login_admin put :update, params: {:id => user.id, :user => invalid_params} expect(User.find(user.id).attributes).to eq(user.attributes) end it "renders :edit" do login_admin put :update, params: {:id => user.id, :user => invalid_params} expect(response).to render_template("edit") end end end context 'DELETE' do describe 'with valid parameters' do it "deletes the model" do login_admin count = User.count delete :destroy, params: {:id => user.id} expect(User.where(id: user.id).count).to eq(0) expect(User.count).to eq(count - 1) # user.any_instance.should_receive(:update_attributes).with(params) end it "redirects correctly" do login_admin request.env["HTTP_REFERER"] = "where_i_came_from" delete :destroy, params: {:id => user.id} expect(response).to redirect_to(users_path()) end end describe 'without access' do it "does not delete the model" do login(user.username) count = User.all.count delete :destroy, params: {:id => user.id} expect(User.count).to eq(count) end end end context 'POST #login' do describe 'with valid values' do it "set the session ID (logs in)" do post :login, params: {login: {username: user.username, password: user.raw_password}} expect(session[:user]).to eq(user.id) end # TODO #expect(User).to have_received(:authenticate).with(params[:login]) it "redirects correctly" do request.env["HTTP_REFERER"] = "where_i_came_from" post :login, params: {login: {username: user.username, password: user.raw_password}} expect(response).to redirect_to("where_i_came_from") end end describe 'with invalid values' do it "fails to set the session ID" do post :login, params: {login: {username: user.username, password: user.raw_password + "foo"}} expect(session[:user]).not_to eq(user.id) end end describe 'banned accounts cannot log in' do it "fails to set the session ID" do ban = create(:ban, user: user) post :login, params: {login: {username: user.username, password: user.raw_password}} expect(session[:user]).not_to eq(user.id) end end end context 'GET #forgot' do describe 'with valid values' do it "renders the template" do get :forgot expect(response).to render_template("forgot") end end end context 'POST #forgot' do describe 'with valid values' do it "renders the template" do #TODO: mock this function post :forgot, params: {username: user.username, email: user.email} expect(response).to render_template("forgot") end it "calls the function" do # User.any_instance.stub(:send_new_password).and_return(true) allow_any_instance_of(User).to receive(:send_new_password).and_return(true) post :forgot, params: {username: user.username, email: user.email} # FIXME # expect_any_instance_of(User).to receive(:send_new_password) end end end end