PageRenderTime 51ms CodeModel.GetById 21ms RepoModel.GetById 0ms app.codeStats 1ms

/spec/features/admin/admin_users_spec.rb

https://gitlab.com/beverett/gitlab-ce
Ruby | 412 lines | 317 code | 95 blank | 0 comment | 0 complexity | 2c80415b86bfe6a2ddbf3ebf2ea1c9fd MD5 | raw file
    

  1. require 'spec_helper'
    2. 

  2. 

  3. describe "Admin::Users" do
    4. 

  4.   let!(:user) do
    5. 

  5.     create(:omniauth_user, provider: 'twitter', extern_uid: '123456')
    6. 

  6.   end
    7. 

  7. 

  8.   let!(:current_user) { create(:admin) }
    9. 

  9. 

  10.   before do
    11. 

  11.     sign_in(current_user)
    12. 

  12.   end
    13. 

  13. 

  14.   describe "GET /admin/users" do
    15. 

  15.     before do
    16. 

  16.       visit admin_users_path
    17. 

  17.     end
    18. 

  18. 

  19.     it "is ok" do
    20. 

  20.       expect(current_path).to eq(admin_users_path)
    21. 

  21.     end
    22. 

  22. 

  23.     it "has users list" do
    24. 

  24.       expect(page).to have_content(current_user.email)
    25. 

  25.       expect(page).to have_content(current_user.name)
    26. 

  26.       expect(page).to have_content(user.email)
    27. 

  27.       expect(page).to have_content(user.name)
    28. 

  28.       expect(page).to have_link('Block', href: block_admin_user_path(user))
    29. 

  29.       expect(page).to have_button('Delete user')
    30. 

  30.       expect(page).to have_button('Delete user and contributions')
    31. 

  31.     end
    32. 

  32. 

  33.     describe 'Two-factor Authentication filters' do
    34. 

  34.       it 'counts users who have enabled 2FA' do
    35. 

  35.         create(:user, :two_factor)
    36. 

  36. 

  37.         visit admin_users_path
    38. 

  38. 

  39.         page.within('.filter-two-factor-enabled small') do
    40. 

  40.           expect(page).to have_content('1')
    41. 

  41.         end
    42. 

  42.       end
    43. 

  43. 

  44.       it 'filters by users who have enabled 2FA' do
    45. 

  45.         user = create(:user, :two_factor)
    46. 

  46. 

  47.         visit admin_users_path
    48. 

  48.         click_link '2FA Enabled'
    49. 

  49. 

  50.         expect(page).to have_content(user.email)
    51. 

  51.       end
    52. 

  52. 

  53.       it 'counts users who have not enabled 2FA' do
    54. 

  54.         visit admin_users_path
    55. 

  55. 

  56.         page.within('.filter-two-factor-disabled small') do
    57. 

  57.           expect(page).to have_content('2') # Including admin
    58. 

  58.         end
    59. 

  59.       end
    60. 

  60. 

  61.       it 'filters by users who have not enabled 2FA' do
    62. 

  62.         visit admin_users_path
    63. 

  63.         click_link '2FA Disabled'
    64. 

  64. 

  65.         expect(page).to have_content(user.email)
    66. 

  66.       end
    67. 

  67.     end
    68. 

  68.   end
    69. 

  69. 

  70.   describe "GET /admin/users/new" do
    71. 

  71.     before do
    72. 

  72.       visit new_admin_user_path
    73. 

  73.       fill_in "user_name", with: "Big Bang"
    74. 

  74.       fill_in "user_username", with: "bang"
    75. 

  75.       fill_in "user_email", with: "bigbang@mail.com"
    76. 

  76.     end
    77. 

  77. 

  78.     it "creates new user" do
    79. 

  79.       expect { click_button "Create user" }.to change {User.count}.by(1)
    80. 

  80.     end
    81. 

  81. 

  82.     it "applies defaults to user" do
    83. 

  83.       click_button "Create user"
    84. 

  84.       user = User.find_by(username: 'bang')
    85. 

  85.       expect(user.projects_limit)
    86. 

  86.         .to eq(Gitlab.config.gitlab.default_projects_limit)
    87. 

  87.       expect(user.can_create_group)
    88. 

  88.         .to eq(Gitlab.config.gitlab.default_can_create_group)
    89. 

  89.     end
    90. 

  90. 

  91.     it "creates user with valid data" do
    92. 

  92.       click_button "Create user"
    93. 

  93.       user = User.find_by(username: 'bang')
    94. 

  94.       expect(user.name).to eq('Big Bang')
    95. 

  95.       expect(user.email).to eq('bigbang@mail.com')
    96. 

  96.     end
    97. 

  97. 

  98.     it "calls send mail" do
    99. 

  99.       expect_any_instance_of(NotificationService).to receive(:new_user)
    100. 

  100. 

  101.       click_button "Create user"
    102. 

  102.     end
    103. 

  103. 

  104.     it "sends valid email to user with email & password" do
    105. 

  105.       perform_enqueued_jobs do
    106. 

  106.         click_button "Create user"
    107. 

  107.       end
    108. 

  108. 

  109.       user = User.find_by(username: 'bang')
    110. 

  110.       email = ActionMailer::Base.deliveries.last
    111. 

  111.       expect(email.subject).to have_content('Account was created')
    112. 

  112.       expect(email.text_part.body).to have_content(user.email)
    113. 

  113.       expect(email.text_part.body).to have_content('password')
    114. 

  114.     end
    115. 

  115.   end
    116. 

  116. 

  117.   describe "GET /admin/users/:id" do
    118. 

  118.     it "has user info" do
    119. 

  119.       visit admin_users_path
    120. 

  120.       click_link user.name
    121. 

  121. 

  122.       expect(page).to have_content(user.email)
    123. 

  123.       expect(page).to have_content(user.name)
    124. 

  124.       expect(page).to have_link('Block user', href: block_admin_user_path(user))
    125. 

  125.       expect(page).to have_button('Delete user')
    126. 

  126.       expect(page).to have_button('Delete user and contributions')
    127. 

  127.     end
    128. 

  128. 

  129.     describe 'Impersonation' do
    130. 

  130.       let(:another_user) { create(:user) }
    131. 

  131. 

  132.       before do
    133. 

  133.         visit admin_user_path(another_user)
    134. 

  134.       end
    135. 

  135. 

  136.       context 'before impersonating' do
    137. 

  137.         it 'shows impersonate button for other users' do
    138. 

  138.           expect(page).to have_content('Impersonate')
    139. 

  139.         end
    140. 

  140. 

  141.         it 'does not show impersonate button for admin itself' do
    142. 

  142.           visit admin_user_path(current_user)
    143. 

  143. 

  144.           expect(page).not_to have_content('Impersonate')
    145. 

  145.         end
    146. 

  146. 

  147.         it 'does not show impersonate button for blocked user' do
    148. 

  148.           another_user.block
    149. 

  149. 

  150.           visit admin_user_path(another_user)
    151. 

  151. 

  152.           expect(page).not_to have_content('Impersonate')
    153. 

  153. 

  154.           another_user.activate
    155. 

  155.         end
    156. 

  156.       end
    157. 

  157. 

  158.       context 'when impersonating' do
    159. 

  159.         before do
    160. 

  160.           click_link 'Impersonate'
    161. 

  161.         end
    162. 

  162. 

  163.         it 'logs in as the user when impersonate is clicked' do
    164. 

  164.           expect(page.find(:css, '.header-user .profile-link')['data-user']).to eql(another_user.username)
    165. 

  165.         end
    166. 

  166. 

  167.         it 'sees impersonation log out icon' do
    168. 

  168.           icon = first('.fa.fa-user-secret')
    169. 

  169. 

  170.           expect(icon).not_to be nil
    171. 

  171.         end
    172. 

  172. 

  173.         it 'logs out of impersonated user back to original user' do
    174. 

  174.           find(:css, 'li.impersonation a').click
    175. 

  175. 

  176.           expect(page.find(:css, '.header-user .profile-link')['data-user']).to eq(current_user.username)
    177. 

  177.         end
    178. 

  178. 

  179.         it 'is redirected back to the impersonated users page in the admin after stopping' do
    180. 

  180.           find(:css, 'li.impersonation a').click
    181. 

  181. 

  182.           expect(current_path).to eq("/admin/users/#{another_user.username}")
    183. 

  183.         end
    184. 

  184.       end
    185. 

  185. 

  186.       context 'when impersonating a user with an expired password' do
    187. 

  187.         before do
    188. 

  188.           another_user.update(password_expires_at: Time.now - 5.minutes)
    189. 

  189.           click_link 'Impersonate'
    190. 

  190.         end
    191. 

  191. 

  192.         it 'does not redirect to password change page' do
    193. 

  193.           expect(current_path).to eq('/')
    194. 

  194.         end
    195. 

  195. 

  196.         it 'is redirected back to the impersonated users page in the admin after stopping' do
    197. 

  197.           find(:css, 'li.impersonation a').click
    198. 

  198. 

  199.           expect(current_path).to eq("/admin/users/#{another_user.username}")
    200. 

  200.         end
    201. 

  201.       end
    202. 

  202.     end
    203. 

  203. 

  204.     describe 'Two-factor Authentication status' do
    205. 

  205.       it 'shows when enabled' do
    206. 

  206.         user.update_attribute(:otp_required_for_login, true)
    207. 

  207. 

  208.         visit admin_user_path(user)
    209. 

  209. 

  210.         expect_two_factor_status('Enabled')
    211. 

  211.       end
    212. 

  212. 

  213.       it 'shows when disabled' do
    214. 

  214.         visit admin_user_path(user)
    215. 

  215. 

  216.         expect_two_factor_status('Disabled')
    217. 

  217.       end
    218. 

  218. 

  219.       def expect_two_factor_status(status)
    220. 

  220.         page.within('.two-factor-status') do
    221. 

  221.           expect(page).to have_content(status)
    222. 

  222.         end
    223. 

  223.       end
    224. 

  224.     end
    225. 

  225.   end
    226. 

  226. 

  227.   describe "GET /admin/users/:id/edit" do
    228. 

  228.     before do
    229. 

  229.       visit admin_users_path
    230. 

  230.       click_link "edit_user_#{user.id}"
    231. 

  231.     end
    232. 

  232. 

  233.     it "has user edit page" do
    234. 

  234.       expect(page).to have_content('Name')
    235. 

  235.       expect(page).to have_content('Password')
    236. 

  236.     end
    237. 

  237. 

  238.     describe "Update user" do
    239. 

  239.       before do
    240. 

  240.         fill_in "user_name", with: "Big Bang"
    241. 

  241.         fill_in "user_email", with: "bigbang@mail.com"
    242. 

  242.         fill_in "user_password", with: "AValidPassword1"
    243. 

  243.         fill_in "user_password_confirmation", with: "AValidPassword1"
    244. 

  244.         choose "user_access_level_admin"
    245. 

  245.         click_button "Save changes"
    246. 

  246.       end
    247. 

  247. 

  248.       it "shows page with new data" do
    249. 

  249.         expect(page).to have_content('bigbang@mail.com')
    250. 

  250.         expect(page).to have_content('Big Bang')
    251. 

  251.       end
    252. 

  252. 

  253.       it "changes user entry" do
    254. 

  254.         user.reload
    255. 

  255.         expect(user.name).to eq('Big Bang')
    256. 

  256.         expect(user.admin?).to be_truthy
    257. 

  257.         expect(user.password_expires_at).to be <= Time.now
    258. 

  258.       end
    259. 

  259.     end
    260. 

  260. 

  261.     describe 'update username to non ascii char' do
    262. 

  262.       it do
    263. 

  263.         fill_in 'user_username', with: '\u3042\u3044'
    264. 

  264.         click_button('Save')
    265. 

  265. 

  266.         page.within '#error_explanation' do
    267. 

  267.           expect(page).to have_content('Username')
    268. 

  268.         end
    269. 

  269. 

  270.         expect(page).to have_selector(%(form[action="/admin/users/#{user.username}"]))
    271. 

  271.       end
    272. 

  272.     end
    273. 

  273.   end
    274. 

  274. 

  275.   describe "GET /admin/users/:id/projects" do
    276. 

  276.     let(:group) { create(:group) }
    277. 

  277.     let!(:project) { create(:project, group: group) }
    278. 

  278. 

  279.     before do
    280. 

  280.       group.add_developer(user)
    281. 

  281. 

  282.       visit projects_admin_user_path(user)
    283. 

  283.     end
    284. 

  284. 

  285.     it "lists group projects" do
    286. 

  286.       within(:css, '.append-bottom-default + .panel') do
    287. 

  287.         expect(page).to have_content 'Group projects'
    288. 

  288.         expect(page).to have_link group.name, admin_group_path(group)
    289. 

  289.       end
    290. 

  290.     end
    291. 

  291. 

  292.     it 'allows navigation to the group details' do
    293. 

  293.       within(:css, '.append-bottom-default + .panel') do
    294. 

  294.         click_link group.name
    295. 

  295.       end
    296. 

  296.       within(:css, 'h3.page-title') do
    297. 

  297.         expect(page).to have_content "Group: #{group.name}"
    298. 

  298.       end
    299. 

  299.       expect(page).to have_content project.name
    300. 

  300.     end
    301. 

  301. 

  302.     it 'shows the group access level' do
    303. 

  303.       within(:css, '.append-bottom-default + .panel') do
    304. 

  304.         expect(page).to have_content 'Developer'
    305. 

  305.       end
    306. 

  306.     end
    307. 

  307. 

  308.     it 'allows group membership to be revoked', :js do
    309. 

  309.       page.within(first('.group_member')) do
    310. 

  310.         accept_confirm { find('.btn-remove').click }
    311. 

  311.       end
    312. 

  312.       wait_for_requests
    313. 

  313. 

  314.       expect(page).not_to have_selector('.group_member')
    315. 

  315.     end
    316. 

  316.   end
    317. 

  317. 

  318.   describe 'show user attributes' do
    319. 

  319.     it do
    320. 

  320.       visit admin_users_path
    321. 

  321. 

  322.       click_link user.name
    323. 

  323. 

  324.       expect(page).to have_content 'Account'
    325. 

  325.       expect(page).to have_content 'Personal projects limit'
    326. 

  326.     end
    327. 

  327.   end
    328. 

  328. 

  329.   describe 'remove users secondary email', :js do
    330. 

  330.     let!(:secondary_email) do
    331. 

  331.       create :email, email: 'secondary@example.com', user: user
    332. 

  332.     end
    333. 

  333. 

  334.     it do
    335. 

  335.       visit admin_user_path(user.username)
    336. 

  336. 

  337.       expect(page).to have_content("Secondary email: #{secondary_email.email}")
    338. 

  338. 

  339.       accept_confirm { find("#remove_email_#{secondary_email.id}").click }
    340. 

  340. 

  341.       expect(page).not_to have_content(secondary_email.email)
    342. 

  342.     end
    343. 

  343.   end
    344. 

  344. 

  345.   describe 'show user keys' do
    346. 

  346.     let!(:key1) do
    347. 

  347.       create(:key, user: user, title: "ssh-rsa Key1", key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4FIEBXGi4bPU8kzxMefudPIJ08/gNprdNTaO9BR/ndy3+58s2HCTw2xCHcsuBmq+TsAqgEidVq4skpqoTMB+Uot5Uzp9z4764rc48dZiI661izoREoKnuRQSsRqUTHg5wrLzwxlQbl1MVfRWQpqiz/5KjBC7yLEb9AbusjnWBk8wvC1bQPQ1uLAauEA7d836tgaIsym9BrLsMVnR4P1boWD3Xp1B1T/ImJwAGHvRmP/ycIqmKdSpMdJXwxcb40efWVj0Ibbe7ii9eeoLdHACqevUZi6fwfbymdow+FeqlkPoHyGg3Cu4vD/D8+8cRc7mE/zGCWcQ15Var83Tczour Key1")
    348. 

  348.     end
    349. 

  349. 

  350.     let!(:key2) do
    351. 

  351.       create(:key, user: user, title: "ssh-rsa Key2", key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQSTWXhJAX/He+nG78MiRRRn7m0Pb0XbcgTxE0etArgoFoh9WtvDf36HG6tOSg/0UUNcp0dICsNAmhBKdncp6cIyPaXJTURPRAGvhI0/VDk4bi27bRnccGbJ/hDaUxZMLhhrzY0r22mjVf8PF6dvv5QUIQVm1/LeaWYsHHvLgiIjwrXirUZPnFrZw6VLREoBKG8uWvfSXw1L5eapmstqfsME8099oi+vWLR8MgEysZQmD28M73fgW4zek6LDQzKQyJx9nB+hJkKUDvcuziZjGmRFlNgSA2mguERwL1OXonD8WYUrBDGKroIvBT39zS5d9tQDnidEJZ9Y8gv5ViYP7x Key2")
    352. 

  352.     end
    353. 

  353. 

  354.     it do
    355. 

  355.       visit admin_users_path
    356. 

  356. 

  357.       click_link user.name
    358. 

  358.       click_link 'SSH keys'
    359. 

  359. 

  360.       expect(page).to have_content(key1.title)
    361. 

  361.       expect(page).to have_content(key2.title)
    362. 

  362. 

  363.       click_link key2.title
    364. 

  364. 

  365.       expect(page).to have_content(key2.title)
    366. 

  366.       expect(page).to have_content(key2.key)
    367. 

  367. 

  368.       click_link 'Remove'
    369. 

  369. 

  370.       expect(page).not_to have_content(key2.title)
    371. 

  371.     end
    372. 

  372.   end
    373. 

  373. 

  374.   describe 'show user identities' do
    375. 

  375.     it 'shows user identities' do
    376. 

  376.       visit admin_user_identities_path(user)
    377. 

  377. 

  378.       expect(page).to have_content(user.name)
    379. 

  379.       expect(page).to have_content('twitter')
    380. 

  380.     end
    381. 

  381.   end
    382. 

  382. 

  383.   describe 'update user identities' do
    384. 

  384.     before do
    385. 

  385.       allow(Gitlab::Auth::OAuth::Provider).to receive(:providers).and_return([:twitter, :twitter_updated])
    386. 

  386.     end
    387. 

  387. 

  388.     it 'modifies twitter identity' do
    389. 

  389.       visit admin_user_identities_path(user)
    390. 

  390. 

  391.       find('.table').find(:link, 'Edit').click
    392. 

  392.       fill_in 'identity_extern_uid', with: '654321'
    393. 

  393.       select 'twitter_updated', from: 'identity_provider'
    394. 

  394.       click_button 'Save changes'
    395. 

  395. 

  396.       expect(page).to have_content(user.name)
    397. 

  397.       expect(page).to have_content('twitter_updated')
    398. 

  398.       expect(page).to have_content('654321')
    399. 

  399.     end
    400. 

  400.   end
    401. 

  401. 

  402.   describe 'remove user with identities' do
    403. 

  403.     it 'removes user with twitter identity' do
    404. 

  404.       visit admin_user_identities_path(user)
    405. 

  405. 

  406.       click_link 'Delete'
    407. 

  407. 

  408.       expect(page).to have_content(user.name)
    409. 

  409.       expect(page).not_to have_content('twitter')
    410. 

  410.     end
    411. 

  411.   end
    412. 

  412. end
    413. 

  413.