discourse/spec/lib/admin_confirmation_spec.rb

# frozen_string_literal: true

require "admin_confirmation"
RSpec.describe AdminConfirmation do
  fab!(:admin)
  fab!(:user)

  describe "create_confirmation" do
    it "raises an error for non-admins" do
      ac = AdminConfirmation.new(user, Fabricate(:moderator))
      expect { ac.create_confirmation }.to raise_error(Discourse::InvalidAccess)
    end
  end

  describe "email_confirmed!" do
    before do
      ac = AdminConfirmation.new(user, admin)
      ac.create_confirmation
      @token = ac.token
    end

    it "cannot confirm if the user loses admin access" do
      ac = AdminConfirmation.find_by_code(@token)
      ac.performed_by.update_column(:admin, false)
      expect { ac.email_confirmed! }.to raise_error(Discourse::InvalidAccess)
    end

    it "can confirm admin accounts" do
      ac = AdminConfirmation.find_by_code(@token)
      expect(ac.performed_by).to eq(admin)
      expect(ac.target_user).to eq(user)
      expect(ac.token).to eq(@token)

      expect_enqueued_with(
        job: :send_system_message,
        args: {
          user_id: user.id,
          message_type: "welcome_staff",
          message_options: {
            role: :admin,
          },
        },
      ) { ac.email_confirmed! }

      user.reload
      expect(user.admin?).to eq(true)

      # It creates a staff log
      logs = UserHistory.where(action: UserHistory.actions[:grant_admin], target_user_id: user.id)
      expect(logs).to be_present

      # It removes the redis keys for another user
      expect(AdminConfirmation.find_by_code(ac.token)).to eq(nil)
      expect(AdminConfirmation.exists_for?(user.id)).to eq(false)
    end
  end
end
DEV: use #frozen_string_literal: true on all spec This change both speeds up specs (less strings to allocate) and helps catch cases where methods in Discourse are mutating inputs. Overall we will be migrating everything to use #frozen_string_literal: true it will take a while, but this is the first and safest move in this direction 2019-04-29 20:27:42 -04:00			`# frozen_string_literal: true`

SECURITY: Confirm new administrator accounts via email 2017-04-04 13:59:22 -04:00			`require "admin_confirmation"`
Add RSpec 4 compatibility (#17652) * Remove outdated option https://github.com/rspec/rspec-core/commit/04078317ba6577699d06cf4dccf014254dcde7a6 * Use the non-globally exposed RSpec syntax https://github.com/rspec/rspec-core/pull/2803 * Use the non-globally exposed RSpec syntax, cont https://github.com/rspec/rspec-core/pull/2803 * Comply to strict predicate matchers See: - https://github.com/rspec/rspec-expectations/pull/1195 - https://github.com/rspec/rspec-expectations/pull/1196 - https://github.com/rspec/rspec-expectations/pull/1277 2022-07-27 22:27:38 -04:00			`RSpec.describe AdminConfirmation do`
DEV: Allow fab! without block (#24314) The most common thing that we do with fab! is: fab!(:thing) { Fabricate(:thing) } This commit adds a shorthand for this which is just simply: fab!(:thing) i.e. If you omit the block, then, by default, you'll get a `Fabricate`d object using the fabricator of the same name. 2023-11-09 17:47:59 -05:00			`fab!(:admin)`
			`fab!(:user)`
SECURITY: Confirm new administrator accounts via email 2017-04-04 13:59:22 -04:00
			`describe "create_confirmation" do`
			`it "raises an error for non-admins" do`
			`ac = AdminConfirmation.new(user, Fabricate(:moderator))`
			`expect { ac.create_confirmation }.to raise_error(Discourse::InvalidAccess)`
			`end`
			`end`

			`describe "email_confirmed!" do`
			`before do`
			`ac = AdminConfirmation.new(user, admin)`
			`ac.create_confirmation`
			`@token = ac.token`
			`end`

			`it "cannot confirm if the user loses admin access" do`
			`ac = AdminConfirmation.find_by_code(@token)`
			`ac.performed_by.update_column(:admin, false)`
			`expect { ac.email_confirmed! }.to raise_error(Discourse::InvalidAccess)`
			`end`

			`it "can confirm admin accounts" do`
			`ac = AdminConfirmation.find_by_code(@token)`
			`expect(ac.performed_by).to eq(admin)`
			`expect(ac.target_user).to eq(user)`
			`expect(ac.token).to eq(@token)`
Update rubocop to 2.3.1. 2020-07-24 05:16:52 -04:00
			`expect_enqueued_with(`
			`job: :send_system_message,`
			`args: {`
			`user_id: user.id,`
			`message_type: "welcome_staff",`
			`message_options: {`
			`role: :admin,`
			`},`
			`},`
			`) { ac.email_confirmed! }`
SECURITY: Confirm new administrator accounts via email 2017-04-04 13:59:22 -04:00
			`user.reload`
			`expect(user.admin?).to eq(true)`

			`# It creates a staff log`
			`logs = UserHistory.where(action: UserHistory.actions[:grant_admin], target_user_id: user.id)`
			`expect(logs).to be_present`

			`# It removes the redis keys for another user`
			`expect(AdminConfirmation.find_by_code(ac.token)).to eq(nil)`
			`expect(AdminConfirmation.exists_for?(user.id)).to eq(false)`
			`end`
			`end`
			`end`