2016-03-07 13:45:33 -05:00
|
|
|
require 'rails_helper'
|
|
|
|
|
|
|
|
describe UsersEmailController do
|
|
|
|
|
2018-02-20 01:44:51 -05:00
|
|
|
describe '#confirm' do
|
2016-03-07 14:40:11 -05:00
|
|
|
it 'errors out for invalid tokens' do
|
2017-08-31 00:06:56 -04:00
|
|
|
get "/u/authorize-email/asdfasdf"
|
|
|
|
|
2018-06-07 04:11:09 -04:00
|
|
|
expect(response.status).to eq(200)
|
2017-10-20 12:04:56 -04:00
|
|
|
expect(response.body).to include(I18n.t('change_email.already_done'))
|
2016-03-07 14:40:11 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
context 'valid old address token' do
|
|
|
|
let(:user) { Fabricate(:moderator) }
|
|
|
|
let(:updater) { EmailUpdater.new(user.guardian, user) }
|
|
|
|
|
|
|
|
before do
|
|
|
|
updater.change_to('new.n.cool@example.com')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'confirms with a correct token' do
|
2017-08-31 00:06:56 -04:00
|
|
|
get "/u/authorize-email/#{user.email_tokens.last.token}"
|
|
|
|
|
2018-06-07 04:11:09 -04:00
|
|
|
expect(response.status).to eq(200)
|
2017-08-31 00:06:56 -04:00
|
|
|
|
|
|
|
body = CGI.unescapeHTML(response.body)
|
|
|
|
|
|
|
|
expect(body)
|
|
|
|
.to include(I18n.t('change_email.authorizing_old.title'))
|
|
|
|
|
|
|
|
expect(body)
|
|
|
|
.to include(I18n.t('change_email.authorizing_old.description'))
|
2016-03-07 14:40:11 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'valid new address token' do
|
|
|
|
let(:user) { Fabricate(:user) }
|
|
|
|
let(:updater) { EmailUpdater.new(user.guardian, user) }
|
|
|
|
|
|
|
|
before do
|
|
|
|
updater.change_to('new.n.cool@example.com')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'confirms with a correct token' do
|
2017-02-20 04:37:01 -05:00
|
|
|
user.user_stat.update_columns(bounce_score: 42, reset_bounce_score_after: 1.week.from_now)
|
|
|
|
|
2017-06-01 04:19:42 -04:00
|
|
|
events = DiscourseEvent.track_events do
|
2017-08-31 00:06:56 -04:00
|
|
|
get "/u/authorize-email/#{user.email_tokens.last.token}"
|
2017-06-01 04:19:42 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
expect(events.map { |event| event[:event_name] }).to include(
|
|
|
|
:user_logged_in, :user_first_logged_in
|
|
|
|
)
|
2017-02-20 04:37:01 -05:00
|
|
|
|
2018-06-07 04:11:09 -04:00
|
|
|
expect(response.status).to eq(200)
|
2017-08-31 00:06:56 -04:00
|
|
|
expect(response.body).to include(I18n.t('change_email.confirmed'))
|
2017-02-20 04:37:01 -05:00
|
|
|
|
|
|
|
user.reload
|
|
|
|
|
|
|
|
expect(user.user_stat.bounce_score).to eq(0)
|
|
|
|
expect(user.user_stat.reset_bounce_score_after).to eq(nil)
|
2016-03-07 14:40:11 -05:00
|
|
|
end
|
2017-12-21 20:18:12 -05:00
|
|
|
|
2018-05-08 15:23:45 -04:00
|
|
|
it 'automatically adds the user to a group when the email matches' do
|
|
|
|
group = Fabricate(:group, automatic_membership_email_domains: "example.com")
|
|
|
|
|
|
|
|
get "/u/authorize-email/#{user.email_tokens.last.token}"
|
|
|
|
|
2018-06-07 04:11:09 -04:00
|
|
|
expect(response.status).to eq(200)
|
2018-05-08 15:23:45 -04:00
|
|
|
expect(group.reload.users.include?(user)).to eq(true)
|
|
|
|
end
|
|
|
|
|
2017-12-21 20:18:12 -05:00
|
|
|
context 'second factor required' do
|
2018-02-20 01:44:51 -05:00
|
|
|
let!(:second_factor) { Fabricate(:user_second_factor, user: user) }
|
2017-12-21 20:18:12 -05:00
|
|
|
|
|
|
|
it 'requires a second factor token' do
|
|
|
|
get "/u/authorize-email/#{user.email_tokens.last.token}"
|
2018-02-20 01:44:51 -05:00
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
|
|
|
|
response_body = response.body
|
|
|
|
|
|
|
|
expect(response_body).to include(I18n.t("login.second_factor_title"))
|
|
|
|
expect(response_body).not_to include(I18n.t("login.invalid_second_factor_code"))
|
2017-12-21 20:18:12 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'adds an error on a second factor attempt' do
|
|
|
|
get "/u/authorize-email/#{user.email_tokens.last.token}", params: {
|
2018-02-20 01:44:51 -05:00
|
|
|
second_factor_token: "000000"
|
|
|
|
}
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
2017-12-21 20:18:12 -05:00
|
|
|
expect(response.body).to include(I18n.t("login.invalid_second_factor_code"))
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'confirms with a correct second token' do
|
|
|
|
get "/u/authorize-email/#{user.email_tokens.last.token}", params: {
|
2018-02-20 01:44:51 -05:00
|
|
|
second_factor_token: ROTP::TOTP.new(second_factor.data).now
|
|
|
|
}
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
|
|
|
|
response_body = response.body
|
|
|
|
|
2018-05-08 15:23:45 -04:00
|
|
|
expect(response_body).not_to include(I18n.t("login.second_factor_title"))
|
|
|
|
expect(response_body).not_to include(I18n.t("login.invalid_second_factor_code"))
|
2017-12-21 20:18:12 -05:00
|
|
|
end
|
|
|
|
end
|
2016-03-07 14:40:11 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2018-02-20 01:44:51 -05:00
|
|
|
describe '#update' do
|
|
|
|
let(:user) { Fabricate(:user) }
|
2016-03-07 13:45:33 -05:00
|
|
|
let(:new_email) { 'bubblegum@adventuretime.ooo' }
|
|
|
|
|
|
|
|
it "requires you to be logged in" do
|
2018-02-20 01:44:51 -05:00
|
|
|
put "/u/#{user.username}/preferences/email.json", params: { email: new_email }
|
2018-01-11 22:15:10 -05:00
|
|
|
expect(response.status).to eq(403)
|
2016-03-07 13:45:33 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
context 'when logged in' do
|
2017-08-31 00:06:56 -04:00
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
2016-03-07 13:45:33 -05:00
|
|
|
|
|
|
|
it 'raises an error without an email parameter' do
|
2018-01-11 22:15:10 -05:00
|
|
|
put "/u/#{user.username}/preferences/email.json"
|
|
|
|
expect(response.status).to eq(400)
|
2016-03-07 13:45:33 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it "raises an error if you can't edit the user's email" do
|
|
|
|
Guardian.any_instance.expects(:can_edit_email?).with(user).returns(false)
|
2017-08-31 00:06:56 -04:00
|
|
|
|
|
|
|
put "/u/#{user.username}/preferences/email.json", params: { email: new_email }
|
|
|
|
|
2016-03-07 13:45:33 -05:00
|
|
|
expect(response).to be_forbidden
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when the new email address is taken' do
|
|
|
|
let!(:other_user) { Fabricate(:coding_horror) }
|
2017-08-31 00:06:56 -04:00
|
|
|
|
2017-10-04 11:41:08 -04:00
|
|
|
context 'hide_email_address_taken is disabled' do
|
|
|
|
before do
|
|
|
|
SiteSetting.hide_email_address_taken = false
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'raises an error' do
|
|
|
|
put "/u/#{user.username}/preferences/email.json", params: {
|
|
|
|
email: other_user.email
|
|
|
|
}
|
|
|
|
|
2018-06-05 03:29:17 -04:00
|
|
|
expect(response).to_not be_successful
|
2017-10-04 11:41:08 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'raises an error if there is whitespace too' do
|
|
|
|
put "/u/#{user.username}/preferences/email.json", params: {
|
|
|
|
email: "#{other_user.email} "
|
|
|
|
}
|
|
|
|
|
2018-06-05 03:29:17 -04:00
|
|
|
expect(response).to_not be_successful
|
2017-10-04 11:41:08 -04:00
|
|
|
end
|
2016-03-07 13:45:33 -05:00
|
|
|
end
|
|
|
|
|
2017-10-04 11:41:08 -04:00
|
|
|
context 'hide_email_address_taken is enabled' do
|
|
|
|
before do
|
|
|
|
SiteSetting.hide_email_address_taken = true
|
|
|
|
end
|
2017-08-31 00:06:56 -04:00
|
|
|
|
2017-10-04 11:41:08 -04:00
|
|
|
it 'responds with success' do
|
|
|
|
put "/u/#{user.username}/preferences/email.json", params: {
|
|
|
|
email: other_user.email
|
|
|
|
}
|
|
|
|
|
2018-06-07 04:11:09 -04:00
|
|
|
expect(response.status).to eq(200)
|
2017-10-04 11:41:08 -04:00
|
|
|
end
|
2016-03-07 13:45:33 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when new email is different case of existing email' do
|
2017-07-27 21:20:09 -04:00
|
|
|
let!(:other_user) { Fabricate(:user, email: 'case.insensitive@gmail.com') }
|
2016-03-07 13:45:33 -05:00
|
|
|
|
|
|
|
it 'raises an error' do
|
2017-08-31 00:06:56 -04:00
|
|
|
put "/u/#{user.username}/preferences/email.json", params: {
|
|
|
|
email: other_user.email.upcase
|
|
|
|
}
|
|
|
|
|
2018-06-05 03:29:17 -04:00
|
|
|
expect(response).to_not be_successful
|
2016-03-07 13:45:33 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'raises an error when new email domain is present in email_domains_blacklist site setting' do
|
|
|
|
SiteSetting.email_domains_blacklist = "mailinator.com"
|
2017-08-31 00:06:56 -04:00
|
|
|
|
|
|
|
put "/u/#{user.username}/preferences/email.json", params: {
|
|
|
|
email: "not_good@mailinator.com"
|
|
|
|
}
|
|
|
|
|
2018-06-05 03:29:17 -04:00
|
|
|
expect(response).to_not be_successful
|
2016-03-07 13:45:33 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'raises an error when new email domain is not present in email_domains_whitelist site setting' do
|
|
|
|
SiteSetting.email_domains_whitelist = "discourse.org"
|
2017-08-31 00:06:56 -04:00
|
|
|
|
|
|
|
put "/u/#{user.username}/preferences/email.json", params: {
|
|
|
|
email: new_email
|
|
|
|
}
|
|
|
|
|
2018-06-05 03:29:17 -04:00
|
|
|
expect(response).to_not be_successful
|
2016-03-07 13:45:33 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
context 'success' do
|
|
|
|
it 'has an email token' do
|
2017-08-31 00:06:56 -04:00
|
|
|
expect do
|
|
|
|
put "/u/#{user.username}/preferences/email.json", params: {
|
|
|
|
email: new_email
|
|
|
|
}
|
|
|
|
end.to change(EmailChangeRequest, :count)
|
2016-03-07 13:45:33 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|