diff --git a/spec/controllers/admin/impersonate_controller_spec.rb b/spec/controllers/admin/impersonate_controller_spec.rb deleted file mode 100644 index 2a43778f632..00000000000 --- a/spec/controllers/admin/impersonate_controller_spec.rb +++ /dev/null @@ -1,65 +0,0 @@ -require 'rails_helper' - -describe Admin::ImpersonateController do - - it "is a subclass of AdminController" do - expect(Admin::ImpersonateController < Admin::AdminController).to eq(true) - end - - context 'while logged in as an admin' do - let!(:admin) { log_in(:admin) } - let(:user) { Fabricate(:user) } - - context 'index' do - it 'returns success' do - get :index, format: :json - expect(response.status).to eq(200) - end - end - - context 'create' do - - it 'requires a username_or_email parameter' do - expect { put :create, format: :json }.to raise_error(ActionController::ParameterMissing) - end - - it 'returns 404 when that user does not exist' do - post :create, params: { username_or_email: 'hedonismbot' }, format: :json - expect(response.status).to eq(404) - end - - it "raises an invalid access error if the user can't be impersonated" do - Guardian.any_instance.expects(:can_impersonate?).with(user).returns(false) - post :create, params: { username_or_email: user.email }, format: :json - expect(response).to be_forbidden - end - - context 'success' do - - it "logs the impersonation" do - StaffActionLogger.any_instance.expects(:log_impersonate) - post :create, params: { username_or_email: user.username }, format: :json - end - - it "changes the current user session id" do - post :create, params: { username_or_email: user.username }, format: :json - expect(session[:current_user_id]).to eq(user.id) - end - - it "returns success" do - post :create, params: { username_or_email: user.email }, format: :json - expect(response.status).to eq(200) - end - - it "also works with an email address" do - post :create, params: { username_or_email: user.email }, format: :json - expect(session[:current_user_id]).to eq(user.id) - end - - end - - end - - end - -end diff --git a/spec/requests/admin/impersonate_controller_spec.rb b/spec/requests/admin/impersonate_controller_spec.rb new file mode 100644 index 00000000000..3cb2657330d --- /dev/null +++ b/spec/requests/admin/impersonate_controller_spec.rb @@ -0,0 +1,62 @@ +require 'rails_helper' + +describe Admin::ImpersonateController do + + it "is a subclass of AdminController" do + expect(Admin::ImpersonateController < Admin::AdminController).to eq(true) + end + + context 'while logged in as an admin' do + let(:admin) { Fabricate(:admin) } + let(:user) { Fabricate(:user) } + let(:another_admin) { Fabricate(:admin) } + + before do + sign_in(admin) + end + + describe '#index' do + it 'returns success' do + get "/admin/impersonate.json" + expect(response.status).to eq(200) + end + end + + describe '#create' do + it 'requires a username_or_email parameter' do + post "/admin/impersonate.json" + expect(response.status).to eq(400) + expect(session[:current_user_id]).to eq(admin.id) + end + + it 'returns 404 when that user does not exist' do + post "/admin/impersonate.json", params: { username_or_email: 'hedonismbot' } + expect(response.status).to eq(404) + expect(session[:current_user_id]).to eq(admin.id) + end + + it "raises an invalid access error if the user can't be impersonated" do + post "/admin/impersonate.json", params: { username_or_email: another_admin.email } + expect(response.status).to eq(403) + expect(session[:current_user_id]).to eq(admin.id) + end + + context 'success' do + it "succeeds and logs the impersonation" do + expect do + post "/admin/impersonate.json", params: { username_or_email: user.username } + end.to change { UserHistory.where(action: UserHistory.actions[:impersonate]).count }.by(1) + + expect(response.status).to eq(200) + expect(session[:current_user_id]).to eq(user.id) + end + + it "also works with an email address" do + post "/admin/impersonate.json", params: { username_or_email: user.email } + expect(response.status).to eq(200) + expect(session[:current_user_id]).to eq(user.id) + end + end + end + end +end