480 lines
16 KiB
Ruby
480 lines
16 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
RSpec.describe UserDestroyer do
|
|
fab!(:user) { Fabricate(:user_with_secondary_email) }
|
|
fab!(:admin) { Fabricate(:admin) }
|
|
|
|
describe '.new' do
|
|
it 'raises an error when user is nil' do
|
|
expect { UserDestroyer.new(nil) }.to raise_error(Discourse::InvalidParameters)
|
|
end
|
|
|
|
it 'raises an error when user is not a User' do
|
|
expect { UserDestroyer.new(5) }.to raise_error(Discourse::InvalidParameters)
|
|
end
|
|
end
|
|
|
|
describe '#destroy' do
|
|
it 'raises an error when user is nil' do
|
|
expect { UserDestroyer.new(admin).destroy(nil) }.to raise_error(Discourse::InvalidParameters)
|
|
end
|
|
|
|
it 'raises an error when user is not a User' do
|
|
expect { UserDestroyer.new(admin).destroy('nothing') }.to raise_error(Discourse::InvalidParameters)
|
|
end
|
|
|
|
it 'raises an error when regular user tries to delete another user' do
|
|
expect { UserDestroyer.new(user).destroy(Fabricate(:user)) }.to raise_error(Discourse::InvalidAccess)
|
|
end
|
|
|
|
shared_examples "successfully destroy a user" do
|
|
it 'should delete the user' do
|
|
expect { destroy }.to change { User.count }.by(-1)
|
|
end
|
|
|
|
it 'should return the deleted user record' do
|
|
return_value = destroy
|
|
expect(return_value).to eq(user)
|
|
expect(return_value).to be_destroyed
|
|
end
|
|
|
|
it 'should log the action' do
|
|
StaffActionLogger.any_instance.expects(:log_user_deletion).with(user, anything).once
|
|
destroy
|
|
end
|
|
|
|
it "should not log the action if quiet is true" do
|
|
expect {
|
|
UserDestroyer.new(admin).destroy(user, destroy_opts.merge(quiet: true))
|
|
}.to_not change { UserHistory.where(action: UserHistory.actions[:delete_user]).count }
|
|
end
|
|
|
|
it 'triggers a extensibility event' do
|
|
event = DiscourseEvent.track_events { destroy }.last
|
|
|
|
expect(event[:event_name]).to eq(:user_destroyed)
|
|
expect(event[:params].first).to eq(user)
|
|
end
|
|
end
|
|
|
|
shared_examples "email block list" do
|
|
it "doesn't add email to block list by default" do
|
|
ScreenedEmail.expects(:block).never
|
|
destroy
|
|
end
|
|
|
|
it "adds emails to block list if block_email is true" do
|
|
expect {
|
|
UserDestroyer.new(admin).destroy(user, destroy_opts.merge(block_email: true))
|
|
}.to change { ScreenedEmail.count }.by(2)
|
|
end
|
|
end
|
|
|
|
context 'when user deletes self' do
|
|
let(:destroy_opts) { { delete_posts: true, context: "/u/username/preferences/account" } }
|
|
subject(:destroy) { UserDestroyer.new(user).destroy(user, destroy_opts) }
|
|
|
|
include_examples "successfully destroy a user"
|
|
|
|
it 'should log proper context' do
|
|
destroy
|
|
expect(UserHistory.where(action: UserHistory.actions[:delete_user]).last.context).to eq(I18n.t("staff_action_logs.user_delete_self", url: "/u/username/preferences/account"))
|
|
end
|
|
end
|
|
|
|
context 'when context is missing' do
|
|
it "logs warning message if context is missing" do
|
|
logger = track_log_messages do
|
|
UserDestroyer.new(admin).destroy(user)
|
|
end
|
|
expect(logger.warnings).to include(/User destroyed without context from:/)
|
|
end
|
|
end
|
|
|
|
context "with a reviewable post" do
|
|
let!(:reviewable) { Fabricate(:reviewable, created_by: user) }
|
|
|
|
it "removes the queued post" do
|
|
UserDestroyer.new(admin).destroy(user)
|
|
expect(Reviewable.where(created_by_id: user.id).count).to eq(0)
|
|
end
|
|
end
|
|
|
|
context "with a reviewable user" do
|
|
let(:reviewable) { Fabricate(:reviewable, created_by: admin) }
|
|
|
|
it 'sets the reviewable user as rejected' do
|
|
UserDestroyer.new(admin).destroy(reviewable.target)
|
|
|
|
expect(reviewable.reload).to be_rejected
|
|
end
|
|
end
|
|
|
|
context "with a directory item record" do
|
|
|
|
it "removes the directory item" do
|
|
DirectoryItem.create!(
|
|
user: user,
|
|
period_type: 1,
|
|
likes_received: 0,
|
|
likes_given: 0,
|
|
topics_entered: 0,
|
|
topic_count: 0,
|
|
post_count: 0
|
|
)
|
|
UserDestroyer.new(admin).destroy(user)
|
|
expect(DirectoryItem.where(user_id: user.id).count).to eq(0)
|
|
end
|
|
end
|
|
|
|
context "with a draft" do
|
|
let!(:draft) { Draft.set(user, 'test', 0, 'test') }
|
|
|
|
it "removed the draft" do
|
|
UserDestroyer.new(admin).destroy(user)
|
|
expect(Draft.where(user_id: user.id).count).to eq(0)
|
|
end
|
|
end
|
|
|
|
context 'when user has posts' do
|
|
let!(:topic_starter) { Fabricate(:user) }
|
|
let!(:topic) { Fabricate(:topic, user: topic_starter) }
|
|
let!(:first_post) { Fabricate(:post, user: topic_starter, topic: topic) }
|
|
let!(:post) { Fabricate(:post, user: user, topic: topic) }
|
|
|
|
context "when delete_posts is false" do
|
|
subject(:destroy) { UserDestroyer.new(admin).destroy(user) }
|
|
before do
|
|
user.stubs(:post_count).returns(1)
|
|
user.stubs(:first_post_created_at).returns(Time.zone.now)
|
|
end
|
|
|
|
it 'should raise the right error' do
|
|
StaffActionLogger.any_instance.expects(:log_user_deletion).never
|
|
expect { destroy }.to raise_error(UserDestroyer::PostsExistError)
|
|
expect(user.reload.id).to be_present
|
|
end
|
|
end
|
|
|
|
context "when delete_posts is true" do
|
|
let(:destroy_opts) { { delete_posts: true } }
|
|
|
|
context "when staff deletes user" do
|
|
subject(:destroy) { UserDestroyer.new(admin).destroy(user, destroy_opts) }
|
|
|
|
include_examples "successfully destroy a user"
|
|
include_examples "email block list"
|
|
|
|
it "deletes the posts" do
|
|
destroy
|
|
expect(post.reload.deleted_at).not_to eq(nil)
|
|
expect(post.user_id).to eq(nil)
|
|
end
|
|
|
|
it "does not delete topics started by others in which the user has replies" do
|
|
destroy
|
|
expect(topic.reload.deleted_at).to eq(nil)
|
|
expect(topic.user_id).not_to eq(nil)
|
|
end
|
|
|
|
it "deletes topics started by the deleted user" do
|
|
spammer_topic = Fabricate(:topic, user: user)
|
|
Fabricate(:post, user: user, topic: spammer_topic)
|
|
destroy
|
|
expect(spammer_topic.reload.deleted_at).not_to eq(nil)
|
|
expect(spammer_topic.user_id).to eq(nil)
|
|
end
|
|
|
|
context "when delete_as_spammer is true" do
|
|
|
|
before { destroy_opts[:delete_as_spammer] = true }
|
|
|
|
it "approves reviewable flags" do
|
|
spammer_post = Fabricate(:post, user: user)
|
|
reviewable = PostActionCreator.inappropriate(admin, spammer_post).reviewable
|
|
expect(reviewable).to be_pending
|
|
|
|
destroy
|
|
|
|
reviewable.reload
|
|
expect(reviewable).to be_approved
|
|
end
|
|
|
|
end
|
|
end
|
|
|
|
context "when users deletes self" do
|
|
subject(:destroy) { UserDestroyer.new(user).destroy(user, destroy_opts) }
|
|
|
|
include_examples "successfully destroy a user"
|
|
include_examples "email block list"
|
|
|
|
it "deletes the posts" do
|
|
destroy
|
|
expect(post.reload.deleted_at).not_to eq(nil)
|
|
expect(post.user_id).to eq(nil)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'when user was invited' do
|
|
it "should delete the invite of user" do
|
|
invite = Fabricate(:invite)
|
|
topic_invite = invite.topic_invites.create!(topic: Fabricate(:topic))
|
|
invited_group = invite.invited_groups.create!(group: Fabricate(:group))
|
|
user = Fabricate(:user)
|
|
user.user_emails.create!(email: invite.email)
|
|
|
|
UserDestroyer.new(admin).destroy(user)
|
|
|
|
expect(Invite.exists?(invite.id)).to eq(false)
|
|
expect(InvitedGroup.exists?(invited_group.id)).to eq(false)
|
|
expect(TopicInvite.exists?(topic_invite.id)).to eq(false)
|
|
end
|
|
end
|
|
|
|
context 'when user created category' do
|
|
let!(:topic) { Fabricate(:topic, user: user) }
|
|
let!(:first_post) { Fabricate(:post, user: user, topic: topic) }
|
|
let!(:second_post) { Fabricate(:post, user: user, topic: topic) }
|
|
let!(:category) { Fabricate(:category, user: user, topic_id: topic.id) }
|
|
|
|
it 'changes author of first category post to system user and still deletes second post' do
|
|
UserDestroyer.new(admin).destroy(user, delete_posts: true)
|
|
|
|
expect(first_post.reload.deleted_at).to eq(nil)
|
|
expect(first_post.user_id).to eq(Discourse.system_user.id)
|
|
|
|
expect(second_post.reload.deleted_at).not_to eq(nil)
|
|
expect(second_post.user_id).to eq(nil)
|
|
end
|
|
end
|
|
|
|
context 'when user has no posts, but user_stats table has post_count > 0' do
|
|
before do
|
|
# out of sync user_stat data shouldn't break UserDestroyer
|
|
user.user_stat.update_attribute(:post_count, 1)
|
|
end
|
|
let(:destroy_opts) { {} }
|
|
subject(:destroy) { UserDestroyer.new(user).destroy(user, delete_posts: false) }
|
|
|
|
include_examples "successfully destroy a user"
|
|
end
|
|
|
|
context 'when user has deleted posts' do
|
|
let!(:deleted_post) { Fabricate(:post, user: user, deleted_at: 1.hour.ago) }
|
|
it "should mark the user's deleted posts as belonging to a nuked user" do
|
|
expect { UserDestroyer.new(admin).destroy(user) }.to change { User.count }.by(-1)
|
|
expect(deleted_post.reload.user_id).to eq(nil)
|
|
end
|
|
end
|
|
|
|
context 'when user has no posts' do
|
|
context 'when destroy succeeds' do
|
|
let(:destroy_opts) { {} }
|
|
subject(:destroy) { UserDestroyer.new(admin).destroy(user) }
|
|
|
|
include_examples "successfully destroy a user"
|
|
include_examples "email block list"
|
|
end
|
|
|
|
context 'when destroy fails' do
|
|
subject(:destroy) { UserDestroyer.new(admin).destroy(user) }
|
|
|
|
it 'should not log the action' do
|
|
user.stubs(:destroy).returns(false)
|
|
StaffActionLogger.any_instance.expects(:log_user_deletion).never
|
|
destroy
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'when user has posts with links' do
|
|
context 'with external links' do
|
|
before do
|
|
@post = Fabricate(:post_with_external_links, user: user)
|
|
TopicLink.extract_from(@post)
|
|
end
|
|
|
|
it "doesn't add ScreenedUrl records by default" do
|
|
ScreenedUrl.expects(:watch).never
|
|
UserDestroyer.new(admin).destroy(user, delete_posts: true)
|
|
end
|
|
|
|
it "adds ScreenedUrl records when :block_urls is true" do
|
|
ScreenedUrl.expects(:watch).with(anything, anything, has_key(:ip_address)).at_least_once
|
|
UserDestroyer.new(admin).destroy(user, delete_posts: true, block_urls: true)
|
|
end
|
|
end
|
|
|
|
context 'with internal links' do
|
|
before do
|
|
@post = Fabricate(:post_with_external_links, user: user)
|
|
TopicLink.extract_from(@post)
|
|
TopicLink.where(user: user).update_all(internal: true)
|
|
end
|
|
|
|
it "doesn't add ScreenedUrl records" do
|
|
ScreenedUrl.expects(:watch).never
|
|
UserDestroyer.new(admin).destroy(user, delete_posts: true, block_urls: true)
|
|
end
|
|
end
|
|
|
|
context 'with oneboxed links' do
|
|
before do
|
|
@post = Fabricate(:post_with_youtube, user: user)
|
|
TopicLink.extract_from(@post)
|
|
end
|
|
|
|
it "doesn't add ScreenedUrl records" do
|
|
ScreenedUrl.expects(:watch).never
|
|
UserDestroyer.new(admin).destroy(user, delete_posts: true, block_urls: true)
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'with ip address screening' do
|
|
it "doesn't create screened_ip_address records by default" do
|
|
ScreenedIpAddress.expects(:watch).never
|
|
UserDestroyer.new(admin).destroy(user)
|
|
end
|
|
|
|
context "when block_ip is true" do
|
|
it "creates a new screened_ip_address record" do
|
|
ScreenedIpAddress.expects(:watch).with(user.ip_address).returns(stub_everything)
|
|
UserDestroyer.new(admin).destroy(user, block_ip: true)
|
|
end
|
|
|
|
it "creates two new screened_ip_address records when registration_ip_address is different than last ip_address" do
|
|
user.registration_ip_address = '12.12.12.12'
|
|
ScreenedIpAddress.expects(:watch).with(user.ip_address).returns(stub_everything)
|
|
ScreenedIpAddress.expects(:watch).with(user.registration_ip_address).returns(stub_everything)
|
|
UserDestroyer.new(admin).destroy(user, block_ip: true)
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'when user created a category' do
|
|
let!(:category) { Fabricate(:category_with_definition, user: user) }
|
|
|
|
it "assigns the system user to the categories" do
|
|
UserDestroyer.new(admin).destroy(user, delete_posts: true)
|
|
expect(category.reload.user_id).to eq(Discourse.system_user.id)
|
|
expect(category.topic).to be_present
|
|
expect(category.topic.user_id).to eq(Discourse.system_user.id)
|
|
end
|
|
end
|
|
|
|
describe "Destroying a user with security key" do
|
|
let!(:security_key) { Fabricate(:user_security_key_with_random_credential, user: user) }
|
|
|
|
it "removes the security key" do
|
|
UserDestroyer.new(admin).destroy(user)
|
|
expect(UserSecurityKey.where(user_id: user.id).count).to eq(0)
|
|
end
|
|
end
|
|
|
|
describe "Destroying a user with a bookmark" do
|
|
let!(:bookmark) { Fabricate(:bookmark, user: user) }
|
|
|
|
it "removes the bookmark" do
|
|
UserDestroyer.new(admin).destroy(user)
|
|
expect(Bookmark.where(user_id: user.id).count).to eq(0)
|
|
end
|
|
end
|
|
|
|
context 'when user liked things' do
|
|
before do
|
|
@topic = Fabricate(:topic, user: Fabricate(:user))
|
|
@post = Fabricate(:post, user: @topic.user, topic: @topic)
|
|
PostActionCreator.like(user, @post)
|
|
end
|
|
|
|
it 'should destroy the like' do
|
|
expect {
|
|
UserDestroyer.new(admin).destroy(user, delete_posts: true)
|
|
}.to change { PostAction.count }.by(-1)
|
|
expect(@post.reload.like_count).to eq(0)
|
|
end
|
|
end
|
|
|
|
context 'when user belongs to groups that grant trust level' do
|
|
let(:group) { Fabricate(:group, grant_trust_level: 4) }
|
|
|
|
before do
|
|
group.add(user)
|
|
end
|
|
|
|
it 'can delete the user' do
|
|
d = UserDestroyer.new(admin)
|
|
expect {
|
|
d.destroy(user)
|
|
}.to change { User.count }.by(-1)
|
|
end
|
|
|
|
it 'can delete the user if they have a manual locked trust level and have no email' do
|
|
user.update(manual_locked_trust_level: 3)
|
|
|
|
UserEmail.where(user: user).delete_all
|
|
user.reload
|
|
expect {
|
|
UserDestroyer.new(admin).destroy(user)
|
|
}.to change { User.count }.by(-1)
|
|
end
|
|
|
|
it 'can delete the user if they were to fall into another trust level and have no email' do
|
|
g2 = Fabricate(:group, grant_trust_level: 1)
|
|
g2.add(user)
|
|
|
|
UserEmail.where(user: user).delete_all
|
|
user.reload
|
|
expect {
|
|
UserDestroyer.new(admin).destroy(user)
|
|
}.to change { User.count }.by(-1)
|
|
end
|
|
end
|
|
|
|
context 'when user has staff action logs' do
|
|
before do
|
|
logger = StaffActionLogger.new(user)
|
|
logger.log_site_setting_change(
|
|
'site_description',
|
|
'Our friendly community',
|
|
'My favourite community',
|
|
)
|
|
logger.log_site_setting_change(
|
|
'site_description',
|
|
'Our friendly community',
|
|
'My favourite community',
|
|
details: "existing details"
|
|
)
|
|
end
|
|
|
|
it "should keep the staff action log and add the username" do
|
|
username = user.username
|
|
ids = UserHistory.staff_action_records(
|
|
Discourse.system_user,
|
|
acting_user: username
|
|
).map(&:id)
|
|
UserDestroyer.new(admin).destroy(user, delete_posts: true)
|
|
details = UserHistory.where(id: ids).map(&:details)
|
|
expect(details).to contain_exactly(
|
|
"\nuser_id: #{user.id}\nusername: #{username}",
|
|
"existing details\nuser_id: #{user.id}\nusername: #{username}"
|
|
)
|
|
end
|
|
end
|
|
|
|
context 'when user got an email' do
|
|
let!(:email_log) { Fabricate(:email_log, user: user) }
|
|
|
|
it "does not delete the email log" do
|
|
expect {
|
|
UserDestroyer.new(admin).destroy(user, delete_posts: true)
|
|
}.to_not change { EmailLog.count }
|
|
end
|
|
end
|
|
end
|
|
end
|