2019-07-31 22:56:46 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2017-09-10 17:25:29 +05:30
|
|
|
require('spec_helper')
|
|
|
|
|
2020-06-23 00:09:42 +05:30
|
|
|
RSpec.describe ProfilesController, :request_store do
|
2022-08-27 11:52:29 +05:30
|
|
|
let(:password) { User.random_password }
|
2021-11-18 22:05:49 +05:30
|
|
|
let(:user) { create(:user, password: password) }
|
2018-03-17 18:26:18 +05:30
|
|
|
|
2018-06-03 19:52:53 +05:30
|
|
|
describe 'POST update' do
|
|
|
|
it 'does not update password' do
|
|
|
|
sign_in(user)
|
2022-08-27 11:52:29 +05:30
|
|
|
new_password = User.random_password
|
2018-06-03 19:52:53 +05:30
|
|
|
expect do
|
|
|
|
post :update,
|
2022-08-27 11:52:29 +05:30
|
|
|
params: { user: { password: new_password, password_confirmation: new_password } }
|
2018-06-03 19:52:53 +05:30
|
|
|
end.not_to change { user.reload.encrypted_password }
|
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
expect(response).to have_gitlab_http_status(:found)
|
2018-06-03 19:52:53 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
describe 'PUT update' do
|
|
|
|
it 'allows an email update from a user without an external email address' do
|
2017-09-10 17:25:29 +05:30
|
|
|
sign_in(user)
|
|
|
|
|
|
|
|
put :update,
|
2021-11-18 22:05:49 +05:30
|
|
|
params: { user: { email: "john@gmail.com", name: "John", validation_password: password } }
|
2017-09-10 17:25:29 +05:30
|
|
|
|
|
|
|
user.reload
|
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
expect(response).to have_gitlab_http_status(:found)
|
2017-09-10 17:25:29 +05:30
|
|
|
expect(user.unconfirmed_email).to eq('john@gmail.com')
|
|
|
|
end
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
it "allows an email update without confirmation if existing verified email" do
|
|
|
|
user = create(:user)
|
|
|
|
create(:email, :confirmed, user: user, email: 'john@gmail.com')
|
|
|
|
sign_in(user)
|
|
|
|
|
|
|
|
put :update,
|
2019-02-15 15:39:39 +05:30
|
|
|
params: { user: { email: "john@gmail.com", name: "John" } }
|
2018-03-17 18:26:18 +05:30
|
|
|
|
|
|
|
user.reload
|
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
expect(response).to have_gitlab_http_status(:found)
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(user.unconfirmed_email).to eq nil
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'ignores an email update from a user with an external email address' do
|
|
|
|
stub_omniauth_setting(sync_profile_from_provider: ['ldap'])
|
|
|
|
stub_omniauth_setting(sync_profile_attributes: true)
|
|
|
|
|
|
|
|
ldap_user = create(:omniauth_user)
|
|
|
|
ldap_user.create_user_synced_attributes_metadata(provider: 'ldap', name_synced: true, email_synced: true)
|
2017-09-10 17:25:29 +05:30
|
|
|
sign_in(ldap_user)
|
|
|
|
|
|
|
|
put :update,
|
2019-02-15 15:39:39 +05:30
|
|
|
params: { user: { email: "john@gmail.com", name: "John" } }
|
2017-09-10 17:25:29 +05:30
|
|
|
|
|
|
|
ldap_user.reload
|
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
expect(response).to have_gitlab_http_status(:found)
|
2017-09-10 17:25:29 +05:30
|
|
|
expect(ldap_user.unconfirmed_email).not_to eq('john@gmail.com')
|
|
|
|
end
|
2018-03-17 18:26:18 +05:30
|
|
|
|
|
|
|
it 'ignores an email and name update but allows a location update from a user with external email and name, but not external location' do
|
|
|
|
stub_omniauth_setting(sync_profile_from_provider: ['ldap'])
|
|
|
|
stub_omniauth_setting(sync_profile_attributes: true)
|
|
|
|
|
|
|
|
ldap_user = create(:omniauth_user, name: 'Alex')
|
|
|
|
ldap_user.create_user_synced_attributes_metadata(provider: 'ldap', name_synced: true, email_synced: true, location_synced: false)
|
|
|
|
sign_in(ldap_user)
|
|
|
|
|
|
|
|
put :update,
|
2019-02-15 15:39:39 +05:30
|
|
|
params: { user: { email: "john@gmail.com", name: "John", location: "City, Country" } }
|
2018-03-17 18:26:18 +05:30
|
|
|
|
|
|
|
ldap_user.reload
|
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
expect(response).to have_gitlab_http_status(:found)
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(ldap_user.unconfirmed_email).not_to eq('john@gmail.com')
|
|
|
|
expect(ldap_user.name).not_to eq('John')
|
|
|
|
expect(ldap_user.location).to eq('City, Country')
|
|
|
|
end
|
2018-11-18 11:00:15 +05:30
|
|
|
|
2022-10-11 01:57:18 +05:30
|
|
|
it 'allows setting a user status', :freeze_time do
|
2018-11-18 11:00:15 +05:30
|
|
|
sign_in(user)
|
|
|
|
|
2022-10-11 01:57:18 +05:30
|
|
|
put(
|
|
|
|
:update,
|
|
|
|
params: { user: { status: { message: 'Working hard!', availability: 'busy', clear_status_after: '8_hours' } } }
|
|
|
|
)
|
2018-11-18 11:00:15 +05:30
|
|
|
|
|
|
|
expect(user.reload.status.message).to eq('Working hard!')
|
2021-01-29 00:20:46 +05:30
|
|
|
expect(user.reload.status.availability).to eq('busy')
|
2022-10-11 01:57:18 +05:30
|
|
|
expect(user.reload.status.clear_status_after).to eq(8.hours.from_now)
|
2020-03-13 15:44:24 +05:30
|
|
|
expect(response).to have_gitlab_http_status(:found)
|
2018-11-18 11:00:15 +05:30
|
|
|
end
|
2020-04-08 14:13:33 +05:30
|
|
|
|
|
|
|
it 'allows updating user specified job title' do
|
|
|
|
title = 'Marketing Executive'
|
|
|
|
sign_in(user)
|
|
|
|
|
|
|
|
put :update, params: { user: { job_title: title } }
|
|
|
|
|
|
|
|
expect(user.reload.job_title).to eq(title)
|
|
|
|
expect(response).to have_gitlab_http_status(:found)
|
|
|
|
end
|
2021-09-04 01:27:46 +05:30
|
|
|
|
|
|
|
it 'allows updating user specified pronouns', :aggregate_failures do
|
|
|
|
pronouns = 'they/them'
|
|
|
|
sign_in(user)
|
|
|
|
|
|
|
|
put :update, params: { user: { pronouns: pronouns } }
|
|
|
|
|
|
|
|
expect(user.reload.pronouns).to eq(pronouns)
|
|
|
|
expect(response).to have_gitlab_http_status(:found)
|
|
|
|
end
|
2021-10-27 15:23:28 +05:30
|
|
|
|
|
|
|
it 'allows updating user specified pronunciation', :aggregate_failures do
|
|
|
|
user = create(:user, name: 'Example')
|
|
|
|
pronunciation = 'uhg-zaam-pl'
|
|
|
|
sign_in(user)
|
|
|
|
|
|
|
|
put :update, params: { user: { pronunciation: pronunciation } }
|
|
|
|
|
|
|
|
expect(user.reload.pronunciation).to eq(pronunciation)
|
|
|
|
expect(response).to have_gitlab_http_status(:found)
|
|
|
|
end
|
2023-04-23 21:23:45 +05:30
|
|
|
|
|
|
|
it 'allows updating user specified Discord User ID', :aggregate_failures do
|
|
|
|
discord_user_id = '1234567890123456789'
|
|
|
|
sign_in(user)
|
|
|
|
|
|
|
|
put :update, params: { user: { discord: discord_user_id } }
|
|
|
|
|
|
|
|
expect(user.reload.discord).to eq(discord_user_id)
|
|
|
|
expect(response).to have_gitlab_http_status(:found)
|
|
|
|
end
|
2018-03-17 18:26:18 +05:30
|
|
|
end
|
|
|
|
|
2021-01-03 14:25:43 +05:30
|
|
|
describe 'GET audit_log' do
|
2021-12-11 22:18:48 +05:30
|
|
|
let(:auth_event) { create(:authentication_event, user: user) }
|
|
|
|
|
2021-01-03 14:25:43 +05:30
|
|
|
it 'tracks search event', :snowplow do
|
|
|
|
sign_in(user)
|
|
|
|
|
|
|
|
get :audit_log
|
|
|
|
|
|
|
|
expect_snowplow_event(
|
|
|
|
category: 'ProfilesController',
|
2021-09-04 01:27:46 +05:30
|
|
|
action: 'search_audit_event',
|
|
|
|
user: user
|
2021-01-03 14:25:43 +05:30
|
|
|
)
|
|
|
|
end
|
2021-12-11 22:18:48 +05:30
|
|
|
|
|
|
|
it 'loads page correctly' do
|
|
|
|
sign_in(user)
|
|
|
|
|
|
|
|
get :audit_log
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:success)
|
|
|
|
end
|
2021-01-03 14:25:43 +05:30
|
|
|
end
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
describe 'PUT update_username' do
|
|
|
|
let(:namespace) { user.namespace }
|
|
|
|
let(:gitlab_shell) { Gitlab::Shell.new }
|
2018-03-27 19:54:05 +05:30
|
|
|
let(:new_username) { generate(:username) }
|
2018-03-17 18:26:18 +05:30
|
|
|
|
2022-03-02 08:16:31 +05:30
|
|
|
before do
|
2018-03-17 18:26:18 +05:30
|
|
|
sign_in(user)
|
2022-03-02 08:16:31 +05:30
|
|
|
allow(::Gitlab::ApplicationRateLimiter).to receive(:throttled?).and_return(false)
|
|
|
|
end
|
2018-03-17 18:26:18 +05:30
|
|
|
|
2022-03-02 08:16:31 +05:30
|
|
|
it 'allows username change' do
|
2018-03-17 18:26:18 +05:30
|
|
|
put :update_username,
|
2019-02-15 15:39:39 +05:30
|
|
|
params: { user: { username: new_username } }
|
2018-03-17 18:26:18 +05:30
|
|
|
|
|
|
|
user.reload
|
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
expect(response).to have_gitlab_http_status(:found)
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(user.username).to eq(new_username)
|
|
|
|
end
|
|
|
|
|
2018-05-09 12:01:36 +05:30
|
|
|
it 'updates a username using JSON request' do
|
|
|
|
put :update_username,
|
2019-02-15 15:39:39 +05:30
|
|
|
params: {
|
|
|
|
user: { username: new_username }
|
|
|
|
},
|
2018-05-09 12:01:36 +05:30
|
|
|
format: :json
|
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
2020-01-01 13:55:28 +05:30
|
|
|
expect(json_response['message']).to eq(s_('Profiles|Username successfully changed'))
|
2018-05-09 12:01:36 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
it 'renders an error message when the username was not updated' do
|
|
|
|
put :update_username,
|
2019-02-15 15:39:39 +05:30
|
|
|
params: {
|
|
|
|
user: { username: 'invalid username.git' }
|
|
|
|
},
|
2018-05-09 12:01:36 +05:30
|
|
|
format: :json
|
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
expect(response).to have_gitlab_http_status(:unprocessable_entity)
|
2018-05-09 12:01:36 +05:30
|
|
|
expect(json_response['message']).to match(/Username change failed/)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'raises a correct error when the username is missing' do
|
2019-02-15 15:39:39 +05:30
|
|
|
expect { put :update_username, params: { user: { gandalf: 'you shall not pass' } } }
|
2018-05-09 12:01:36 +05:30
|
|
|
.to raise_error(ActionController::ParameterMissing)
|
|
|
|
end
|
|
|
|
|
2018-03-27 19:54:05 +05:30
|
|
|
context 'with legacy storage' do
|
|
|
|
it 'moves dependent projects to new namespace' do
|
|
|
|
project = create(:project_empty_repo, :legacy_storage, namespace: namespace)
|
2018-03-17 18:26:18 +05:30
|
|
|
|
2018-03-27 19:54:05 +05:30
|
|
|
put :update_username,
|
2019-02-15 15:39:39 +05:30
|
|
|
params: { user: { username: new_username } }
|
2018-03-17 18:26:18 +05:30
|
|
|
|
2018-03-27 19:54:05 +05:30
|
|
|
user.reload
|
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
expect(response).to have_gitlab_http_status(:found)
|
2019-12-21 20:55:43 +05:30
|
|
|
expect(gitlab_shell.repository_exists?(project.repository_storage, "#{new_username}/#{project.path}.git")).to be_truthy
|
2018-03-27 19:54:05 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with hashed storage' do
|
|
|
|
it 'keeps repository location unchanged on disk' do
|
|
|
|
project = create(:project_empty_repo, namespace: namespace)
|
|
|
|
|
|
|
|
before_disk_path = project.disk_path
|
|
|
|
|
|
|
|
put :update_username,
|
2019-02-15 15:39:39 +05:30
|
|
|
params: { user: { username: new_username } }
|
2018-03-27 19:54:05 +05:30
|
|
|
|
|
|
|
user.reload
|
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
expect(response).to have_gitlab_http_status(:found)
|
2019-12-21 20:55:43 +05:30
|
|
|
expect(gitlab_shell.repository_exists?(project.repository_storage, "#{project.disk_path}.git")).to be_truthy
|
2018-03-27 19:54:05 +05:30
|
|
|
expect(before_disk_path).to eq(project.disk_path)
|
|
|
|
end
|
2018-03-17 18:26:18 +05:30
|
|
|
end
|
2022-03-02 08:16:31 +05:30
|
|
|
|
|
|
|
context 'when the rate limit is reached' do
|
|
|
|
it 'does not update the username and returns status 429 Too Many Requests' do
|
|
|
|
expect(::Gitlab::ApplicationRateLimiter).to receive(:throttled?).with(:profile_update_username, scope: user).and_return(true)
|
|
|
|
|
|
|
|
expect do
|
|
|
|
put :update_username,
|
|
|
|
params: { user: { username: new_username } }
|
|
|
|
end.not_to change { user.reload.username }
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:too_many_requests)
|
|
|
|
end
|
|
|
|
end
|
2017-09-10 17:25:29 +05:30
|
|
|
end
|
|
|
|
end
|