2019-10-12 21:52:04 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2014-09-02 18:07:02 +05:30
|
|
|
require 'spec_helper'
|
|
|
|
|
2020-06-23 00:09:42 +05:30
|
|
|
RSpec.describe "Admin::Users" do
|
2019-03-02 22:35:43 +05:30
|
|
|
include Spec::Support::Helpers::Features::ResponsiveTableHelpers
|
2019-02-15 15:39:39 +05:30
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
let!(:user) do
|
|
|
|
create(:omniauth_user, provider: 'twitter', extern_uid: '123456')
|
|
|
|
end
|
|
|
|
|
2019-03-02 22:35:43 +05:30
|
|
|
let!(:current_user) { create(:admin, last_activity_on: 5.days.ago) }
|
2017-09-10 17:25:29 +05:30
|
|
|
|
|
|
|
before do
|
|
|
|
sign_in(current_user)
|
|
|
|
end
|
2014-09-02 18:07:02 +05:30
|
|
|
|
|
|
|
describe "GET /admin/users" do
|
|
|
|
before do
|
|
|
|
visit admin_users_path
|
|
|
|
end
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
it "is ok" do
|
2015-04-26 12:48:37 +05:30
|
|
|
expect(current_path).to eq(admin_users_path)
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
it "has users list" do
|
2017-08-17 22:00:37 +05:30
|
|
|
expect(page).to have_content(current_user.email)
|
|
|
|
expect(page).to have_content(current_user.name)
|
2019-03-02 22:35:43 +05:30
|
|
|
expect(page).to have_content(current_user.created_at.strftime("%e %b, %Y"))
|
|
|
|
expect(page).to have_content(current_user.last_activity_on.strftime("%e %b, %Y"))
|
2017-08-17 22:00:37 +05:30
|
|
|
expect(page).to have_content(user.email)
|
|
|
|
expect(page).to have_content(user.name)
|
2021-01-03 14:25:43 +05:30
|
|
|
expect(page).to have_content('Projects')
|
2019-12-21 20:55:43 +05:30
|
|
|
expect(page).to have_button('Block')
|
|
|
|
expect(page).to have_button('Deactivate')
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(page).to have_button('Delete user')
|
|
|
|
expect(page).to have_button('Delete user and contributions')
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
2015-09-11 14:41:01 +05:30
|
|
|
|
2019-07-31 22:56:46 +05:30
|
|
|
describe "view extra user information" do
|
2020-07-28 23:09:34 +05:30
|
|
|
it 'shows the user popover on hover', :js, quarantine: 'https://gitlab.com/gitlab-org/gitlab/-/issues/11290' do
|
2019-03-02 22:35:43 +05:30
|
|
|
expect(page).not_to have_selector('#__BV_popover_1__')
|
|
|
|
|
|
|
|
first_user_link = page.first('.js-user-link')
|
|
|
|
first_user_link.hover
|
|
|
|
|
|
|
|
expect(page).to have_selector('#__BV_popover_1__')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2021-01-03 14:25:43 +05:30
|
|
|
context 'user project count' do
|
|
|
|
before do
|
|
|
|
project = create(:project)
|
|
|
|
project.add_maintainer(current_user)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'displays count of users projects' do
|
|
|
|
visit admin_users_path
|
|
|
|
|
|
|
|
expect(page.find("[data-testid='user-project-count-#{current_user.id}']").text).to eq("1")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'tabs' do
|
|
|
|
it 'has multiple tabs to filter users' do
|
|
|
|
expect(page).to have_link('Active', href: admin_users_path)
|
|
|
|
expect(page).to have_link('Admins', href: admin_users_path(filter: 'admins'))
|
|
|
|
expect(page).to have_link('2FA Enabled', href: admin_users_path(filter: 'two_factor_enabled'))
|
|
|
|
expect(page).to have_link('2FA Disabled', href: admin_users_path(filter: 'two_factor_disabled'))
|
|
|
|
expect(page).to have_link('External', href: admin_users_path(filter: 'external'))
|
|
|
|
expect(page).to have_link('Blocked', href: admin_users_path(filter: 'blocked'))
|
|
|
|
expect(page).to have_link('Deactivated', href: admin_users_path(filter: 'deactivated'))
|
|
|
|
expect(page).to have_link('Without projects', href: admin_users_path(filter: 'wop'))
|
|
|
|
end
|
|
|
|
|
|
|
|
context '`Pending approval` tab' do
|
2021-01-29 00:20:46 +05:30
|
|
|
before do
|
|
|
|
visit admin_users_path
|
2021-01-03 14:25:43 +05:30
|
|
|
end
|
|
|
|
|
2021-01-29 00:20:46 +05:30
|
|
|
it 'shows the `Pending approval` tab' do
|
|
|
|
expect(page).to have_link('Pending approval', href: admin_users_path(filter: 'blocked_pending_approval'))
|
2021-01-03 14:25:43 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-02-15 15:39:39 +05:30
|
|
|
describe 'search and sort' do
|
|
|
|
before do
|
2019-03-02 22:35:43 +05:30
|
|
|
create(:user, name: 'Foo Bar', last_activity_on: 3.days.ago)
|
|
|
|
create(:user, name: 'Foo Baz', last_activity_on: 2.days.ago)
|
2019-02-15 15:39:39 +05:30
|
|
|
create(:user, name: 'Dmitriy')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'searches users by name' do
|
|
|
|
visit admin_users_path(search_query: 'Foo')
|
|
|
|
|
|
|
|
expect(page).to have_content('Foo Bar')
|
|
|
|
expect(page).to have_content('Foo Baz')
|
|
|
|
expect(page).not_to have_content('Dmitriy')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'sorts users by name' do
|
|
|
|
visit admin_users_path
|
|
|
|
|
|
|
|
sort_by('Name')
|
|
|
|
|
|
|
|
expect(first_row.text).to include('Dmitriy')
|
|
|
|
expect(second_row.text).to include('Foo Bar')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'sorts search results only' do
|
|
|
|
visit admin_users_path(search_query: 'Foo')
|
|
|
|
|
|
|
|
sort_by('Name')
|
|
|
|
|
|
|
|
expect(page).not_to have_content('Dmitriy')
|
|
|
|
expect(first_row.text).to include('Foo Bar')
|
|
|
|
expect(second_row.text).to include('Foo Baz')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'searches with respect of sorting' do
|
|
|
|
visit admin_users_path(sort: 'Name')
|
|
|
|
|
|
|
|
fill_in :search_query, with: 'Foo'
|
|
|
|
click_button('Search users')
|
|
|
|
|
|
|
|
expect(first_row.text).to include('Foo Bar')
|
|
|
|
expect(second_row.text).to include('Foo Baz')
|
|
|
|
end
|
2019-03-02 22:35:43 +05:30
|
|
|
|
|
|
|
it 'sorts users by recent last activity' do
|
|
|
|
visit admin_users_path(search_query: 'Foo')
|
|
|
|
|
|
|
|
sort_by('Recent last activity')
|
|
|
|
|
|
|
|
expect(first_row.text).to include('Foo Baz')
|
|
|
|
expect(second_row.text).to include('Foo Bar')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'sorts users by oldest last activity' do
|
|
|
|
visit admin_users_path(search_query: 'Foo')
|
|
|
|
|
|
|
|
sort_by('Oldest last activity')
|
|
|
|
|
|
|
|
expect(first_row.text).to include('Foo Bar')
|
|
|
|
expect(second_row.text).to include('Foo Baz')
|
|
|
|
end
|
2019-02-15 15:39:39 +05:30
|
|
|
end
|
|
|
|
|
2015-09-11 14:41:01 +05:30
|
|
|
describe 'Two-factor Authentication filters' do
|
|
|
|
it 'counts users who have enabled 2FA' do
|
2016-06-16 23:09:34 +05:30
|
|
|
create(:user, :two_factor)
|
2015-09-11 14:41:01 +05:30
|
|
|
|
|
|
|
visit admin_users_path
|
|
|
|
|
|
|
|
page.within('.filter-two-factor-enabled small') do
|
|
|
|
expect(page).to have_content('1')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'filters by users who have enabled 2FA' do
|
2016-06-16 23:09:34 +05:30
|
|
|
user = create(:user, :two_factor)
|
2015-09-11 14:41:01 +05:30
|
|
|
|
|
|
|
visit admin_users_path
|
|
|
|
click_link '2FA Enabled'
|
|
|
|
|
|
|
|
expect(page).to have_content(user.email)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'counts users who have not enabled 2FA' do
|
|
|
|
visit admin_users_path
|
|
|
|
|
|
|
|
page.within('.filter-two-factor-disabled small') do
|
|
|
|
expect(page).to have_content('2') # Including admin
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'filters by users who have not enabled 2FA' do
|
|
|
|
visit admin_users_path
|
|
|
|
click_link '2FA Disabled'
|
|
|
|
|
|
|
|
expect(page).to have_content(user.email)
|
|
|
|
end
|
|
|
|
end
|
2021-01-03 14:25:43 +05:30
|
|
|
|
|
|
|
describe 'Pending approval filter' do
|
|
|
|
it 'counts users who are pending approval' do
|
|
|
|
create_list(:user, 2, :blocked_pending_approval)
|
|
|
|
|
|
|
|
visit admin_users_path
|
|
|
|
|
|
|
|
page.within('.filter-blocked-pending-approval small') do
|
|
|
|
expect(page).to have_content('2')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'filters by users who are pending approval' do
|
|
|
|
user = create(:user, :blocked_pending_approval)
|
|
|
|
|
|
|
|
visit admin_users_path
|
|
|
|
click_link 'Pending approval'
|
|
|
|
|
|
|
|
expect(page).to have_content(user.email)
|
|
|
|
end
|
|
|
|
end
|
2021-01-29 00:20:46 +05:30
|
|
|
|
|
|
|
context 'when blocking a user' do
|
|
|
|
it 'shows confirmation and allows blocking', :js do
|
|
|
|
expect(page).to have_content(user.email)
|
|
|
|
|
|
|
|
find("[data-testid='user-action-button-#{user.id}']").click
|
|
|
|
|
|
|
|
within find("[data-testid='user-action-dropdown-#{user.id}']") do
|
|
|
|
find('li button', text: 'Block').click
|
|
|
|
end
|
|
|
|
|
|
|
|
wait_for_requests
|
|
|
|
|
|
|
|
expect(page).to have_content('Block user')
|
|
|
|
expect(page).to have_content('Blocking user has the following effects')
|
|
|
|
expect(page).to have_content('User will not be able to login')
|
|
|
|
expect(page).to have_content('Owned groups will be left')
|
|
|
|
|
|
|
|
find('.modal-footer button', text: 'Block').click
|
|
|
|
|
|
|
|
wait_for_requests
|
|
|
|
|
|
|
|
expect(page).to have_content('Successfully blocked')
|
|
|
|
expect(page).not_to have_content(user.email)
|
|
|
|
end
|
|
|
|
end
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
describe "GET /admin/users/new" do
|
2018-11-20 20:47:30 +05:30
|
|
|
let(:user_username) { 'bang' }
|
|
|
|
|
2014-09-02 18:07:02 +05:30
|
|
|
before do
|
|
|
|
visit new_admin_user_path
|
|
|
|
fill_in "user_name", with: "Big Bang"
|
2018-11-20 20:47:30 +05:30
|
|
|
fill_in "user_username", with: user_username
|
2014-09-02 18:07:02 +05:30
|
|
|
fill_in "user_email", with: "bigbang@mail.com"
|
|
|
|
end
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
it "creates new user" do
|
2014-09-02 18:07:02 +05:30
|
|
|
expect { click_button "Create user" }.to change {User.count}.by(1)
|
|
|
|
end
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
it "applies defaults to user" do
|
2014-09-02 18:07:02 +05:30
|
|
|
click_button "Create user"
|
2015-04-26 12:48:37 +05:30
|
|
|
user = User.find_by(username: 'bang')
|
2017-09-10 17:25:29 +05:30
|
|
|
expect(user.projects_limit)
|
|
|
|
.to eq(Gitlab.config.gitlab.default_projects_limit)
|
|
|
|
expect(user.can_create_group)
|
|
|
|
.to eq(Gitlab.config.gitlab.default_can_create_group)
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
it "creates user with valid data" do
|
2014-09-02 18:07:02 +05:30
|
|
|
click_button "Create user"
|
2015-04-26 12:48:37 +05:30
|
|
|
user = User.find_by(username: 'bang')
|
|
|
|
expect(user.name).to eq('Big Bang')
|
|
|
|
expect(user.email).to eq('bigbang@mail.com')
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
it "calls send mail" do
|
2019-12-26 22:10:19 +05:30
|
|
|
expect_next_instance_of(NotificationService) do |instance|
|
|
|
|
expect(instance).to receive(:new_user)
|
|
|
|
end
|
2014-09-02 18:07:02 +05:30
|
|
|
|
|
|
|
click_button "Create user"
|
|
|
|
end
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
it "sends valid email to user with email & password" do
|
2015-12-23 02:04:40 +05:30
|
|
|
perform_enqueued_jobs do
|
|
|
|
click_button "Create user"
|
|
|
|
end
|
|
|
|
|
2015-04-26 12:48:37 +05:30
|
|
|
user = User.find_by(username: 'bang')
|
2014-09-02 18:07:02 +05:30
|
|
|
email = ActionMailer::Base.deliveries.last
|
2015-04-26 12:48:37 +05:30
|
|
|
expect(email.subject).to have_content('Account was created')
|
|
|
|
expect(email.text_part.body).to have_content(user.email)
|
|
|
|
expect(email.text_part.body).to have_content('password')
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
2018-11-20 20:47:30 +05:30
|
|
|
|
|
|
|
context 'username contains spaces' do
|
|
|
|
let(:user_username) { 'Bing bang' }
|
|
|
|
|
|
|
|
it "doesn't create the user and shows an error message" do
|
|
|
|
expect { click_button "Create user" }.to change {User.count}.by(0)
|
|
|
|
|
|
|
|
expect(page).to have_content('The form contains the following error')
|
|
|
|
expect(page).to have_content('Username can contain only letters, digits')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with new users set to external enabled' do
|
|
|
|
context 'with regex to match internal user email address set', :js do
|
|
|
|
before do
|
|
|
|
stub_application_setting(user_default_external: true)
|
2019-02-15 15:39:39 +05:30
|
|
|
stub_application_setting(user_default_internal_regex: '\.internal@')
|
2018-11-20 20:47:30 +05:30
|
|
|
|
|
|
|
visit new_admin_user_path
|
|
|
|
end
|
|
|
|
|
|
|
|
def expects_external_to_be_checked
|
|
|
|
expect(find('#user_external')).to be_checked
|
|
|
|
end
|
|
|
|
|
|
|
|
def expects_external_to_be_unchecked
|
|
|
|
expect(find('#user_external')).not_to be_checked
|
|
|
|
end
|
|
|
|
|
|
|
|
def expects_warning_to_be_hidden
|
|
|
|
expect(find('#warning_external_automatically_set', visible: :all)[:class]).to include 'hidden'
|
|
|
|
end
|
|
|
|
|
|
|
|
def expects_warning_to_be_shown
|
|
|
|
expect(find('#warning_external_automatically_set')[:class]).not_to include 'hidden'
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'automatically unchecks external for matching email' do
|
|
|
|
expects_external_to_be_checked
|
|
|
|
expects_warning_to_be_hidden
|
|
|
|
|
|
|
|
fill_in 'user_email', with: 'test.internal@domain.ch'
|
|
|
|
|
|
|
|
expects_external_to_be_unchecked
|
|
|
|
expects_warning_to_be_shown
|
|
|
|
|
|
|
|
fill_in 'user_email', with: 'test@domain.ch'
|
|
|
|
|
|
|
|
expects_external_to_be_checked
|
|
|
|
expects_warning_to_be_hidden
|
|
|
|
|
|
|
|
uncheck 'user_external'
|
|
|
|
|
|
|
|
expects_warning_to_be_hidden
|
|
|
|
end
|
2019-02-15 15:39:39 +05:30
|
|
|
|
|
|
|
it 'creates an internal user' do
|
|
|
|
user_name = 'tester1'
|
|
|
|
fill_in 'user_email', with: 'test.internal@domain.ch'
|
|
|
|
fill_in 'user_name', with: 'tester1 name'
|
|
|
|
fill_in 'user_username', with: user_name
|
|
|
|
|
|
|
|
expects_external_to_be_unchecked
|
|
|
|
expects_warning_to_be_shown
|
|
|
|
|
|
|
|
click_button 'Create user'
|
|
|
|
|
|
|
|
new_user = User.find_by(username: user_name)
|
|
|
|
|
|
|
|
expect(new_user.external).to be_falsy
|
|
|
|
end
|
2018-11-20 20:47:30 +05:30
|
|
|
end
|
|
|
|
end
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
describe "GET /admin/users/:id" do
|
2016-09-13 17:45:13 +05:30
|
|
|
it "has user info" do
|
2014-09-02 18:07:02 +05:30
|
|
|
visit admin_users_path
|
2017-08-17 22:00:37 +05:30
|
|
|
click_link user.name
|
2014-09-02 18:07:02 +05:30
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
expect(page).to have_content(user.email)
|
|
|
|
expect(page).to have_content(user.name)
|
2020-11-24 15:15:51 +05:30
|
|
|
expect(page).to have_content("ID: #{user.id}")
|
|
|
|
expect(page).to have_content("Namespace ID: #{user.namespace_id}")
|
2019-12-21 20:55:43 +05:30
|
|
|
expect(page).to have_button('Deactivate user')
|
|
|
|
expect(page).to have_button('Block user')
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(page).to have_button('Delete user')
|
|
|
|
expect(page).to have_button('Delete user and contributions')
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
2015-09-11 14:41:01 +05:30
|
|
|
|
2021-01-03 14:25:43 +05:30
|
|
|
context 'user pending approval' do
|
|
|
|
it 'shows user info' do
|
|
|
|
user = create(:user, :blocked_pending_approval)
|
|
|
|
|
|
|
|
visit admin_users_path
|
|
|
|
click_link 'Pending approval'
|
|
|
|
click_link user.name
|
|
|
|
|
|
|
|
expect(page).to have_content(user.name)
|
|
|
|
expect(page).to have_content('Pending approval')
|
|
|
|
expect(page).to have_link('Approve user')
|
|
|
|
expect(page).to have_button('Block user')
|
|
|
|
expect(page).to have_button('Delete user')
|
|
|
|
expect(page).to have_button('Delete user and contributions')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2021-01-29 00:20:46 +05:30
|
|
|
context 'when blocking the user' do
|
|
|
|
it 'shows confirmation and allows blocking', :js do
|
|
|
|
visit admin_user_path(user)
|
|
|
|
|
|
|
|
find('button', text: 'Block user').click
|
|
|
|
|
|
|
|
wait_for_requests
|
|
|
|
|
|
|
|
expect(page).to have_content('Block user')
|
|
|
|
expect(page).to have_content('You can always unblock their account, their data will remain intact.')
|
|
|
|
|
|
|
|
find('.modal-footer button', text: 'Block').click
|
|
|
|
|
|
|
|
wait_for_requests
|
|
|
|
|
|
|
|
expect(page).to have_content('Successfully blocked')
|
|
|
|
expect(page).to have_content('This user is blocked')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2015-11-26 14:37:03 +05:30
|
|
|
describe 'Impersonation' do
|
|
|
|
let(:another_user) { create(:user) }
|
2017-09-10 17:25:29 +05:30
|
|
|
|
2019-01-03 12:48:30 +05:30
|
|
|
context 'before impersonating' do
|
2019-02-15 15:39:39 +05:30
|
|
|
subject { visit admin_user_path(user_to_visit) }
|
|
|
|
|
|
|
|
let(:user_to_visit) { another_user }
|
|
|
|
|
|
|
|
context 'for other users' do
|
|
|
|
it 'shows impersonate button for other users' do
|
|
|
|
subject
|
|
|
|
|
|
|
|
expect(page).to have_content('Impersonate')
|
|
|
|
end
|
2015-11-26 14:37:03 +05:30
|
|
|
end
|
2015-10-24 18:46:33 +05:30
|
|
|
|
2019-02-15 15:39:39 +05:30
|
|
|
context 'for admin itself' do
|
|
|
|
let(:user_to_visit) { current_user }
|
|
|
|
|
|
|
|
it 'does not show impersonate button for admin itself' do
|
|
|
|
subject
|
2015-10-24 18:46:33 +05:30
|
|
|
|
2019-02-15 15:39:39 +05:30
|
|
|
expect(page).not_to have_content('Impersonate')
|
|
|
|
end
|
2015-10-24 18:46:33 +05:30
|
|
|
end
|
2015-12-23 02:04:40 +05:30
|
|
|
|
2019-02-15 15:39:39 +05:30
|
|
|
context 'for blocked user' do
|
|
|
|
before do
|
|
|
|
another_user.block
|
|
|
|
end
|
2015-12-23 02:04:40 +05:30
|
|
|
|
2019-02-15 15:39:39 +05:30
|
|
|
it 'does not show impersonate button for blocked user' do
|
|
|
|
subject
|
|
|
|
|
|
|
|
expect(page).not_to have_content('Impersonate')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when impersonation is disabled' do
|
|
|
|
before do
|
|
|
|
stub_config_setting(impersonation_enabled: false)
|
|
|
|
end
|
2015-12-23 02:04:40 +05:30
|
|
|
|
2019-02-15 15:39:39 +05:30
|
|
|
it 'does not show impersonate button' do
|
|
|
|
subject
|
2015-12-23 02:04:40 +05:30
|
|
|
|
2019-02-15 15:39:39 +05:30
|
|
|
expect(page).not_to have_content('Impersonate')
|
|
|
|
end
|
2015-12-23 02:04:40 +05:30
|
|
|
end
|
2015-10-24 18:46:33 +05:30
|
|
|
end
|
|
|
|
|
2015-11-26 14:37:03 +05:30
|
|
|
context 'when impersonating' do
|
2019-02-15 15:39:39 +05:30
|
|
|
subject { click_link 'Impersonate' }
|
|
|
|
|
2017-09-10 17:25:29 +05:30
|
|
|
before do
|
2019-02-15 15:39:39 +05:30
|
|
|
visit admin_user_path(another_user)
|
2017-09-10 17:25:29 +05:30
|
|
|
end
|
2015-11-26 14:37:03 +05:30
|
|
|
|
|
|
|
it 'logs in as the user when impersonate is clicked' do
|
2019-02-15 15:39:39 +05:30
|
|
|
subject
|
|
|
|
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(page.find(:css, '.header-user .profile-link')['data-user']).to eql(another_user.username)
|
2015-11-26 14:37:03 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
it 'sees impersonation log out icon' do
|
2019-02-15 15:39:39 +05:30
|
|
|
subject
|
2019-01-03 12:48:30 +05:30
|
|
|
|
2020-11-24 15:15:51 +05:30
|
|
|
icon = first('[data-testid="incognito-icon"]')
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(icon).not_to be nil
|
2015-11-26 14:37:03 +05:30
|
|
|
end
|
|
|
|
|
2019-02-15 15:39:39 +05:30
|
|
|
context 'a user with an expired password' do
|
|
|
|
before do
|
|
|
|
another_user.update(password_expires_at: Time.now - 5.minutes)
|
|
|
|
end
|
2015-11-26 14:37:03 +05:30
|
|
|
|
2019-02-15 15:39:39 +05:30
|
|
|
it 'does not redirect to password change page' do
|
|
|
|
subject
|
2015-11-26 14:37:03 +05:30
|
|
|
|
2019-02-15 15:39:39 +05:30
|
|
|
expect(current_path).to eq('/')
|
|
|
|
end
|
2018-03-17 18:26:18 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-02-15 15:39:39 +05:30
|
|
|
context 'ending impersonation' do
|
|
|
|
subject { find(:css, 'li.impersonation a').click }
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
before do
|
2019-02-15 15:39:39 +05:30
|
|
|
visit admin_user_path(another_user)
|
2018-03-17 18:26:18 +05:30
|
|
|
click_link 'Impersonate'
|
|
|
|
end
|
|
|
|
|
2019-02-15 15:39:39 +05:30
|
|
|
it 'logs out of impersonated user back to original user' do
|
|
|
|
subject
|
|
|
|
|
|
|
|
expect(page.find(:css, '.header-user .profile-link')['data-user']).to eq(current_user.username)
|
2018-03-17 18:26:18 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
it 'is redirected back to the impersonated users page in the admin after stopping' do
|
2019-02-15 15:39:39 +05:30
|
|
|
subject
|
2018-03-17 18:26:18 +05:30
|
|
|
|
|
|
|
expect(current_path).to eq("/admin/users/#{another_user.username}")
|
2015-11-26 14:37:03 +05:30
|
|
|
end
|
2019-02-15 15:39:39 +05:30
|
|
|
|
|
|
|
context 'a user with an expired password' do
|
|
|
|
before do
|
|
|
|
another_user.update(password_expires_at: Time.now - 5.minutes)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'is redirected back to the impersonated users page in the admin after stopping' do
|
|
|
|
subject
|
|
|
|
|
|
|
|
expect(current_path).to eq("/admin/users/#{another_user.username}")
|
|
|
|
end
|
|
|
|
end
|
2015-10-24 18:46:33 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2015-09-11 14:41:01 +05:30
|
|
|
describe 'Two-factor Authentication status' do
|
|
|
|
it 'shows when enabled' do
|
2017-08-17 22:00:37 +05:30
|
|
|
user.update_attribute(:otp_required_for_login, true)
|
2015-09-11 14:41:01 +05:30
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
visit admin_user_path(user)
|
2015-09-11 14:41:01 +05:30
|
|
|
|
|
|
|
expect_two_factor_status('Enabled')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'shows when disabled' do
|
2017-08-17 22:00:37 +05:30
|
|
|
visit admin_user_path(user)
|
2015-09-11 14:41:01 +05:30
|
|
|
|
|
|
|
expect_two_factor_status('Disabled')
|
|
|
|
end
|
|
|
|
|
|
|
|
def expect_two_factor_status(status)
|
|
|
|
page.within('.two-factor-status') do
|
|
|
|
expect(page).to have_content(status)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2019-09-30 21:07:59 +05:30
|
|
|
|
|
|
|
describe 'Email verification status' do
|
|
|
|
let!(:secondary_email) do
|
|
|
|
create :email, email: 'secondary@example.com', user: user
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'displays the correct status for an unverified email address' do
|
|
|
|
user.update(confirmed_at: nil, unconfirmed_email: user.email)
|
|
|
|
visit admin_user_path(user)
|
|
|
|
|
|
|
|
expect(page).to have_content("#{user.email} Unverified")
|
|
|
|
|
|
|
|
expect(page).to have_content("#{secondary_email.email} Unverified")
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'displays the correct status for a verified email address' do
|
|
|
|
visit admin_user_path(user)
|
|
|
|
expect(page).to have_content("#{user.email} Verified")
|
|
|
|
|
|
|
|
secondary_email.confirm
|
|
|
|
expect(secondary_email.confirmed?).to be_truthy
|
|
|
|
|
|
|
|
visit admin_user_path(user)
|
|
|
|
expect(page).to have_content("#{secondary_email.email} Verified")
|
|
|
|
end
|
|
|
|
end
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
describe "GET /admin/users/:id/edit" do
|
|
|
|
before do
|
|
|
|
visit admin_users_path
|
2017-08-17 22:00:37 +05:30
|
|
|
click_link "edit_user_#{user.id}"
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
it "has user edit page" do
|
2015-04-26 12:48:37 +05:30
|
|
|
expect(page).to have_content('Name')
|
|
|
|
expect(page).to have_content('Password')
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
describe "Update user" do
|
|
|
|
before do
|
|
|
|
fill_in "user_name", with: "Big Bang"
|
|
|
|
fill_in "user_email", with: "bigbang@mail.com"
|
2016-06-02 11:05:42 +05:30
|
|
|
fill_in "user_password", with: "AValidPassword1"
|
|
|
|
fill_in "user_password_confirmation", with: "AValidPassword1"
|
2017-08-17 22:00:37 +05:30
|
|
|
choose "user_access_level_admin"
|
2014-09-02 18:07:02 +05:30
|
|
|
click_button "Save changes"
|
|
|
|
end
|
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
it "shows page with new data" do
|
2015-04-26 12:48:37 +05:30
|
|
|
expect(page).to have_content('bigbang@mail.com')
|
|
|
|
expect(page).to have_content('Big Bang')
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
it "changes user entry" do
|
2017-08-17 22:00:37 +05:30
|
|
|
user.reload
|
|
|
|
expect(user.name).to eq('Big Bang')
|
|
|
|
expect(user.admin?).to be_truthy
|
|
|
|
expect(user.password_expires_at).to be <= Time.now
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'update username to non ascii char' do
|
|
|
|
it do
|
|
|
|
fill_in 'user_username', with: '\u3042\u3044'
|
|
|
|
click_button('Save')
|
|
|
|
|
|
|
|
page.within '#error_explanation' do
|
|
|
|
expect(page).to have_content('Username')
|
|
|
|
end
|
|
|
|
|
|
|
|
expect(page).to have_selector(%(form[action="/admin/users/#{user.username}"]))
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "GET /admin/users/:id/projects" do
|
|
|
|
let(:group) { create(:group) }
|
|
|
|
let!(:project) { create(:project, group: group) }
|
|
|
|
|
|
|
|
before do
|
|
|
|
group.add_developer(user)
|
|
|
|
|
|
|
|
visit projects_admin_user_path(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "lists group projects" do
|
2020-07-28 23:09:34 +05:30
|
|
|
within(:css, '.gl-mb-3 + .card') do
|
2017-08-17 22:00:37 +05:30
|
|
|
expect(page).to have_content 'Group projects'
|
2018-10-15 14:42:47 +05:30
|
|
|
expect(page).to have_link group.name, href: admin_group_path(group)
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
it 'allows navigation to the group details' do
|
2020-07-28 23:09:34 +05:30
|
|
|
within(:css, '.gl-mb-3 + .card') do
|
2017-08-17 22:00:37 +05:30
|
|
|
click_link group.name
|
|
|
|
end
|
|
|
|
within(:css, 'h3.page-title') do
|
|
|
|
expect(page).to have_content "Group: #{group.name}"
|
|
|
|
end
|
|
|
|
expect(page).to have_content project.name
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'shows the group access level' do
|
2020-07-28 23:09:34 +05:30
|
|
|
within(:css, '.gl-mb-3 + .card') do
|
2017-08-17 22:00:37 +05:30
|
|
|
expect(page).to have_content 'Developer'
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
it 'allows group membership to be revoked', :js do
|
2017-08-17 22:00:37 +05:30
|
|
|
page.within(first('.group_member')) do
|
2020-11-24 15:15:51 +05:30
|
|
|
accept_confirm { find('.btn[data-testid="remove-user"]').click }
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
2017-09-10 17:25:29 +05:30
|
|
|
wait_for_requests
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
expect(page).not_to have_selector('.group_member')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2018-11-18 11:00:15 +05:30
|
|
|
describe 'show breadcrumbs' do
|
|
|
|
it do
|
|
|
|
visit admin_user_path(user)
|
|
|
|
|
|
|
|
check_breadcrumb(user.name)
|
|
|
|
|
|
|
|
visit projects_admin_user_path(user)
|
|
|
|
|
|
|
|
check_breadcrumb(user.name)
|
|
|
|
|
|
|
|
visit keys_admin_user_path(user)
|
|
|
|
|
|
|
|
check_breadcrumb(user.name)
|
|
|
|
|
|
|
|
visit admin_user_impersonation_tokens_path(user)
|
|
|
|
|
|
|
|
check_breadcrumb(user.name)
|
|
|
|
|
|
|
|
visit admin_user_identities_path(user)
|
|
|
|
|
|
|
|
check_breadcrumb(user.name)
|
|
|
|
|
|
|
|
visit new_admin_user_identity_path(user)
|
|
|
|
|
|
|
|
check_breadcrumb("New Identity")
|
|
|
|
|
|
|
|
visit admin_user_identities_path(user)
|
|
|
|
|
|
|
|
find('.table').find(:link, 'Edit').click
|
|
|
|
|
|
|
|
check_breadcrumb("Edit Identity")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
describe 'show user attributes' do
|
|
|
|
it do
|
|
|
|
visit admin_users_path
|
|
|
|
|
|
|
|
click_link user.name
|
|
|
|
|
|
|
|
expect(page).to have_content 'Account'
|
|
|
|
expect(page).to have_content 'Personal projects limit'
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
describe 'remove users secondary email', :js do
|
2017-08-17 22:00:37 +05:30
|
|
|
let!(:secondary_email) do
|
|
|
|
create :email, email: 'secondary@example.com', user: user
|
|
|
|
end
|
|
|
|
|
|
|
|
it do
|
|
|
|
visit admin_user_path(user.username)
|
|
|
|
|
|
|
|
expect(page).to have_content("Secondary email: #{secondary_email.email}")
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
accept_confirm { find("#remove_email_#{secondary_email.id}").click }
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
expect(page).not_to have_content(secondary_email.email)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2021-01-03 14:25:43 +05:30
|
|
|
describe 'show user keys', :js do
|
2017-08-17 22:00:37 +05:30
|
|
|
let!(:key1) do
|
|
|
|
create(:key, user: user, title: "ssh-rsa Key1", key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4FIEBXGi4bPU8kzxMefudPIJ08/gNprdNTaO9BR/ndy3+58s2HCTw2xCHcsuBmq+TsAqgEidVq4skpqoTMB+Uot5Uzp9z4764rc48dZiI661izoREoKnuRQSsRqUTHg5wrLzwxlQbl1MVfRWQpqiz/5KjBC7yLEb9AbusjnWBk8wvC1bQPQ1uLAauEA7d836tgaIsym9BrLsMVnR4P1boWD3Xp1B1T/ImJwAGHvRmP/ycIqmKdSpMdJXwxcb40efWVj0Ibbe7ii9eeoLdHACqevUZi6fwfbymdow+FeqlkPoHyGg3Cu4vD/D8+8cRc7mE/zGCWcQ15Var83Tczour Key1")
|
|
|
|
end
|
|
|
|
|
|
|
|
let!(:key2) do
|
|
|
|
create(:key, user: user, title: "ssh-rsa Key2", key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQSTWXhJAX/He+nG78MiRRRn7m0Pb0XbcgTxE0etArgoFoh9WtvDf36HG6tOSg/0UUNcp0dICsNAmhBKdncp6cIyPaXJTURPRAGvhI0/VDk4bi27bRnccGbJ/hDaUxZMLhhrzY0r22mjVf8PF6dvv5QUIQVm1/LeaWYsHHvLgiIjwrXirUZPnFrZw6VLREoBKG8uWvfSXw1L5eapmstqfsME8099oi+vWLR8MgEysZQmD28M73fgW4zek6LDQzKQyJx9nB+hJkKUDvcuziZjGmRFlNgSA2mguERwL1OXonD8WYUrBDGKroIvBT39zS5d9tQDnidEJZ9Y8gv5ViYP7x Key2")
|
|
|
|
end
|
|
|
|
|
|
|
|
it do
|
|
|
|
visit admin_users_path
|
|
|
|
|
|
|
|
click_link user.name
|
|
|
|
click_link 'SSH keys'
|
|
|
|
|
|
|
|
expect(page).to have_content(key1.title)
|
|
|
|
expect(page).to have_content(key2.title)
|
|
|
|
|
|
|
|
click_link key2.title
|
|
|
|
|
|
|
|
expect(page).to have_content(key2.title)
|
|
|
|
expect(page).to have_content(key2.key)
|
|
|
|
|
2021-01-03 14:25:43 +05:30
|
|
|
click_button 'Delete'
|
|
|
|
|
|
|
|
page.within('.modal') do
|
|
|
|
page.click_button('Delete')
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
expect(page).not_to have_content(key2.title)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'show user identities' do
|
|
|
|
it 'shows user identities' do
|
|
|
|
visit admin_user_identities_path(user)
|
|
|
|
|
|
|
|
expect(page).to have_content(user.name)
|
|
|
|
expect(page).to have_content('twitter')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'update user identities' do
|
|
|
|
before do
|
2018-03-27 19:54:05 +05:30
|
|
|
allow(Gitlab::Auth::OAuth::Provider).to receive(:providers).and_return([:twitter, :twitter_updated])
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
it 'modifies twitter identity' do
|
|
|
|
visit admin_user_identities_path(user)
|
|
|
|
|
|
|
|
find('.table').find(:link, 'Edit').click
|
|
|
|
fill_in 'identity_extern_uid', with: '654321'
|
|
|
|
select 'twitter_updated', from: 'identity_provider'
|
|
|
|
click_button 'Save changes'
|
|
|
|
|
|
|
|
expect(page).to have_content(user.name)
|
|
|
|
expect(page).to have_content('twitter_updated')
|
|
|
|
expect(page).to have_content('654321')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'remove user with identities' do
|
|
|
|
it 'removes user with twitter identity' do
|
|
|
|
visit admin_user_identities_path(user)
|
|
|
|
|
|
|
|
click_link 'Delete'
|
|
|
|
|
|
|
|
expect(page).to have_content(user.name)
|
|
|
|
expect(page).not_to have_content('twitter')
|
|
|
|
end
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
2018-11-18 11:00:15 +05:30
|
|
|
|
|
|
|
def check_breadcrumb(content)
|
|
|
|
expect(find('.breadcrumbs-sub-title')).to have_content(content)
|
|
|
|
end
|
2019-02-15 15:39:39 +05:30
|
|
|
|
|
|
|
def sort_by(text)
|
|
|
|
page.within('.user-sort-dropdown') do
|
|
|
|
click_link text
|
|
|
|
end
|
|
|
|
end
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|