debian-mirror-gitlab/spec/models/abuse_report_spec.rb

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe AbuseReport, feature_category: :insider_threat do
  let_it_be(:report, reload: true) { create(:abuse_report) }
  let_it_be(:user, reload: true) { create(:admin) }

  subject { report }

  it { expect(subject).to be_valid }

  describe 'associations' do
    it { is_expected.to belong_to(:reporter).class_name('User') }
    it { is_expected.to belong_to(:user) }

    it "aliases reporter to author" do
      expect(subject.author).to be(subject.reporter)
    end
  end

  describe 'validations' do
    let(:http)  { 'http://gitlab.com' }
    let(:https) { 'https://gitlab.com' }
    let(:ftp)   { 'ftp://example.com' }
    let(:javascript) { 'javascript:alert(window.opener.document.location)' }

    it { is_expected.to validate_presence_of(:reporter) }
    it { is_expected.to validate_presence_of(:user) }
    it { is_expected.to validate_presence_of(:message) }
    it { is_expected.to validate_presence_of(:category) }

    it do
      is_expected.to validate_uniqueness_of(:user_id)
        .scoped_to([:reporter_id, :category])
        .with_message('You have already reported this user')
    end

    it { is_expected.to validate_length_of(:reported_from_url).is_at_most(512).allow_blank }
    it { is_expected.to allow_value(http).for(:reported_from_url) }
    it { is_expected.to allow_value(https).for(:reported_from_url) }
    it { is_expected.not_to allow_value(ftp).for(:reported_from_url) }
    it { is_expected.not_to allow_value(javascript).for(:reported_from_url) }
    it { is_expected.to allow_value('http://localhost:9000').for(:reported_from_url) }
    it { is_expected.to allow_value('https://gitlab.com').for(:reported_from_url) }

    it { is_expected.to allow_value([]).for(:links_to_spam) }
    it { is_expected.to allow_value(nil).for(:links_to_spam) }
    it { is_expected.to allow_value('').for(:links_to_spam) }

    it { is_expected.to allow_value(['https://gitlab.com']).for(:links_to_spam) }
    it { is_expected.to allow_value(['http://localhost:9000']).for(:links_to_spam) }

    it { is_expected.not_to allow_value(['spam']).for(:links_to_spam) }
    it { is_expected.not_to allow_value(['http://localhost:9000', 'spam']).for(:links_to_spam) }

    it { is_expected.to allow_value(['https://gitlab.com'] * 20).for(:links_to_spam) }
    it { is_expected.not_to allow_value(['https://gitlab.com'] * 21).for(:links_to_spam) }

    it {
      is_expected.to allow_value([
        "https://gitlab.com/#{SecureRandom.alphanumeric(493)}"
      ]).for(:links_to_spam)
    }

    it {
      is_expected.not_to allow_value([
        "https://gitlab.com/#{SecureRandom.alphanumeric(494)}"
      ]).for(:links_to_spam)
    }
  end

  describe 'before_validation' do
    context 'when links to spam contains empty strings' do
      let(:report) { create(:abuse_report, links_to_spam: ['', 'https://gitlab.com']) }

      it 'removes empty strings' do
        expect(report.links_to_spam).to match_array(['https://gitlab.com'])
      end
    end
  end

  describe '#remove_user' do
    it 'blocks the user' do
      expect { subject.remove_user(deleted_by: user) }.to change { subject.user.blocked? }.to(true)
    end

    it 'lets a worker delete the user' do
      expect(DeleteUserWorker).to receive(:perform_async).with(user.id, subject.user.id, { hard_delete: true })

      subject.remove_user(deleted_by: user)
    end
  end

  describe '#notify' do
    it 'delivers' do
      expect(AbuseReportMailer).to receive(:notify).with(subject.id)
        .and_return(spy)

      subject.notify
    end

    it 'returns early when not persisted' do
      report = build(:abuse_report)

      expect(AbuseReportMailer).not_to receive(:notify)

      report.notify
    end
  end

  describe 'enums' do
    let(:categories) do
      {
        spam: 1,
        offensive: 2,
        phishing: 3,
        crypto: 4,
        credentials: 5,
        copyright: 6,
        malware: 7,
        other: 8
      }
    end

    it { is_expected.to define_enum_for(:category).with_values(**categories) }
  end
end
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`# frozen_string_literal: true`

New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`require 'spec_helper'`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30
New upstream version 15.8.4+ds1 2023-03-17 16:20:25 +05:30			`RSpec.describe AbuseReport, feature_category: :insider_threat do`
New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			`let_it_be(:report, reload: true) { create(:abuse_report) }`
			`let_it_be(:user, reload: true) { create(:admin) }`
New upstream version 14.1.7+ds1 2021-09-30 23:02:18 +05:30
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`subject { report }`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30
			`it { expect(subject).to be_valid }`
Imported Upstream version 8.1.0 2015-10-24 18:46:33 +05:30
			`describe 'associations' do`
			`it { is_expected.to belong_to(:reporter).class_name('User') }`
			`it { is_expected.to belong_to(:user) }`
New upstream version 8.13.3+dfsg1 2016-11-03 12:29:30 +05:30
			`it "aliases reporter to author" do`
			`expect(subject.author).to be(subject.reporter)`
			`end`
Imported Upstream version 8.1.0 2015-10-24 18:46:33 +05:30			`end`

			`describe 'validations' do`
New upstream version 15.8.4+ds1 2023-03-17 16:20:25 +05:30			`let(:http) { 'http://gitlab.com' }`
			`let(:https) { 'https://gitlab.com' }`
			`let(:ftp) { 'ftp://example.com' }`
			`let(:javascript) { 'javascript:alert(window.opener.document.location)' }`

Imported Upstream version 8.1.0 2015-10-24 18:46:33 +05:30			`it { is_expected.to validate_presence_of(:reporter) }`
			`it { is_expected.to validate_presence_of(:user) }`
			`it { is_expected.to validate_presence_of(:message) }`
New upstream version 15.8.4+ds1 2023-03-17 16:20:25 +05:30			`it { is_expected.to validate_presence_of(:category) }`

			`it do`
			`is_expected.to validate_uniqueness_of(:user_id)`
			`.scoped_to([:reporter_id, :category])`
			`.with_message('You have already reported this user')`
			`end`

			`it { is_expected.to validate_length_of(:reported_from_url).is_at_most(512).allow_blank }`
			`it { is_expected.to allow_value(http).for(:reported_from_url) }`
			`it { is_expected.to allow_value(https).for(:reported_from_url) }`
			`it { is_expected.not_to allow_value(ftp).for(:reported_from_url) }`
			`it { is_expected.not_to allow_value(javascript).for(:reported_from_url) }`
			`it { is_expected.to allow_value('http://localhost:9000').for(:reported_from_url) }`
			`it { is_expected.to allow_value('https://gitlab.com').for(:reported_from_url) }`
New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30
			`it { is_expected.to allow_value([]).for(:links_to_spam) }`
			`it { is_expected.to allow_value(nil).for(:links_to_spam) }`
			`it { is_expected.to allow_value('').for(:links_to_spam) }`

			`it { is_expected.to allow_value(['https://gitlab.com']).for(:links_to_spam) }`
			`it { is_expected.to allow_value(['http://localhost:9000']).for(:links_to_spam) }`

			`it { is_expected.not_to allow_value(['spam']).for(:links_to_spam) }`
			`it { is_expected.not_to allow_value(['http://localhost:9000', 'spam']).for(:links_to_spam) }`

			`it { is_expected.to allow_value(['https://gitlab.com'] * 20).for(:links_to_spam) }`
			`it { is_expected.not_to allow_value(['https://gitlab.com'] * 21).for(:links_to_spam) }`

			`it {`
			`is_expected.to allow_value([`
			`"https://gitlab.com/#{SecureRandom.alphanumeric(493)}"`
			`]).for(:links_to_spam)`
			`}`

			`it {`
			`is_expected.not_to allow_value([`
			`"https://gitlab.com/#{SecureRandom.alphanumeric(494)}"`
			`]).for(:links_to_spam)`
			`}`
			`end`

			`describe 'before_validation' do`
			`context 'when links to spam contains empty strings' do`
			`let(:report) { create(:abuse_report, links_to_spam: ['', 'https://gitlab.com']) }`

			`it 'removes empty strings' do`
			`expect(report.links_to_spam).to match_array(['https://gitlab.com'])`
			`end`
			`end`
Imported Upstream version 8.1.0 2015-10-24 18:46:33 +05:30			`end`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30
			`describe '#remove_user' do`
			`it 'blocks the user' do`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`expect { subject.remove_user(deleted_by: user) }.to change { subject.user.blocked? }.to(true)`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30			`end`

Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`it 'lets a worker delete the user' do`
New upstream version 15.0.4+ds1 2022-07-16 23:28:13 +05:30			`expect(DeleteUserWorker).to receive(:perform_async).with(user.id, subject.user.id, { hard_delete: true })`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`subject.remove_user(deleted_by: user)`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30			`end`
			`end`

			`describe '#notify' do`
			`it 'delivers' do`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`expect(AbuseReportMailer).to receive(:notify).with(subject.id)`
			`.and_return(spy)`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30
			`subject.notify`
			`end`

			`it 'returns early when not persisted' do`
			`report = build(:abuse_report)`

			`expect(AbuseReportMailer).not_to receive(:notify)`

			`report.notify`
			`end`
			`end`
New upstream version 15.8.4+ds1 2023-03-17 16:20:25 +05:30
			`describe 'enums' do`
			`let(:categories) do`
			`{`
			`spam: 1,`
			`offensive: 2,`
			`phishing: 3,`
			`crypto: 4,`
			`credentials: 5,`
			`copyright: 6,`
			`malware: 7,`
			`other: 8`
			`}`
			`end`

			`it { is_expected.to define_enum_for(:category).with_values(**categories) }`
			`end`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`end`