jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
4e2fd82ef6f2907afd7954f9d8ca6381046d2c34
danbooru/test/functional/emails_controller_test.rb
evazion b7bd6c8fdd users: require email verification for signups from proxies. 
Require users who signup using proxies to verify their email addresses
before they can perform any edits. For verification purposes, the email
must be a nondisposable address from a whitelist of trusted email
providers.
2020-03-24 17:25:35 -05:00

115 lines
4.0 KiB
Ruby
Raw Blame History

require "test_helper"
class EmailsControllerTest < ActionDispatch::IntegrationTest
include UsersHelper
context "in all cases" do
setup do
@user = create(:user, email_address: build(:email_address, { address: "bob@ogres.net", is_verified: false }))
@other_user = create(:user, email_address: build(:email_address, { address: "alice@ogres.net", is_verified: false }))
end
context "#show" do
should "render" do
get_auth user_email_path(@user), @user, as: :json
assert_response :success
end
should "not show email addresses to other users" do
get_auth user_email_path(@user), @other_user, as: :json
assert_response 403
end
end
context "#edit" do
should "render" do
get_auth edit_user_email_path(@user), @user
assert_response :success
end
end
context "#update" do
context "with the correct password" do
should "update an existing address" do
assert_difference("EmailAddress.count", 0) do
put_auth user_email_path(@user), @user, params: { user: { password: "password", email: "abc@ogres.net" }}
end
assert_redirected_to(settings_path)
assert_equal("abc@ogres.net", @user.reload.email_address.address)
assert_equal(false, @user.email_address.is_verified)
assert_enqueued_email_with UserMailer, :email_change_confirmation, args: [@user]
end
should "create a new address" do
@user.email_address.destroy
assert_difference("EmailAddress.count", 1) do
put_auth user_email_path(@user), @user, params: { user: { password: "password", email: "abc@ogres.net" }}
end
assert_redirected_to(settings_path)
assert_equal("abc@ogres.net", @user.reload.email_address.address)
assert_equal(false, @user.reload.email_address.is_verified)
assert_enqueued_email_with UserMailer, :email_change_confirmation, args: [@user]
end
end
context "with the incorrect password" do
should "not work" do
put_auth user_email_path(@user), @user, params: { user: { password: "passwordx", email: "abc@ogres.net" }}
assert_response :success
assert_equal("bob@ogres.net", @user.reload.email_address.address)
assert_no_emails
end
end
end
context "#verify" do
context "with a correct verification key" do
should "mark the email address as verified" do
assert_equal(false, @user.reload.email_address.is_verified)
get email_verification_url(@user)
assert_redirected_to @user
assert_equal(true, @user.reload.email_address.is_verified)
end
end
context "with an incorrect verification key" do
should "not mark the email address as verified" do
get verify_user_email_path(@user, email_verification_key: @other_user.email_address.verification_key)
assert_response 403
assert_equal(false, @user.reload.email_address.is_verified)
end
end
context "with a nondisposable email address" do
should "mark the user as verified" do
Danbooru.config.stubs(:email_domain_verification_list).returns(["gmail.com"])
@user.email_address.update!(address: "test@gmail.com")
get email_verification_url(@user)
assert_redirected_to @user
assert_equal(true, @user.reload.email_address.is_verified)
assert_equal(true, @user.is_verified)
end
end
context "with a disposable email address" do
should "not mark the user as verified" do
Danbooru.config.stubs(:email_domain_verification_list).returns([])
@user.email_address.update!(address: "test@mailinator.com")
get email_verification_url(@user)
assert_redirected_to @user
assert_equal(true, @user.reload.email_address.is_verified)
assert_equal(false, @user.is_verified)
end
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink