jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
80faee67db2de33e6e62e2b7fc942ecc5ec85cde
danbooru/test/unit/user_deletion_test.rb
evazion 6f61abc6a7 users: don't log mod action for user deletions. 
Don't log a mod action when a user deletes their own account. This isn't a moderator action, so it
doesn't belong here. Account deletions are still logged on the /user_events page (visible to mods only).

A mod action is still logged when the Owner-level user deletes someone else's account.
2022-11-10 14:30:23 -06:00

176 lines
6.0 KiB
Ruby
Raw Blame History

require 'test_helper'
class UserDeletionTest < ActiveSupport::TestCase
setup do
@request = mock
@request.stubs(:remote_ip).returns("1.1.1.1")
@request.stubs(:user_agent).returns("Firefox")
@request.stubs(:session).returns(session_id: "1234")
@request.stubs(:query_parameters).returns({})
@request.stubs(:delete).with(:user_id).returns(nil)
@request.stubs(:delete).with(:last_authenticatd_at).returns(nil)
end
context "an invalid user deletion" do
context "for an invalid password" do
should "fail" do
@user = create(:user)
@deletion = UserDeletion.new(user: @user, password: "wrongpassword", request: @request)
@deletion.delete!
assert_includes(@deletion.errors[:base], "Password is incorrect")
assert_equal(false, @user.reload.is_deleted)
end
end
context "for an admin" do
should "fail" do
@user = create(:admin_user)
@deletion = UserDeletion.new(user: @user, password: "password", request: @request)
@deletion.delete!
assert_includes(@deletion.errors[:base], "Admins cannot delete their account")
assert_equal(false, @user.reload.is_deleted)
end
end
context "for a banned user" do
should "fail" do
@user = create(:banned_user)
@deletion = UserDeletion.new(user: @user, password: "password", request: @request)
@deletion.delete!
assert_includes(@deletion.errors[:base], "You cannot delete your account if you are banned")
assert_equal(false, @user.reload.is_deleted)
end
end
end
context "a valid user deletion" do
setup do
@user = create(:gold_user, name: "foo", email_address: build(:email_address))
@api_key = create(:api_key, user: @user)
@favorite = create(:favorite, user: @user)
@forum_topic_visit = as(@user) { create(:forum_topic_visit, user: @user) }
@saved_search = create(:saved_search, user: @user)
@public_favgroup = create(:favorite_group, creator: @user, is_public: true)
@private_favgroup = create(:favorite_group, creator: @user, is_public: false)
@post_downvote = create(:post_vote, score: -1)
@post_upvote = create(:post_vote, score: 1)
@deletion = UserDeletion.new(user: @user, password: "password", request: @request)
end
should "blank out the email" do
perform_enqueued_jobs { @deletion.delete! }
assert_nil(@user.reload.email_address)
end
should "rename the user" do
@deletion.delete!
assert_equal("user_#{@user.id}", @user.reload.name)
end
should "mark the user as deleted" do
@deletion.delete!
assert_equal(true, @user.reload.is_deleted)
end
should "generate a user name change request" do
@deletion.delete!
assert_equal(1, @user.user_name_change_requests.count)
assert_equal("foo", @user.user_name_change_requests.last.original_name)
assert_equal("user_#{@user.id}", @user.user_name_change_requests.last.desired_name)
end
should "reset the password" do
@deletion.delete!
assert_equal(false, @user.authenticate_password("password"))
end
should "not generate a modaction" do
@deletion.delete!
assert_equal(0, ModAction.user_delete.count)
end
should "remove the user's favorites if they have private favorites" do
@user.update!(enable_private_favorites: true)
perform_enqueued_jobs { @deletion.delete! }
assert_equal(0, @user.favorites.count)
assert_equal(0, @user.reload.favorite_count)
end
should "not remove the user's favorites if they have public favorites" do
perform_enqueued_jobs { @deletion.delete! }
assert_equal(1, @user.favorites.count)
assert_equal(1, @user.favorite_count)
end
should "remove the user's API keys" do
perform_enqueued_jobs { @deletion.delete! }
assert_equal(0, @user.api_keys.count)
end
should "remove the user's forum topic visits" do
perform_enqueued_jobs { @deletion.delete! }
assert_equal(0, @user.forum_topic_visits.count)
end
should "remove the user's saved searches" do
perform_enqueued_jobs { @deletion.delete! }
assert_equal(0, @user.saved_searches.count)
end
should "remove the user's private favgroups but not their public favgroups" do
perform_enqueued_jobs { @deletion.delete! }
assert_equal(0, @user.favorite_groups.is_private.count)
assert_equal(1, @user.favorite_groups.is_public.count)
assert_not_nil(@public_favgroup.reload)
end
should "only remove the user's downvotes if the don't have private votes enabled" do
perform_enqueued_jobs { @deletion.delete! }
assert_equal(0, @user.post_votes.active.negative.count)
assert_equal(1, @user.post_votes.active.positive.count)
end
should "remove both the user's upvotes and downvotes if they have private votes enabled" do
@user.update!(enable_private_favorites: true)
perform_enqueued_jobs { @deletion.delete! }
assert_equal(0, @user.post_votes.active.negative.count)
assert_equal(0, @user.post_votes.active.positive.count)
end
end
context "deleting another user's account" do
should "work for the owner-level user" do
@user = create(:user)
@deletion = UserDeletion.new(user: @user, deleter: create(:owner_user))
@deletion.delete!
assert_equal("user_#{@user.id}", @user.reload.name)
assert_equal(true, @user.is_deleted)
assert_equal("deleted user ##{@user.id}", ModAction.last.description)
assert_equal(@deletion.deleter, ModAction.last.creator)
assert_equal(@user, ModAction.last.subject)
assert_equal(false, ModAction.user_name_change.exists?)
assert_equal(1, ModAction.count)
end
should "not work for other users" do
@user = create(:user)
@deletion = UserDeletion.new(user: @user, deleter: create(:admin_user))
@deletion.delete!
assert_not_equal("user_#{@user.id}", @user.reload.name)
assert_equal(false, @user.is_deleted)
assert_equal(0, ModAction.count)
end
end
end
Reference in New Issue View Git Blame Copy Permalink