e79910431f
Reject email addresses that known to be undeliverable during signup. Some users signup with invalid email addresses, which causes the welcome email (which contains the email confirmation link) to bounce. Too many bounces hurt our ability to send mail. We check that an email address is undeliverable by checking if the domain has a mail server and if the server returns an invalid address error when attempting to send mail. This isn't foolproof since some servers don't return an error if the address doesn't exist. If the checks fail we know the address is bad, but if the checks pass that doesn't guarantee the address is good. However, this is still good enough to filter out bad addresses for popular providers like Gmail and Microsoft that do return nonexistent address errors. The address existence check requires being able to connect to mail servers over port 25. This may fail if your network blocks port 25, which many home ISPs and hosting providers do by default.
215 lines
6.5 KiB
Ruby
215 lines
6.5 KiB
Ruby
require 'test_helper'
|
|
|
|
class UsersControllerTest < ActionDispatch::IntegrationTest
|
|
context "The users controller" do
|
|
setup do
|
|
@user = create(:user)
|
|
end
|
|
|
|
context "index action" do
|
|
should "list all users" do
|
|
get users_path
|
|
assert_response :success
|
|
end
|
|
|
|
should "list all users for /users?name=<name>" do
|
|
get users_path, params: { name: @user.name }
|
|
assert_redirected_to(@user)
|
|
end
|
|
|
|
should "raise error for /users?name=<nonexistent>" do
|
|
get users_path, params: { name: "nobody" }
|
|
assert_response 404
|
|
end
|
|
|
|
should "list all users (with search)" do
|
|
get users_path, params: {:search => {:name_matches => @user.name}}
|
|
assert_response :success
|
|
end
|
|
|
|
should "list all users (with blank search parameters)" do
|
|
get users_path, params: { search: { inviter: { name_matches: "" }, level: "", name: "test" } }
|
|
assert_redirected_to users_path(search: { name: "test" })
|
|
end
|
|
end
|
|
|
|
context "show action" do
|
|
setup do
|
|
# flesh out profile to get more test coverage of user presenter.
|
|
@user = create(:banned_user, can_approve_posts: true, created_at: 2.weeks.ago)
|
|
as_user do
|
|
create(:saved_search, user: @user)
|
|
create(:post, uploader: @user, tag_string: "fav:#{@user.name}")
|
|
end
|
|
end
|
|
|
|
should "render" do
|
|
get user_path(@user)
|
|
assert_response :success
|
|
end
|
|
|
|
should "show hidden attributes to the owner" do
|
|
get_auth user_path(@user), @user, params: {format: :json}
|
|
json = JSON.parse(response.body)
|
|
|
|
assert_response :success
|
|
assert_not_nil(json["last_logged_in_at"])
|
|
end
|
|
|
|
should "not show hidden attributes to others" do
|
|
@another = create(:user)
|
|
|
|
get_auth user_path(@another), @user, params: {format: :json}
|
|
json = JSON.parse(response.body)
|
|
|
|
assert_response :success
|
|
assert_nil(json["last_logged_in_at"])
|
|
end
|
|
|
|
should "strip '?' from attributes" do
|
|
get_auth user_path(@user), @user, params: {format: :xml}
|
|
xml = Hash.from_xml(response.body)
|
|
|
|
assert_response :success
|
|
assert_equal(false, xml["user"]["enable_safe_mode"])
|
|
end
|
|
end
|
|
|
|
context "profile action" do
|
|
should "render the current user's profile" do
|
|
get_auth profile_path, @user
|
|
|
|
assert_response :success
|
|
assert_select "#page h1", @user.name
|
|
end
|
|
|
|
should "render the current users's profile in json" do
|
|
get_auth profile_path, @user, as: :json
|
|
assert_response :success
|
|
|
|
assert_equal(@user.comment_count, response.parsed_body["comment_count"])
|
|
end
|
|
|
|
should "redirect anonymous users to the sign in page" do
|
|
get profile_path
|
|
assert_redirected_to login_path(url: "/profile")
|
|
end
|
|
|
|
should "return 404 for anonymous api calls" do
|
|
get profile_path(format: :json)
|
|
assert_response 404
|
|
end
|
|
end
|
|
|
|
context "new action" do
|
|
setup do
|
|
Danbooru.config.stubs(:enable_recaptcha?).returns(false)
|
|
end
|
|
|
|
should "render" do
|
|
get new_user_path
|
|
assert_response :success
|
|
end
|
|
end
|
|
|
|
context "create action" do
|
|
should "create a user" do
|
|
post users_path, params: { user: { name: "xxx", password: "xxxxx1", password_confirmation: "xxxxx1" }}
|
|
|
|
assert_redirected_to User.last
|
|
assert_equal("xxx", User.last.name)
|
|
assert_equal(nil, User.last.email_address)
|
|
assert_no_emails
|
|
end
|
|
|
|
should "create a user with a valid email" do
|
|
post users_path, params: { user: { name: "xxx", password: "xxxxx1", password_confirmation: "xxxxx1", email: "webmaster@danbooru.donmai.us" }}
|
|
|
|
assert_redirected_to User.last
|
|
assert_equal("xxx", User.last.name)
|
|
assert_equal("webmaster@danbooru.donmai.us", User.last.email_address.address)
|
|
assert_enqueued_email_with UserMailer, :welcome_user, args: [User.last]
|
|
end
|
|
|
|
should "not create a user with an invalid email" do
|
|
assert_no_difference(["User.count", "EmailAddress.count"]) do
|
|
post users_path, params: { user: { name: "xxx", password: "xxxxx1", password_confirmation: "xxxxx1", email: "test" }}
|
|
|
|
assert_response :success
|
|
assert_no_emails
|
|
end
|
|
end
|
|
|
|
should "not create a user with an undeliverable email address" do
|
|
assert_no_difference(["User.count", "EmailAddress.count"]) do
|
|
post users_path, params: { user: { name: "xxx", password: "xxxxx1", password_confirmation: "xxxxx1", email: "nobody@nothing.donmai.us" } }
|
|
|
|
assert_response :success
|
|
assert_no_emails
|
|
end
|
|
end
|
|
|
|
context "with sockpuppet validation enabled" do
|
|
setup do
|
|
Danbooru.config.unstub(:enable_sock_puppet_validation?)
|
|
@user.update(last_ip_addr: "127.0.0.1")
|
|
end
|
|
|
|
should "not allow registering multiple accounts with the same IP" do
|
|
assert_difference("User.count", 0) do
|
|
post users_path, params: {:user => {:name => "dupe", :password => "xxxxx1", :password_confirmation => "xxxxx1"}}
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
context "edit action" do
|
|
should "render" do
|
|
get_auth edit_user_path(@user), @user
|
|
assert_response :success
|
|
end
|
|
end
|
|
|
|
context "settings action" do
|
|
should "render" do
|
|
get_auth settings_path, @user
|
|
|
|
assert_response :success
|
|
assert_select "#page h1", "Settings"
|
|
end
|
|
|
|
should "redirect anonymous users to the sign in page" do
|
|
get settings_path
|
|
assert_redirected_to login_path(url: "/settings")
|
|
end
|
|
end
|
|
|
|
context "update action" do
|
|
should "update a user" do
|
|
put_auth user_path(@user), @user, params: {:user => {:favorite_tags => "xyz"}}
|
|
@user.reload
|
|
assert_equal("xyz", @user.favorite_tags)
|
|
end
|
|
|
|
context "changing the level" do
|
|
should "not work" do
|
|
@cuser = create(:user)
|
|
put_auth user_path(@user), @cuser, params: {:user => {:level => 40}}
|
|
|
|
assert_response 403
|
|
assert_equal(20, @user.reload.level)
|
|
end
|
|
end
|
|
|
|
context "for a banned user" do
|
|
should "allow the user to edit their settings" do
|
|
@user = create(:banned_user)
|
|
put_auth user_path(@user), @user, params: {:user => {:favorite_tags => "xyz"}}
|
|
|
|
assert_equal("xyz", @user.reload.favorite_tags)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|