openproject/spec/features/users/create_spec.rb

#-- copyright
# OpenProject is an open source project management software.
# Copyright (C) 2012-2021 the OpenProject GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
#
# See docs/COPYRIGHT.rdoc for more details.
#++

require 'spec_helper'

describe 'create users', type: :feature, selenium: true do
  using_shared_fixtures :admin
  let(:current_user) { admin }
  let!(:auth_source) { FactoryBot.create :dummy_auth_source }
  let(:new_user_page) { Pages::NewUser.new }
  let(:mail) do
    ActionMailer::Base.deliveries.last
  end
  let(:mail_body) { mail.body.parts.first.body.to_s }
  let(:token) { mail_body.scan(/token=(.*)$/).first.first.strip }

  before do
    allow(User).to receive(:current).and_return current_user
  end

  shared_examples_for 'successful user creation' do
    it 'creates the user' do
      expect(page).to have_selector('.flash', text: 'Successful creation.')

      new_user = User.order(Arel.sql('id DESC')).first

      expect(current_path).to eql(edit_user_path(new_user.id))
    end

    it 'sends out an activation email' do
      expect(mail_body).to include 'activate your account'
      expect(token).not_to be_nil
    end
  end

  context 'with internal authentication' do
    before do
      visit new_user_path

      new_user_page.fill_in! first_name: 'bobfirst',
                             last_name: 'boblast',
                             email: 'bob@mail.com'

      perform_enqueued_jobs do
        new_user_page.submit!
      end
    end

    it_behaves_like 'successful user creation' do
      describe 'activation' do
        before do
          allow(User).to receive(:current).and_call_original

          visit "/account/activate?token=#{token}"
        end

        it 'shows the registration form' do
          expect(page).to have_text 'Create a new account'
        end

        it 'registers the user upon submission' do
          fill_in 'user_password', with: 'foobarbaz1'
          fill_in 'user_password_confirmation', with: 'foobarbaz1'

          click_button 'Create'

          # landed on the 'my page'
          expect(page).to have_text 'Welcome, your account has been activated. You are logged in now.'
          expect(page).to have_link 'bobfirst boblast'
        end
      end
    end
  end

  context 'with external authentication', js: true do
    before do
      new_user_page.visit!

      new_user_page.fill_in! first_name: 'bobfirst',
                             last_name: 'boblast',
                             email: 'bob@mail.com',
                             login: 'bob',
                             auth_source: auth_source.name


      perform_enqueued_jobs do
        new_user_page.submit!
      end
    end

    after do
      # Clear session to avoid that the onboarding tour starts
      page.execute_script("window.sessionStorage.clear();")
    end

    it_behaves_like 'successful user creation' do
      describe 'activation', js: true do
        before do
          allow(User).to receive(:current).and_call_original

          visit "/account/activate?token=#{token}"
        end

        it 'shows the login form prompting the user to login' do
          expect(page).to have_text 'Please login as bob to activate your account.'
        end

        it 'registers the user upon submission' do
          # login is already filled with 'bob'
          fill_in 'password', with: 'dummy' # accepted by DummyAuthSource

          click_button 'Sign in'

          expect(page).to have_text 'OpenProject'
          expect(current_path).to eq '/'
          expect(page).to have_link 'bobfirst boblast'
        end
      end
    end
  end

  context 'as global user' do
    using_shared_fixtures :global_add_user
    let(:current_user) { global_add_user }

    context 'with internal authentication' do
      before do
        visit new_user_path

        new_user_page.fill_in! first_name: 'bobfirst',
                               last_name: 'boblast',
                               email: 'bob@mail.com'

        perform_enqueued_jobs do
          new_user_page.submit!
        end
      end

      it_behaves_like 'successful user creation' do
        describe 'activation' do
          before do
            allow(User).to receive(:current).and_call_original

            visit "/account/activate?token=#{token}"
          end

          it 'shows the registration form' do
            expect(page).to have_text 'Create a new account'
          end

          it 'registers the user upon submission' do
            fill_in 'user_password', with: 'foobarbaz1'
            fill_in 'user_password_confirmation', with: 'foobarbaz1'

            click_button 'Create'

            # landed on the 'my page'
            expect(page).to have_text 'Welcome, your account has been activated. You are logged in now.'
            expect(page).to have_link 'bobfirst boblast'
          end
        end
      end
    end
  end
end
disable required fields when making them invisible 9 years ago			`#-- copyright`
Update copyright notice 5 years ago			`# OpenProject is an open source project management software.`
update copyright to 2021 (#8925) Updates the copyright to 2021 for all files that have a copyright. Files in our source code without the copyright header still do not receive one automatically. Additionally, backlisted files are also excluded. Previously the copyright of chiliproject which references redmine stated a copyright of redmine up to and including 2017 which is not true for the code we have in here. Because of that I changed that to 2013 4 years ago			`# Copyright (C) 2012-2021 the OpenProject GmbH`
disable required fields when making them invisible 9 years ago			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of the GNU General Public License version 3.`
			`#`
			`# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:`
update copyright to 2021 (#8925) Updates the copyright to 2021 for all files that have a copyright. Files in our source code without the copyright header still do not receive one automatically. Additionally, backlisted files are also excluded. Previously the copyright of chiliproject which references redmine stated a copyright of redmine up to and including 2017 which is not true for the code we have in here. Because of that I changed that to 2013 4 years ago			`# Copyright (C) 2006-2013 Jean-Philippe Lang`
disable required fields when making them invisible 9 years ago			`# Copyright (C) 2010-2013 the ChiliProject Team`
			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of the GNU General Public License`
			`# as published by the Free Software Foundation; either version 2`
			`# of the License, or (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program; if not, write to the Free Software`
			`# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.`
			`#`
Bump copyright to 2018 (#6171) [ci skip] 7 years ago			`# See docs/COPYRIGHT.rdoc for more details.`
disable required fields when making them invisible 9 years ago			`#++`

			`require 'spec_helper'`

Use selenium driver for some specs 9 years ago			`describe 'create users', type: :feature, selenium: true do`
Use AnyFixtures to generate fixtures from factories (#7230) Uses FactoryBot to keep and maintain specific records in a special transaction that does not get removed after each spec. They automatically are created whenever first hitting them. This makes an excellent time saver for items that are commonly used, such as an admin user account 5 years ago			`using_shared_fixtures :admin`
			`let(:current_user) { admin }`
attempt to fix flickering spec 4 years ago			`let!(:auth_source) { FactoryBot.create :dummy_auth_source }`
use page object for everything; clarified name 9 years ago			`let(:new_user_page) { Pages::NewUser.new }`
attempt to fix flickering spec 4 years ago			`let(:mail) do`
			`ActionMailer::Base.deliveries.last`
			`end`
			`let(:mail_body) { mail.body.parts.first.body.to_s }`
			`let(:token) { mail_body.scan(/token=(.*)$/).first.first.strip }`
disable required fields when making them invisible 9 years ago
			`before do`
[35507] Allow global permission to add and edit users (#8937) * Add global permission for add_user * Rename fieldset for global roles to "Global" * Add permission to admin actions * Add index action to add_user permission * Redirect to first admin item if only one * Hide status action for non admins * Break down user form into partials for easier rendering * Disable some user form tabs for non-admins * Make users API and services conformant with endpoints * Fix references to DeleteService#deletion_allowed? * Authorize add_user on show as well * Only show invite user toolbar item with permission * Fix Delete Service spec * Fix the way user prefs are handled in service * Ensure session_id is treated as string This causes a cast error otherwise as it passes rack session locally * Fix service call on onboarding controller * Fix service call on users controller * Add delete spec for global user * Hide login attribute again when adding a new user * Render auth source correctly in simple form * Fix creating invited users through service The invitation requires the mail attribute to be present. Previously, there was a manual error added to the mail. As the errors are now determined by the contract + model, we now end up with all missing properties as errors. * Properly constraint attributes for non-admins * Add specs for global user * Start working on how to update password from UsersController that code is a mess... * Change permitted_params spec to include non-admin params * Fix create user service spec * Remove mail_notification param from users controller It's not part of the contract/params passed to user * Remove todos * Extend docs * Correct the way backlogs patches into the user settings * Remove superfluous UpdateUserService * Rewrite duplicated update service examples into common shared example * Remove duplicate password writable check * Base Users::DeleteContract on base delete contract * Move checks for active users into the UserAllowedService * Restore password writable check as it is not an attribute * Fix menus for global user * Allow global users to add custom fields * Allow global user add permission to reinvite user * Fix changed var name in update service spec * Ensure also invited or registered users can be authroized This ensure that e.g., invited users can also be set as watchers * fix typo Co-authored-by: ulferts <jens.ulferts@googlemail.com> 4 years ago			`allow(User).to receive(:current).and_return current_user`
disable required fields when making them invisible 9 years ago			`end`

			`shared_examples_for 'successful user creation' do`
			`it 'creates the user' do`
Fix capybara selector 8 years ago			`expect(page).to have_selector('.flash', text: 'Successful creation.')`
disable required fields when making them invisible 9 years ago
Enforce Arel.sql for string order, pluck 6 years ago			`new_user = User.order(Arel.sql('id DESC')).first`
disable required fields when making them invisible 9 years ago
			`expect(current_path).to eql(edit_user_path(new_user.id))`
			`end`
feature spec for user creation and activation 9 years ago
			`it 'sends out an activation email' do`
			`expect(mail_body).to include 'activate your account'`
			`expect(token).not_to be_nil`
			`end`
disable required fields when making them invisible 9 years ago			`end`

			`context 'with internal authentication' do`
			`before do`
			`visit new_user_path`

fixed typos, force js 9 years ago			`new_user_page.fill_in! first_name: 'bobfirst',`
use page object for everything; clarified name 9 years ago			`last_name: 'boblast',`
			`email: 'bob@mail.com'`
disable required fields when making them invisible 9 years ago
ensure all enqueued jobs are run 4 years ago			`perform_enqueued_jobs do`
			`new_user_page.submit!`
			`end`
disable required fields when making them invisible 9 years ago			`end`

feature spec for user creation and activation 9 years ago			`it_behaves_like 'successful user creation' do`
			`describe 'activation' do`
			`before do`
			`allow(User).to receive(:current).and_call_original`

			`visit "/account/activate?token=#{token}"`
			`end`

			`it 'shows the registration form' do`
			`expect(page).to have_text 'Create a new account'`
			`end`

			`it 'registers the user upon submission' do`
			`fill_in 'user_password', with: 'foobarbaz1'`
			`fill_in 'user_password_confirmation', with: 'foobarbaz1'`

Add account/register page again && fix tests 8 years ago			`click_button 'Create'`
feature spec for user creation and activation 9 years ago
			`# landed on the 'my page'`
Adjust create spec to expect the re-structured content 9 years ago			`expect(page).to have_text 'Welcome, your account has been activated. You are logged in now.'`
[23145] Restyle right elements in main header (#4441) * Change top menu elements on the right side * Include review feedback and fix specs 9 years ago			`expect(page).to have_link 'bobfirst boblast'`
feature spec for user creation and activation 9 years ago			`end`
			`end`
			`end`
disable required fields when making them invisible 9 years ago			`end`

			`context 'with external authentication', js: true do`
			`before do`
use page object for everything; clarified name 9 years ago			`new_user_page.visit!`
Add text highlights, make skip button less prominent, disable scroll behavior && fix some tests 6 years ago
use page object for everything; clarified name 9 years ago			`new_user_page.fill_in! first_name: 'bobfirst',`
			`last_name: 'boblast',`
			`email: 'bob@mail.com',`
			`login: 'bob',`
			`auth_source: auth_source.name`
disable required fields when making them invisible 9 years ago
Add text highlights, make skip button less prominent, disable scroll behavior && fix some tests 6 years ago
ensure all enqueued jobs are run 4 years ago			`perform_enqueued_jobs do`
			`new_user_page.submit!`
			`end`
disable required fields when making them invisible 9 years ago			`end`

Add text highlights, make skip button less prominent, disable scroll behavior && fix some tests 6 years ago			`after do`
			`# Clear session to avoid that the onboarding tour starts`
			`page.execute_script("window.sessionStorage.clear();")`
			`end`

feature spec for user creation and activation 9 years ago			`it_behaves_like 'successful user creation' do`
fixed typos, force js 9 years ago			`describe 'activation', js: true do`
feature spec for user creation and activation 9 years ago			`before do`
			`allow(User).to receive(:current).and_call_original`

			`visit "/account/activate?token=#{token}"`
			`end`

			`it 'shows the login form prompting the user to login' do`
			`expect(page).to have_text 'Please login as bob to activate your account.'`
			`end`

			`it 'registers the user upon submission' do`
			`# login is already filled with 'bob'`
			`fill_in 'password', with: 'dummy' # accepted by DummyAuthSource`

			`click_button 'Sign in'`

[22987] [Onboarding] Getting started video screen (2) (#4464) * enable foundation.js * built foundation-apps.js using webpack * Add onboarding modal on button click * Fix specs and little bugs * Add show behavior for modal * Pass template data from Rails to zf-modal * Add closing cross and fix style bugs * Re-add onboarding menu * Change ID to class * Fix styling and avatar problems * Fix broken specs caused by foundation && improve implementation * Require openproject-global.css and fix tests 9 years ago			`expect(page).to have_text 'OpenProject'`
			`expect(current_path).to eq '/'`
[23145] Restyle right elements in main header (#4441) * Change top menu elements on the right side * Include review feedback and fix specs 9 years ago			`expect(page).to have_link 'bobfirst boblast'`
feature spec for user creation and activation 9 years ago			`end`
			`end`
			`end`
disable required fields when making them invisible 9 years ago			`end`
[35507] Allow global permission to add and edit users (#8937) * Add global permission for add_user * Rename fieldset for global roles to "Global" * Add permission to admin actions * Add index action to add_user permission * Redirect to first admin item if only one * Hide status action for non admins * Break down user form into partials for easier rendering * Disable some user form tabs for non-admins * Make users API and services conformant with endpoints * Fix references to DeleteService#deletion_allowed? * Authorize add_user on show as well * Only show invite user toolbar item with permission * Fix Delete Service spec * Fix the way user prefs are handled in service * Ensure session_id is treated as string This causes a cast error otherwise as it passes rack session locally * Fix service call on onboarding controller * Fix service call on users controller * Add delete spec for global user * Hide login attribute again when adding a new user * Render auth source correctly in simple form * Fix creating invited users through service The invitation requires the mail attribute to be present. Previously, there was a manual error added to the mail. As the errors are now determined by the contract + model, we now end up with all missing properties as errors. * Properly constraint attributes for non-admins * Add specs for global user * Start working on how to update password from UsersController that code is a mess... * Change permitted_params spec to include non-admin params * Fix create user service spec * Remove mail_notification param from users controller It's not part of the contract/params passed to user * Remove todos * Extend docs * Correct the way backlogs patches into the user settings * Remove superfluous UpdateUserService * Rewrite duplicated update service examples into common shared example * Remove duplicate password writable check * Base Users::DeleteContract on base delete contract * Move checks for active users into the UserAllowedService * Restore password writable check as it is not an attribute * Fix menus for global user * Allow global users to add custom fields * Allow global user add permission to reinvite user * Fix changed var name in update service spec * Ensure also invited or registered users can be authroized This ensure that e.g., invited users can also be set as watchers * fix typo Co-authored-by: ulferts <jens.ulferts@googlemail.com> 4 years ago
			`context 'as global user' do`
			`using_shared_fixtures :global_add_user`
			`let(:current_user) { global_add_user }`

			`context 'with internal authentication' do`
			`before do`
			`visit new_user_path`

			`new_user_page.fill_in! first_name: 'bobfirst',`
			`last_name: 'boblast',`
			`email: 'bob@mail.com'`

			`perform_enqueued_jobs do`
			`new_user_page.submit!`
			`end`
			`end`

			`it_behaves_like 'successful user creation' do`
			`describe 'activation' do`
			`before do`
			`allow(User).to receive(:current).and_call_original`

			`visit "/account/activate?token=#{token}"`
			`end`

			`it 'shows the registration form' do`
			`expect(page).to have_text 'Create a new account'`
			`end`

			`it 'registers the user upon submission' do`
			`fill_in 'user_password', with: 'foobarbaz1'`
			`fill_in 'user_password_confirmation', with: 'foobarbaz1'`

			`click_button 'Create'`

			`# landed on the 'my page'`
			`expect(page).to have_text 'Welcome, your account has been activated. You are logged in now.'`
			`expect(page).to have_link 'bobfirst boblast'`
			`end`
			`end`
			`end`
			`end`
			`end`
disable required fields when making them invisible 9 years ago			`end`