みてるぞ
b47cdc7ad7
#327 #327 #327 #327 Merge remote-tracking branch 'origin/main' into feature/327 #327 Co-authored-by: miteruzo <miteruzo@naver.com> Reviewed-on: #342
267 lines
7.5 KiB
Ruby
267 lines
7.5 KiB
Ruby
require 'rails_helper'
|
|
|
|
RSpec.describe 'Users', type: :request do
|
|
let(:remote_ip) { '203.0.113.10' }
|
|
|
|
before do
|
|
allow_any_instance_of(ActionDispatch::Request)
|
|
.to receive(:remote_ip)
|
|
.and_return(remote_ip)
|
|
end
|
|
|
|
def auth_headers(user)
|
|
{ 'X-Transfer-Code' => user.inheritance_code }
|
|
end
|
|
|
|
describe 'POST /users' do
|
|
it 'creates guest user, IpAddress and UserIp, and returns code' do
|
|
expect {
|
|
post '/users'
|
|
}.to change(User, :count).by(1)
|
|
.and change(IpAddress, :count).by(1)
|
|
.and change(UserIp, :count).by(1)
|
|
|
|
expect(response).to have_http_status(:created)
|
|
expect(json['code']).to be_present
|
|
expect(json['user']['role']).to eq('guest')
|
|
|
|
user = User.last
|
|
ip_address = IpAddress.find_by(ip_address: IPAddr.new(remote_ip).hton)
|
|
|
|
expect(user.role).to eq('guest')
|
|
expect(ip_address).to be_present
|
|
expect(UserIp.exists?(user:, ip_address:)).to eq(true)
|
|
end
|
|
|
|
it 'returns 403 and does not create user when current IP address is banned' do
|
|
IpAddress.create!(
|
|
ip_address: IPAddr.new(remote_ip).hton,
|
|
banned_at: Time.current
|
|
)
|
|
|
|
expect {
|
|
post '/users'
|
|
}.not_to change(User, :count)
|
|
|
|
expect(response).to have_http_status(:forbidden)
|
|
expect(UserIp.count).to eq(0)
|
|
end
|
|
end
|
|
|
|
describe 'POST /users/code/renew' do
|
|
it 'returns 401 when not logged in' do
|
|
post '/users/code/renew'
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
end
|
|
|
|
it 'returns 403 when current user is banned' do
|
|
user = create(:user, :banned)
|
|
|
|
post '/users/code/renew', headers: auth_headers(user)
|
|
|
|
expect(response).to have_http_status(:forbidden)
|
|
end
|
|
|
|
it 'returns 403 when current IP address is banned' do
|
|
user = create(:user)
|
|
|
|
IpAddress.create!(
|
|
ip_address: IPAddr.new(remote_ip).hton,
|
|
banned_at: Time.current
|
|
)
|
|
|
|
post '/users/code/renew', headers: auth_headers(user)
|
|
|
|
expect(response).to have_http_status(:forbidden)
|
|
end
|
|
end
|
|
|
|
describe 'PUT /users/:id' do
|
|
let(:user) { create(:user, name: 'old-name', role: 'guest') }
|
|
|
|
it 'returns 401 when current_user id mismatch' do
|
|
other_user = create(:user)
|
|
|
|
put "/users/#{user.id}",
|
|
params: { name: 'new-name' },
|
|
headers: auth_headers(other_user)
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
end
|
|
|
|
it 'returns 400 when name is blank' do
|
|
put "/users/#{user.id}",
|
|
params: { name: ' ' },
|
|
headers: auth_headers(user)
|
|
|
|
expect(response).to have_http_status(:bad_request)
|
|
end
|
|
|
|
it 'updates name and returns user slice' do
|
|
put "/users/#{user.id}",
|
|
params: { name: 'new-name' },
|
|
headers: auth_headers(user)
|
|
|
|
expect(response).to have_http_status(:ok)
|
|
expect(json['id']).to eq(user.id)
|
|
expect(json['name']).to eq('new-name')
|
|
|
|
user.reload
|
|
expect(user.name).to eq('new-name')
|
|
end
|
|
|
|
it 'returns 403 when current user is banned' do
|
|
user.update!(banned_at: Time.current)
|
|
|
|
put "/users/#{user.id}",
|
|
params: { name: 'new-name' },
|
|
headers: auth_headers(user)
|
|
|
|
expect(response).to have_http_status(:forbidden)
|
|
|
|
user.reload
|
|
expect(user.name).to eq('old-name')
|
|
end
|
|
|
|
it 'returns 403 when current IP address is banned' do
|
|
IpAddress.create!(
|
|
ip_address: IPAddr.new(remote_ip).hton,
|
|
banned_at: Time.current
|
|
)
|
|
|
|
put "/users/#{user.id}",
|
|
params: { name: 'new-name' },
|
|
headers: auth_headers(user)
|
|
|
|
expect(response).to have_http_status(:forbidden)
|
|
|
|
user.reload
|
|
expect(user.name).to eq('old-name')
|
|
end
|
|
end
|
|
|
|
describe 'POST /users/verify' do
|
|
it 'returns valid:false when code not found' do
|
|
post '/users/verify', params: { code: 'nope' }
|
|
|
|
expect(response).to have_http_status(:ok)
|
|
expect(json['valid']).to eq(false)
|
|
end
|
|
|
|
it 'returns 403 when current IP address is banned' do
|
|
user = create(:user, inheritance_code: SecureRandom.uuid, role: 'guest')
|
|
|
|
IpAddress.create!(
|
|
ip_address: IPAddr.new(remote_ip).hton,
|
|
banned_at: Time.current
|
|
)
|
|
|
|
expect {
|
|
post '/users/verify', params: { code: user.inheritance_code }
|
|
}.not_to change(UserIp, :count)
|
|
|
|
expect(response).to have_http_status(:forbidden)
|
|
end
|
|
|
|
it 'returns 403 when verified user is banned' do
|
|
user = create(
|
|
:user,
|
|
:banned,
|
|
inheritance_code: SecureRandom.uuid,
|
|
role: 'guest'
|
|
)
|
|
|
|
expect {
|
|
post '/users/verify', params: { code: user.inheritance_code }
|
|
}.not_to change(UserIp, :count)
|
|
|
|
expect(response).to have_http_status(:forbidden)
|
|
end
|
|
|
|
it 'creates IpAddress and UserIp, and returns valid:true with user slice' do
|
|
user = create(:user, inheritance_code: SecureRandom.uuid, role: 'guest')
|
|
|
|
expect {
|
|
post '/users/verify', params: { code: user.inheritance_code }
|
|
}.to change(UserIp, :count).by(1)
|
|
.and change(IpAddress, :count).by(1)
|
|
|
|
expect(response).to have_http_status(:ok)
|
|
expect(json['valid']).to eq(true)
|
|
expect(json['user']['id']).to eq(user.id)
|
|
expect(json['user']['inheritance_code']).to eq(user.inheritance_code)
|
|
expect(json['user']['role']).to eq('guest')
|
|
|
|
ip_address = IpAddress.find_by(ip_address: IPAddr.new(remote_ip).hton)
|
|
expect(ip_address).to be_present
|
|
expect(UserIp.exists?(user:, ip_address:)).to eq(true)
|
|
end
|
|
|
|
it 'is idempotent for same user and same IP address' do
|
|
user = create(:user, inheritance_code: SecureRandom.uuid, role: 'guest')
|
|
|
|
post '/users/verify', params: { code: user.inheritance_code }
|
|
expect(response).to have_http_status(:ok)
|
|
|
|
expect {
|
|
post '/users/verify', params: { code: user.inheritance_code }
|
|
}.not_to change(UserIp, :count)
|
|
|
|
expect(response).to have_http_status(:ok)
|
|
expect(json['valid']).to eq(true)
|
|
end
|
|
|
|
it 'creates another UserIp for same user and different IP address' do
|
|
user = create(:user, inheritance_code: SecureRandom.uuid, role: 'guest')
|
|
|
|
post '/users/verify', params: { code: user.inheritance_code }
|
|
expect(response).to have_http_status(:ok)
|
|
|
|
allow_any_instance_of(ActionDispatch::Request)
|
|
.to receive(:remote_ip)
|
|
.and_return('203.0.113.11')
|
|
|
|
expect {
|
|
post '/users/verify', params: { code: user.inheritance_code }
|
|
}.to change(UserIp, :count).by(1)
|
|
|
|
expect(response).to have_http_status(:ok)
|
|
expect(json['valid']).to eq(true)
|
|
end
|
|
end
|
|
|
|
describe 'GET /users/me' do
|
|
it 'returns 404 when code not found' do
|
|
get '/users/me', params: { code: 'nope' }
|
|
|
|
expect(response).to have_http_status(:not_found)
|
|
end
|
|
|
|
it 'returns user slice when found' do
|
|
user = create(:user, inheritance_code: SecureRandom.uuid, name: 'me', role: 'guest')
|
|
|
|
get '/users/me', params: { code: user.inheritance_code }
|
|
|
|
expect(response).to have_http_status(:ok)
|
|
expect(json['id']).to eq(user.id)
|
|
expect(json['name']).to eq('me')
|
|
expect(json['inheritance_code']).to eq(user.inheritance_code)
|
|
expect(json['role']).to eq('guest')
|
|
end
|
|
|
|
it 'returns 403 when current IP address is banned' do
|
|
user = create(:user, inheritance_code: SecureRandom.uuid)
|
|
|
|
IpAddress.create!(
|
|
ip_address: IPAddr.new(remote_ip).hton,
|
|
banned_at: Time.current
|
|
)
|
|
|
|
get '/users/me', params: { code: user.inheritance_code }
|
|
|
|
expect(response).to have_http_status(:forbidden)
|
|
end
|
|
end
|
|
end
|