miteruzo
/
btrc-hub
1
0
Fork 0
Code Issues 68 Pull Requests 1 Releases 0 Wiki Activity
ぼざクリタグ広場 https://hub.nizika.monster
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
266 Commits
25 Branches
16 MiB
 
 
 
 
 
Tree: b47cdc7ad7
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b47cdc7ad7'
${ noResults }
btrc-hub/backend/spec/requests/users_spec.rb

267 lines
7.5 KiB
Raw Blame History 

  1. require 'rails_helper'

  2. 

  3. RSpec.describe 'Users', type: :request do

  4.   let(:remote_ip) { '203.0.113.10' }

  5. 

  6.   before do

  7.     allow_any_instance_of(ActionDispatch::Request)

  8.       .to receive(:remote_ip)

  9.       .and_return(remote_ip)

  10.   end

  11. 

  12.   def auth_headers(user)

  13.     { 'X-Transfer-Code' => user.inheritance_code }

  14.   end

  15. 

  16.   describe 'POST /users' do

  17.     it 'creates guest user, IpAddress and UserIp, and returns code' do

  18.       expect {

  19.         post '/users'

  20.       }.to change(User, :count).by(1)

  21.         .and change(IpAddress, :count).by(1)

  22.         .and change(UserIp, :count).by(1)

  23. 

  24.       expect(response).to have_http_status(:created)

  25.       expect(json['code']).to be_present

  26.       expect(json['user']['role']).to eq('guest')

  27. 

  28.       user = User.last

  29.       ip_address = IpAddress.find_by(ip_address: IPAddr.new(remote_ip).hton)

  30. 

  31.       expect(user.role).to eq('guest')

  32.       expect(ip_address).to be_present

  33.       expect(UserIp.exists?(user:, ip_address:)).to eq(true)

  34.     end

  35. 

  36.     it 'returns 403 and does not create user when current IP address is banned' do

  37.       IpAddress.create!(

  38.         ip_address: IPAddr.new(remote_ip).hton,

  39.         banned_at: Time.current

  40.       )

  41. 

  42.       expect {

  43.         post '/users'

  44.       }.not_to change(User, :count)

  45. 

  46.       expect(response).to have_http_status(:forbidden)

  47.       expect(UserIp.count).to eq(0)

  48.     end

  49.   end

  50. 

  51.   describe 'POST /users/code/renew' do

  52.     it 'returns 401 when not logged in' do

  53.       post '/users/code/renew'

  54. 

  55.       expect(response).to have_http_status(:unauthorized)

  56.     end

  57. 

  58.     it 'returns 403 when current user is banned' do

  59.       user = create(:user, :banned)

  60. 

  61.       post '/users/code/renew', headers: auth_headers(user)

  62. 

  63.       expect(response).to have_http_status(:forbidden)

  64.     end

  65. 

  66.     it 'returns 403 when current IP address is banned' do

  67.       user = create(:user)

  68. 

  69.       IpAddress.create!(

  70.         ip_address: IPAddr.new(remote_ip).hton,

  71.         banned_at: Time.current

  72.       )

  73. 

  74.       post '/users/code/renew', headers: auth_headers(user)

  75. 

  76.       expect(response).to have_http_status(:forbidden)

  77.     end

  78.   end

  79. 

  80.   describe 'PUT /users/:id' do

  81.     let(:user) { create(:user, name: 'old-name', role: 'guest') }

  82. 

  83.     it 'returns 401 when current_user id mismatch' do

  84.       other_user = create(:user)

  85. 

  86.       put "/users/#{user.id}",

  87.           params: { name: 'new-name' },

  88.           headers: auth_headers(other_user)

  89. 

  90.       expect(response).to have_http_status(:unauthorized)

  91.     end

  92. 

  93.     it 'returns 400 when name is blank' do

  94.       put "/users/#{user.id}",

  95.           params: { name: '   ' },

  96.           headers: auth_headers(user)

  97. 

  98.       expect(response).to have_http_status(:bad_request)

  99.     end

  100. 

  101.     it 'updates name and returns user slice' do

  102.       put "/users/#{user.id}",

  103.           params: { name: 'new-name' },

  104.           headers: auth_headers(user)

  105. 

  106.       expect(response).to have_http_status(:ok)

  107.       expect(json['id']).to eq(user.id)

  108.       expect(json['name']).to eq('new-name')

  109. 

  110.       user.reload

  111.       expect(user.name).to eq('new-name')

  112.     end

  113. 

  114.     it 'returns 403 when current user is banned' do

  115.       user.update!(banned_at: Time.current)

  116. 

  117.       put "/users/#{user.id}",

  118.           params: { name: 'new-name' },

  119.           headers: auth_headers(user)

  120. 

  121.       expect(response).to have_http_status(:forbidden)

  122. 

  123.       user.reload

  124.       expect(user.name).to eq('old-name')

  125.     end

  126. 

  127.     it 'returns 403 when current IP address is banned' do

  128.       IpAddress.create!(

  129.         ip_address: IPAddr.new(remote_ip).hton,

  130.         banned_at: Time.current

  131.       )

  132. 

  133.       put "/users/#{user.id}",

  134.           params: { name: 'new-name' },

  135.           headers: auth_headers(user)

  136. 

  137.       expect(response).to have_http_status(:forbidden)

  138. 

  139.       user.reload

  140.       expect(user.name).to eq('old-name')

  141.     end

  142.   end

  143. 

  144.   describe 'POST /users/verify' do

  145.     it 'returns valid:false when code not found' do

  146.       post '/users/verify', params: { code: 'nope' }

  147. 

  148.       expect(response).to have_http_status(:ok)

  149.       expect(json['valid']).to eq(false)

  150.     end

  151. 

  152.     it 'returns 403 when current IP address is banned' do

  153.       user = create(:user, inheritance_code: SecureRandom.uuid, role: 'guest')

  154. 

  155.       IpAddress.create!(

  156.         ip_address: IPAddr.new(remote_ip).hton,

  157.         banned_at: Time.current

  158.       )

  159. 

  160.       expect {

  161.         post '/users/verify', params: { code: user.inheritance_code }

  162.       }.not_to change(UserIp, :count)

  163. 

  164.       expect(response).to have_http_status(:forbidden)

  165.     end

  166. 

  167.     it 'returns 403 when verified user is banned' do

  168.       user = create(

  169.         :user,

  170.         :banned,

  171.         inheritance_code: SecureRandom.uuid,

  172.         role: 'guest'

  173.       )

  174. 

  175.       expect {

  176.         post '/users/verify', params: { code: user.inheritance_code }

  177.       }.not_to change(UserIp, :count)

  178. 

  179.       expect(response).to have_http_status(:forbidden)

  180.     end

  181. 

  182.     it 'creates IpAddress and UserIp, and returns valid:true with user slice' do

  183.       user = create(:user, inheritance_code: SecureRandom.uuid, role: 'guest')

  184. 

  185.       expect {

  186.         post '/users/verify', params: { code: user.inheritance_code }

  187.       }.to change(UserIp, :count).by(1)

  188.         .and change(IpAddress, :count).by(1)

  189. 

  190.       expect(response).to have_http_status(:ok)

  191.       expect(json['valid']).to eq(true)

  192.       expect(json['user']['id']).to eq(user.id)

  193.       expect(json['user']['inheritance_code']).to eq(user.inheritance_code)

  194.       expect(json['user']['role']).to eq('guest')

  195. 

  196.       ip_address = IpAddress.find_by(ip_address: IPAddr.new(remote_ip).hton)

  197.       expect(ip_address).to be_present

  198.       expect(UserIp.exists?(user:, ip_address:)).to eq(true)

  199.     end

  200. 

  201.     it 'is idempotent for same user and same IP address' do

  202.       user = create(:user, inheritance_code: SecureRandom.uuid, role: 'guest')

  203. 

  204.       post '/users/verify', params: { code: user.inheritance_code }

  205.       expect(response).to have_http_status(:ok)

  206. 

  207.       expect {

  208.         post '/users/verify', params: { code: user.inheritance_code }

  209.       }.not_to change(UserIp, :count)

  210. 

  211.       expect(response).to have_http_status(:ok)

  212.       expect(json['valid']).to eq(true)

  213.     end

  214. 

  215.     it 'creates another UserIp for same user and different IP address' do

  216.       user = create(:user, inheritance_code: SecureRandom.uuid, role: 'guest')

  217. 

  218.       post '/users/verify', params: { code: user.inheritance_code }

  219.       expect(response).to have_http_status(:ok)

  220. 

  221.       allow_any_instance_of(ActionDispatch::Request)

  222.         .to receive(:remote_ip)

  223.         .and_return('203.0.113.11')

  224. 

  225.       expect {

  226.         post '/users/verify', params: { code: user.inheritance_code }

  227.       }.to change(UserIp, :count).by(1)

  228. 

  229.       expect(response).to have_http_status(:ok)

  230.       expect(json['valid']).to eq(true)

  231.     end

  232.   end

  233. 

  234.   describe 'GET /users/me' do

  235.     it 'returns 404 when code not found' do

  236.       get '/users/me', params: { code: 'nope' }

  237. 

  238.       expect(response).to have_http_status(:not_found)

  239.     end

  240. 

  241.     it 'returns user slice when found' do

  242.       user = create(:user, inheritance_code: SecureRandom.uuid, name: 'me', role: 'guest')

  243. 

  244.       get '/users/me', params: { code: user.inheritance_code }

  245. 

  246.       expect(response).to have_http_status(:ok)

  247.       expect(json['id']).to eq(user.id)

  248.       expect(json['name']).to eq('me')

  249.       expect(json['inheritance_code']).to eq(user.inheritance_code)

  250.       expect(json['role']).to eq('guest')

  251.     end

  252. 

  253.     it 'returns 403 when current IP address is banned' do

  254.       user = create(:user, inheritance_code: SecureRandom.uuid)

  255. 

  256.       IpAddress.create!(

  257.         ip_address: IPAddr.new(remote_ip).hton,

  258.         banned_at: Time.current

  259.       )

  260. 

  261.       get '/users/me', params: { code: user.inheritance_code }

  262. 

  263.       expect(response).to have_http_status(:forbidden)

  264.     end

  265.   end

  266. end