diff --git a/spec/controllers/settings/deletes_controller_spec.rb b/spec/controllers/settings/deletes_controller_spec.rb deleted file mode 100644 index 98104b8454..0000000000 --- a/spec/controllers/settings/deletes_controller_spec.rb +++ /dev/null @@ -1,87 +0,0 @@ -# frozen_string_literal: true - -require 'rails_helper' - -RSpec.describe Settings::DeletesController do - render_views - - describe 'GET #show' do - context 'when signed in' do - let(:user) { Fabricate(:user) } - - before do - sign_in user, scope: :user - get :show - end - - it 'renders confirmation page with private cache control headers', :aggregate_failures do - expect(response).to have_http_status(200) - expect(response.headers['Cache-Control']).to include('private, no-store') - end - - context 'when suspended' do - let(:user) { Fabricate(:user, account_attributes: { suspended_at: Time.now.utc }) } - - it 'returns http forbidden with private cache control headers', :aggregate_failures do - expect(response).to have_http_status(403) - expect(response.headers['Cache-Control']).to include('private, no-store') - end - end - end - - context 'when not signed in' do - it 'redirects' do - get :show - expect(response).to redirect_to '/auth/sign_in' - end - end - end - - describe 'DELETE #destroy' do - context 'when signed in' do - let(:user) { Fabricate(:user, password: 'petsmoldoggos') } - - before do - sign_in user, scope: :user - end - - context 'with correct password' do - before do - delete :destroy, params: { form_delete_confirmation: { password: 'petsmoldoggos' } } - end - - it 'removes user record and redirects', :aggregate_failures, :inline_jobs do - expect(response).to redirect_to '/auth/sign_in' - expect(User.find_by(id: user.id)).to be_nil - expect(user.account.reload).to be_suspended - expect(CanonicalEmailBlock.block?(user.email)).to be false - end - - context 'when suspended' do - let(:user) { Fabricate(:user, account_attributes: { suspended_at: Time.now.utc }) } - - it 'returns http forbidden' do - expect(response).to have_http_status(403) - end - end - end - - context 'with incorrect password' do - before do - delete :destroy, params: { form_delete_confirmation: { password: 'blaze420' } } - end - - it 'redirects back to confirmation page' do - expect(response).to redirect_to settings_delete_path - end - end - end - - context 'when not signed in' do - it 'redirects' do - delete :destroy - expect(response).to redirect_to '/auth/sign_in' - end - end - end -end diff --git a/spec/requests/settings/deletes_spec.rb b/spec/requests/settings/deletes_spec.rb index 4563f639d5..c277181999 100644 --- a/spec/requests/settings/deletes_spec.rb +++ b/spec/requests/settings/deletes_spec.rb @@ -4,13 +4,65 @@ require 'rails_helper' RSpec.describe 'Settings Deletes' do describe 'DELETE /settings/delete' do - before { sign_in Fabricate(:user) } + context 'when signed in' do + before { sign_in(user) } - it 'gracefully handles invalid nested params' do - delete settings_delete_path(form_delete_confirmation: 'invalid') + let(:user) { Fabricate(:user) } - expect(response) - .to have_http_status(400) + it 'gracefully handles invalid nested params' do + delete settings_delete_path(form_delete_confirmation: 'invalid') + + expect(response) + .to have_http_status(400) + end + + context 'when suspended' do + let(:user) { Fabricate(:user, account_attributes: { suspended_at: Time.now.utc }) } + + it 'returns http forbidden' do + delete settings_delete_path + + expect(response) + .to have_http_status(403) + end + end + end + + context 'when not signed in' do + it 'redirects to sign in' do + delete settings_delete_path + + expect(response) + .to redirect_to(new_user_session_path) + end + end + end + + describe 'GET /settings/delete' do + context 'when signed in' do + before { sign_in(user) } + + context 'when suspended' do + let(:user) { Fabricate(:user, account_attributes: { suspended_at: Time.now.utc }) } + + it 'returns http forbidden with private cache control headers' do + get settings_delete_path + + expect(response) + .to have_http_status(403) + expect(response.headers['Cache-Control']) + .to include('private, no-store') + end + end + end + + context 'when not signed in' do + it 'redirects to sign in' do + get settings_delete_path + + expect(response) + .to redirect_to(new_user_session_path) + end end end end diff --git a/spec/system/settings/deletes_spec.rb b/spec/system/settings/deletes_spec.rb new file mode 100644 index 0000000000..91f7104252 --- /dev/null +++ b/spec/system/settings/deletes_spec.rb @@ -0,0 +1,38 @@ +# frozen_string_literal: true + +require 'rails_helper' + +RSpec.describe 'Settings Deletes' do + describe 'Deleting user from settings area' do + let(:user) { Fabricate(:user) } + + before { sign_in(user) } + + it 'requires password and deletes user record', :inline_jobs do + visit settings_delete_path + expect(page) + .to have_title(I18n.t('settings.delete')) + .and have_private_cache_control + + # Wrong confirmation value + fill_in 'form_delete_confirmation_password', with: 'wrongvalue' + click_on I18n.t('deletes.proceed') + expect(page) + .to have_content(I18n.t('deletes.challenge_not_passed')) + + # Correct confirmation value + fill_in 'form_delete_confirmation_password', with: user.password + click_on I18n.t('deletes.proceed') + expect(page) + .to have_content(I18n.t('deletes.success_msg')) + expect(page) + .to have_title(I18n.t('auth.login')) + expect(User.find_by(id: user.id)) + .to be_nil + expect(user.account.reload) + .to be_suspended + expect(CanonicalEmailBlock.block?(user.email)) + .to be(false) + end + end +end