BigW Consortium Gitlab

user_spec.rb 58.3 KB
Newer Older
gitlabhq committed
1 2
require 'spec_helper'

Douwe Maan committed
3
describe User, models: true do
4 5
  include Gitlab::CurrentSettings

6 7 8 9 10 11 12 13 14 15
  describe 'modules' do
    subject { described_class }

    it { is_expected.to include_module(Gitlab::ConfigHelper) }
    it { is_expected.to include_module(Gitlab::CurrentSettings) }
    it { is_expected.to include_module(Referable) }
    it { is_expected.to include_module(Sortable) }
    it { is_expected.to include_module(TokenAuthenticatable) }
  end

16 17 18 19
  describe 'delegations' do
    it { is_expected.to delegate_method(:path).to(:namespace).with_prefix }
  end

20
  describe 'associations' do
21
    it { is_expected.to have_one(:namespace) }
22
    it { is_expected.to have_many(:snippets).dependent(:destroy) }
23 24 25
    it { is_expected.to have_many(:project_members).dependent(:destroy) }
    it { is_expected.to have_many(:groups) }
    it { is_expected.to have_many(:keys).dependent(:destroy) }
26
    it { is_expected.to have_many(:deploy_keys).dependent(:destroy) }
27
    it { is_expected.to have_many(:events).dependent(:destroy) }
28
    it { is_expected.to have_many(:recent_events).class_name('Event') }
29
    it { is_expected.to have_many(:issues).dependent(:destroy) }
30 31 32
    it { is_expected.to have_many(:notes).dependent(:destroy) }
    it { is_expected.to have_many(:merge_requests).dependent(:destroy) }
    it { is_expected.to have_many(:identities).dependent(:destroy) }
33
    it { is_expected.to have_many(:spam_logs).dependent(:destroy) }
34
    it { is_expected.to have_many(:todos).dependent(:destroy) }
35
    it { is_expected.to have_many(:award_emoji).dependent(:destroy) }
36
    it { is_expected.to have_many(:triggers).dependent(:destroy) }
37 38
    it { is_expected.to have_many(:builds).dependent(:nullify) }
    it { is_expected.to have_many(:pipelines).dependent(:nullify) }
39
    it { is_expected.to have_many(:chat_names).dependent(:destroy) }
40
    it { is_expected.to have_many(:uploads).dependent(:destroy) }
41
    it { is_expected.to have_many(:reported_abuse_reports).dependent(:destroy).class_name('AbuseReport') }
42

43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68
    describe "#abuse_report" do
      let(:current_user) { create(:user) }
      let(:other_user) { create(:user) }

      it { is_expected.to have_one(:abuse_report) }

      it "refers to the abuse report whose user_id is the current user" do
        abuse_report = create(:abuse_report, reporter: other_user, user: current_user)

        expect(current_user.abuse_report).to eq(abuse_report)
      end

      it "does not refer to the abuse report whose reporter_id is the current user" do
        create(:abuse_report, reporter: current_user, user: other_user)

        expect(current_user.abuse_report).to be_nil
      end

      it "does not update the user_id of an abuse report when the user is updated" do
        abuse_report = create(:abuse_report, reporter: current_user, user: other_user)

        current_user.block

        expect(abuse_report.reload.user).to eq(other_user)
      end
    end
69 70 71 72

    describe '#group_members' do
      it 'does not include group memberships for which user is a requester' do
        user = create(:user)
73
        group = create(:group, :public, :access_requestable)
74 75 76 77 78 79 80 81 82
        group.request_access(user)

        expect(user.group_members).to be_empty
      end
    end

    describe '#project_members' do
      it 'does not include project memberships for which user is a requester' do
        user = create(:user)
83
        project = create(:empty_project, :public, :access_requestable)
84 85 86 87 88
        project.request_access(user)

        expect(user.project_members).to be_empty
      end
    end
89 90 91
  end

  describe 'validations' do
92 93 94 95 96 97 98 99 100 101 102 103
    describe 'username' do
      it 'validates presence' do
        expect(subject).to validate_presence_of(:username)
      end

      it 'rejects blacklisted names' do
        user = build(:user, username: 'dashboard')

        expect(user).not_to be_valid
        expect(user.errors.values).to eq [['dashboard is a reserved name']]
      end

104 105 106 107 108 109 110 111 112 113 114 115
      it 'allows child names' do
        user = build(:user, username: 'avatar')

        expect(user).to be_valid
      end

      it 'allows wildcard names' do
        user = build(:user, username: 'blob')

        expect(user).to be_valid
      end

116
      it 'validates uniqueness' do
117
        expect(subject).to validate_uniqueness_of(:username).case_insensitive
118 119 120
      end
    end

121 122 123 124
    it { is_expected.to validate_presence_of(:projects_limit) }
    it { is_expected.to validate_numericality_of(:projects_limit) }
    it { is_expected.to allow_value(0).for(:projects_limit) }
    it { is_expected.not_to allow_value(-1).for(:projects_limit) }
125
    it { is_expected.not_to allow_value(Gitlab::Database::MAX_INT_VALUE + 1).for(:projects_limit) }
126

127
    it { is_expected.to validate_length_of(:bio).is_at_most(255) }
128

129 130 131
    it_behaves_like 'an object with email-formated attributes', :email do
      subject { build(:user) }
    end
132

133 134 135
    it_behaves_like 'an object with email-formated attributes', :public_email, :notification_email do
      subject { build(:user).tap { |user| user.emails << build(:email, email: email_value) } }
    end
136

137
    describe 'email' do
138
      context 'when no signup domains whitelisted' do
139
        before do
140
          allow_any_instance_of(ApplicationSetting).to receive(:domain_whitelist).and_return([])
141
        end
142

143 144 145 146 147 148
        it 'accepts any email' do
          user = build(:user, email: "info@example.com")
          expect(user).to be_valid
        end
      end

149
      context 'when a signup domain is whitelisted and subdomains are allowed' do
150
        before do
151
          allow_any_instance_of(ApplicationSetting).to receive(:domain_whitelist).and_return(['example.com', '*.example.com'])
152
        end
153

154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169
        it 'accepts info@example.com' do
          user = build(:user, email: "info@example.com")
          expect(user).to be_valid
        end

        it 'accepts info@test.example.com' do
          user = build(:user, email: "info@test.example.com")
          expect(user).to be_valid
        end

        it 'rejects example@test.com' do
          user = build(:user, email: "example@test.com")
          expect(user).to be_invalid
        end
      end

170
      context 'when a signup domain is whitelisted and subdomains are not allowed' do
171
        before do
172
          allow_any_instance_of(ApplicationSetting).to receive(:domain_whitelist).and_return(['example.com'])
173
        end
174 175 176 177 178 179 180 181 182 183 184 185 186 187 188

        it 'accepts info@example.com' do
          user = build(:user, email: "info@example.com")
          expect(user).to be_valid
        end

        it 'rejects info@test.example.com' do
          user = build(:user, email: "info@test.example.com")
          expect(user).to be_invalid
        end

        it 'rejects example@test.com' do
          user = build(:user, email: "example@test.com")
          expect(user).to be_invalid
        end
189 190 191 192 193

        it 'accepts example@test.com when added by another user' do
          user = build(:user, email: "example@test.com", created_by_id: 1)
          expect(user).to be_valid
        end
194
      end
195

196 197 198 199 200 201
      context 'domain blacklist' do
        before do
          allow_any_instance_of(ApplicationSetting).to receive(:domain_blacklist_enabled?).and_return(true)
          allow_any_instance_of(ApplicationSetting).to receive(:domain_blacklist).and_return(['example.com'])
        end

202
        context 'when a signup domain is blacklisted' do
203 204 205 206 207 208 209 210 211
          it 'accepts info@test.com' do
            user = build(:user, email: 'info@test.com')
            expect(user).to be_valid
          end

          it 'rejects info@example.com' do
            user = build(:user, email: 'info@example.com')
            expect(user).not_to be_valid
          end
212 213 214 215 216

          it 'accepts info@example.com when added by another user' do
            user = build(:user, email: 'info@example.com', created_by_id: 1)
            expect(user).to be_valid
          end
217 218
        end

219
        context 'when a signup domain is blacklisted but a wildcard subdomain is allowed' do
220 221
          before do
            allow_any_instance_of(ApplicationSetting).to receive(:domain_blacklist).and_return(['test.example.com'])
222
            allow_any_instance_of(ApplicationSetting).to receive(:domain_whitelist).and_return(['*.example.com'])
223 224
          end

225
          it 'gives priority to whitelist and allow info@test.example.com' do
226 227 228 229 230 231 232
            user = build(:user, email: 'info@test.example.com')
            expect(user).to be_valid
          end
        end

        context 'with both lists containing a domain' do
          before do
233
            allow_any_instance_of(ApplicationSetting).to receive(:domain_whitelist).and_return(['test.com'])
234 235 236 237 238 239 240 241 242 243 244 245 246 247
          end

          it 'accepts info@test.com' do
            user = build(:user, email: 'info@test.com')
            expect(user).to be_valid
          end

          it 'rejects info@example.com' do
            user = build(:user, email: 'info@example.com')
            expect(user).not_to be_valid
          end
        end
      end

248 249 250 251 252 253
      context 'owns_notification_email' do
        it 'accepts temp_oauth_email emails' do
          user = build(:user, email: "temp-email-for-oauth@example.com")
          expect(user).to be_valid
        end
      end
254
    end
255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314
  end

  describe "scopes" do
    describe ".with_two_factor" do
      it "returns users with 2fa enabled via OTP" do
        user_with_2fa = create(:user, :two_factor_via_otp)
        user_without_2fa = create(:user)
        users_with_two_factor = User.with_two_factor.pluck(:id)

        expect(users_with_two_factor).to include(user_with_2fa.id)
        expect(users_with_two_factor).not_to include(user_without_2fa.id)
      end

      it "returns users with 2fa enabled via U2F" do
        user_with_2fa = create(:user, :two_factor_via_u2f)
        user_without_2fa = create(:user)
        users_with_two_factor = User.with_two_factor.pluck(:id)

        expect(users_with_two_factor).to include(user_with_2fa.id)
        expect(users_with_two_factor).not_to include(user_without_2fa.id)
      end

      it "returns users with 2fa enabled via OTP and U2F" do
        user_with_2fa = create(:user, :two_factor_via_otp, :two_factor_via_u2f)
        user_without_2fa = create(:user)
        users_with_two_factor = User.with_two_factor.pluck(:id)

        expect(users_with_two_factor).to eq([user_with_2fa.id])
        expect(users_with_two_factor).not_to include(user_without_2fa.id)
      end
    end

    describe ".without_two_factor" do
      it "excludes users with 2fa enabled via OTP" do
        user_with_2fa = create(:user, :two_factor_via_otp)
        user_without_2fa = create(:user)
        users_without_two_factor = User.without_two_factor.pluck(:id)

        expect(users_without_two_factor).to include(user_without_2fa.id)
        expect(users_without_two_factor).not_to include(user_with_2fa.id)
      end

      it "excludes users with 2fa enabled via U2F" do
        user_with_2fa = create(:user, :two_factor_via_u2f)
        user_without_2fa = create(:user)
        users_without_two_factor = User.without_two_factor.pluck(:id)

        expect(users_without_two_factor).to include(user_without_2fa.id)
        expect(users_without_two_factor).not_to include(user_with_2fa.id)
      end

      it "excludes users with 2fa enabled via OTP and U2F" do
        user_with_2fa = create(:user, :two_factor_via_otp, :two_factor_via_u2f)
        user_without_2fa = create(:user)
        users_without_two_factor = User.without_two_factor.pluck(:id)

        expect(users_without_two_factor).to include(user_without_2fa.id)
        expect(users_without_two_factor).not_to include(user_with_2fa.id)
      end
    end
315 316 317 318 319 320 321 322 323 324 325 326 327 328

    describe '.todo_authors' do
      it 'filters users' do
        create :user
        user_2 = create :user
        user_3 = create :user
        current_user = create :user
        create(:todo, user: current_user, author: user_2, state: :done)
        create(:todo, user: current_user, author: user_3, state: :pending)

        expect(User.todo_authors(current_user.id, 'pending')).to eq [user_3]
        expect(User.todo_authors(current_user.id, 'done')).to eq [user_2]
      end
    end
gitlabhq committed
329 330 331
  end

  describe "Respond to" do
332
    it { is_expected.to respond_to(:admin?) }
333 334
    it { is_expected.to respond_to(:name) }
    it { is_expected.to respond_to(:private_token) }
Zeger-Jan van de Weg committed
335 336 337 338 339 340 341 342 343 344 345 346 347 348
    it { is_expected.to respond_to(:external?) }
  end

  describe 'before save hook' do
    context 'when saving an external user' do
      let(:user)          { create(:user) }
      let(:external_user) { create(:user, external: true) }

      it "sets other properties aswell" do
        expect(external_user.can_create_team).to be_falsey
        expect(external_user.can_create_group).to be_falsey
        expect(external_user.projects_limit).to be 0
      end
    end
gitlabhq committed
349 350
  end

351 352 353 354 355 356 357 358 359 360 361 362 363 364 365
  describe '#update_tracked_fields!', :redis do
    let(:request) { OpenStruct.new(remote_ip: "127.0.0.1") }
    let(:user) { create(:user) }

    it 'writes trackable attributes' do
      expect do
        user.update_tracked_fields!(request)
      end.to change { user.reload.current_sign_in_at }
    end

    it 'does not write trackable attributes when called a second time within the hour' do
      user.update_tracked_fields!(request)

      expect do
        user.update_tracked_fields!(request)
366 367 368 369 370 371 372 373 374 375 376
      end.not_to change { user.reload.current_sign_in_at }
    end

    it 'writes trackable attributes for a different user' do
      user2 = create(:user)

      user.update_tracked_fields!(request)

      expect do
        user2.update_tracked_fields!(request)
      end.to change { user2.reload.current_sign_in_at }
377 378 379
    end
  end

380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407
  shared_context 'user keys' do
    let(:user) { create(:user) }
    let!(:key) { create(:key, user: user) }
    let!(:deploy_key) { create(:deploy_key, user: user) }
  end

  describe '#keys' do
    include_context 'user keys'

    context 'with key and deploy key stored' do
      it 'returns stored key, but not deploy_key' do
        expect(user.keys).to include key
        expect(user.keys).not_to include deploy_key
      end
    end
  end

  describe '#deploy_keys' do
    include_context 'user keys'

    context 'with key and deploy key stored' do
      it 'returns stored deploy key, but not normal key' do
        expect(user.deploy_keys).to include deploy_key
        expect(user.deploy_keys).not_to include key
      end
    end
  end

408
  describe '#confirm' do
409 410 411
    before do
      allow_any_instance_of(ApplicationSetting).to receive(:send_user_confirmation_email).and_return(true)
    end
412

413 414 415 416 417 418 419
    let(:user) { create(:user, confirmed_at: nil, unconfirmed_email: 'test@gitlab.com') }

    it 'returns unconfirmed' do
      expect(user.confirmed?).to be_falsey
    end

    it 'confirms a user' do
420
      user.confirm
421 422 423 424
      expect(user.confirmed?).to be_truthy
    end
  end

425 426 427 428 429 430 431 432
  describe '#to_reference' do
    let(:user) { create(:user) }

    it 'returns a String reference to the object' do
      expect(user.to_reference).to eq "@#{user.username}"
    end
  end

433
  describe '#generate_password' do
434
    it "does not generate password by default" do
435
      user = create(:user, password: 'abcdefghe')
436
      expect(user.password).to eq('abcdefghe')
437
    end
438 439
  end

440
  describe 'authentication token' do
441
    it "has authentication token" do
442
      user = create(:user)
443
      expect(user.authentication_token).not_to be_blank
444
    end
Nihad Abbasov committed
445
  end
446

447 448 449 450 451 452 453
  describe 'ensure incoming email token' do
    it 'has incoming email token' do
      user = create(:user)
      expect(user.incoming_email_token).not_to be_blank
    end
  end

454
  describe 'rss token' do
455 456 457 458 459
    it 'ensures an rss token on read' do
      user = create(:user, rss_token: nil)
      rss_token = user.rss_token
      expect(rss_token).not_to be_blank
      expect(user.reload.rss_token).to eq rss_token
460 461 462
    end
  end

463
  describe '#recently_sent_password_reset?' do
464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482
    it 'is false when reset_password_sent_at is nil' do
      user = build_stubbed(:user, reset_password_sent_at: nil)

      expect(user.recently_sent_password_reset?).to eq false
    end

    it 'is false when sent more than one minute ago' do
      user = build_stubbed(:user, reset_password_sent_at: 5.minutes.ago)

      expect(user.recently_sent_password_reset?).to eq false
    end

    it 'is true when sent less than one minute ago' do
      user = build_stubbed(:user, reset_password_sent_at: Time.now)

      expect(user.recently_sent_password_reset?).to eq true
    end
  end

483 484 485 486 487 488 489
  describe '#disable_two_factor!' do
    it 'clears all 2FA-related fields' do
      user = create(:user, :two_factor)

      expect(user).to be_two_factor_enabled
      expect(user.encrypted_otp_secret).not_to be_nil
      expect(user.otp_backup_codes).not_to be_nil
490
      expect(user.otp_grace_period_started_at).not_to be_nil
491 492 493 494 495 496 497 498

      user.disable_two_factor!

      expect(user).not_to be_two_factor_enabled
      expect(user.encrypted_otp_secret).to be_nil
      expect(user.encrypted_otp_secret_iv).to be_nil
      expect(user.encrypted_otp_secret_salt).to be_nil
      expect(user.otp_backup_codes).to be_nil
499
      expect(user.otp_grace_period_started_at).to be_nil
500 501 502
    end
  end

503 504
  describe 'projects' do
    before do
505
      @user = create(:user)
506

507 508 509 510 511 512 513
      @project = create(:empty_project, namespace: @user.namespace)
      @project_2 = create(:empty_project, group: create(:group)) do |project|
        project.add_master(@user)
      end
      @project_3 = create(:empty_project, group: create(:group)) do |project|
        project.add_developer(@user)
      end
514 515
    end

516 517 518 519 520 521 522 523 524
    it { expect(@user.authorized_projects).to include(@project) }
    it { expect(@user.authorized_projects).to include(@project_2) }
    it { expect(@user.authorized_projects).to include(@project_3) }
    it { expect(@user.owned_projects).to include(@project) }
    it { expect(@user.owned_projects).not_to include(@project_2) }
    it { expect(@user.owned_projects).not_to include(@project_3) }
    it { expect(@user.personal_projects).to include(@project) }
    it { expect(@user.personal_projects).not_to include(@project_2) }
    it { expect(@user.personal_projects).not_to include(@project_3) }
525 526 527 528 529
  end

  describe 'groups' do
    before do
      @user = create :user
530 531
      @group = create :group
      @group.add_owner(@user)
532 533
    end

534 535 536
    it { expect(@user.several_namespaces?).to be_truthy }
    it { expect(@user.authorized_groups).to eq([@group]) }
    it { expect(@user.owned_groups).to eq([@group]) }
537
    it { expect(@user.namespaces).to match_array([@user.namespace, @group]) }
538 539
  end

540 541 542 543
  describe 'group multiple owners' do
    before do
      @user = create :user
      @user2 = create :user
544 545
      @group = create :group
      @group.add_owner(@user)
546

547
      @group.add_user(@user2, GroupMember::OWNER)
548 549
    end

550
    it { expect(@user2.several_namespaces?).to be_truthy }
551 552
  end

553 554 555
  describe 'namespaced' do
    before do
      @user = create :user
556
      @project = create(:empty_project, namespace: @user.namespace)
557 558
    end

559
    it { expect(@user.several_namespaces?).to be_falsey }
560
    it { expect(@user.namespaces).to eq([@user.namespace]) }
561 562 563 564 565
  end

  describe 'blocking user' do
    let(:user) { create(:user, name: 'John Smith') }

566
    it "blocks user" do
567
      user.block
568
      expect(user.blocked?).to be_truthy
569 570 571
    end
  end

572 573 574 575 576 577 578
  describe '.filter' do
    let(:user) { double }

    it 'filters by active users by default' do
      expect(User).to receive(:active).and_return([user])

      expect(User.filter(nil)).to include user
579 580
    end

581 582 583 584
    it 'filters by admins' do
      expect(User).to receive(:admins).and_return([user])

      expect(User.filter('admins')).to include user
585 586
    end

587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609
    it 'filters by blocked' do
      expect(User).to receive(:blocked).and_return([user])

      expect(User.filter('blocked')).to include user
    end

    it 'filters by two_factor_disabled' do
      expect(User).to receive(:without_two_factor).and_return([user])

      expect(User.filter('two_factor_disabled')).to include user
    end

    it 'filters by two_factor_enabled' do
      expect(User).to receive(:with_two_factor).and_return([user])

      expect(User.filter('two_factor_enabled')).to include user
    end

    it 'filters by wop' do
      expect(User).to receive(:without_projects).and_return([user])

      expect(User.filter('wop')).to include user
    end
610 611
  end

612
  describe '.without_projects' do
613
    let!(:project) { create(:empty_project, :public, :access_requestable) }
614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633
    let!(:user) { create(:user) }
    let!(:user_without_project) { create(:user) }
    let!(:user_without_project2) { create(:user) }

    before do
      # add user to project
      project.team << [user, :master]

      # create invite to projet
      create(:project_member, :developer, project: project, invite_token: '1234', invite_email: 'inviteduser1@example.com')

      # create request to join project
      project.request_access(user_without_project2)
    end

    it { expect(User.without_projects).not_to include user }
    it { expect(User.without_projects).to include user_without_project }
    it { expect(User.without_projects).to include user_without_project2 }
  end

634 635 636
  describe 'user creation' do
    describe 'normal user' do
      let(:user) { create(:user, name: 'John Smith') }
Dmitriy Zaporozhets committed
637

638
      it { expect(user.admin?).to be_falsey }
639 640 641 642
      it { expect(user.require_ssh_key?).to be_truthy }
      it { expect(user.can_create_group?).to be_truthy }
      it { expect(user.can_create_project?).to be_truthy }
      it { expect(user.first_name).to eq('John') }
643
      it { expect(user.external).to be_falsey }
644
    end
645

646
    describe 'with defaults' do
647
      let(:user) { User.new }
Dmitriy Zaporozhets committed
648

649
      it "applies defaults to user" do
650 651
        expect(user.projects_limit).to eq(Gitlab.config.gitlab.default_projects_limit)
        expect(user.can_create_group).to eq(Gitlab.config.gitlab.default_can_create_group)
Zeger-Jan van de Weg committed
652
        expect(user.external).to be_falsey
653 654 655
      end
    end

656
    describe 'with default overrides' do
657
      let(:user) { User.new(projects_limit: 123, can_create_group: false, can_create_team: true) }
Dmitriy Zaporozhets committed
658

659
      it "applies defaults to user" do
660 661
        expect(user.projects_limit).to eq(123)
        expect(user.can_create_group).to be_falsey
662
      end
663
    end
664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683

    context 'when current_application_settings.user_default_external is true' do
      before do
        stub_application_setting(user_default_external: true)
      end

      it "creates external user by default" do
        user = build(:user)

        expect(user.external).to be_truthy
      end

      describe 'with default overrides' do
        it "creates a non-external user" do
          user = build(:user, external: false)

          expect(user.external).to be_falsey
        end
      end
    end
684

685 686 687 688
    describe '#require_ssh_key?' do
      protocol_and_expectation = {
        'http' => false,
        'ssh' => true,
689
        '' => true
690 691 692 693 694 695 696 697 698
      }

      protocol_and_expectation.each do |protocol, expected|
        it "has correct require_ssh_key?" do
          stub_application_setting(enabled_git_access_protocol: protocol)
          user = build(:user)

          expect(user.require_ssh_key?).to eq(expected)
        end
699 700
      end
    end
701
  end
702

703
  describe '.find_by_any_email' do
704 705 706
    it 'finds by primary email' do
      user = create(:user, email: 'foo@example.com')

707
      expect(User.find_by_any_email(user.email)).to eq user
708 709 710 711 712 713
    end

    it 'finds by secondary email' do
      email = create(:email, email: 'foo@example.com')
      user  = email.user

714
      expect(User.find_by_any_email(email.email)).to eq user
715 716 717
    end

    it 'returns nil when nothing found' do
718
      expect(User.find_by_any_email('')).to be_nil
719 720 721
    end
  end

722 723 724 725 726 727 728 729 730 731 732
  describe '.search' do
    let(:user) { create(:user) }

    it 'returns users with a matching name' do
      expect(described_class.search(user.name)).to eq([user])
    end

    it 'returns users with a partially matching name' do
      expect(described_class.search(user.name[0..2])).to eq([user])
    end

733
    it 'returns users with a matching name regardless of the casing' do
734 735 736 737 738 739 740 741 742 743 744
      expect(described_class.search(user.name.upcase)).to eq([user])
    end

    it 'returns users with a matching Email' do
      expect(described_class.search(user.email)).to eq([user])
    end

    it 'returns users with a partially matching Email' do
      expect(described_class.search(user.email[0..2])).to eq([user])
    end

745
    it 'returns users with a matching Email regardless of the casing' do
746 747 748 749 750 751 752 753 754 755 756
      expect(described_class.search(user.email.upcase)).to eq([user])
    end

    it 'returns users with a matching username' do
      expect(described_class.search(user.username)).to eq([user])
    end

    it 'returns users with a partially matching username' do
      expect(described_class.search(user.username[0..2])).to eq([user])
    end

757
    it 'returns users with a matching username regardless of the casing' do
758
      expect(described_class.search(user.username.upcase)).to eq([user])
759
    end
760 761 762
  end

  describe '.search_with_secondary_emails' do
Douwe Maan committed
763
    delegate :search_with_secondary_emails, to: :described_class
764

765 766
    let!(:user) { create(:user, name: 'John Doe', username: 'john.doe', email: 'john.doe@example.com' ) }
    let!(:another_user) { create(:user, name: 'Albert Smith', username: 'albert.smith', email: 'albert.smith@example.com' ) }
767 768 769
    let!(:email) do
      create(:email, user: another_user, email: 'alias@example.com')
    end
770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834

    it 'returns users with a matching name' do
      expect(search_with_secondary_emails(user.name)).to eq([user])
    end

    it 'returns users with a partially matching name' do
      expect(search_with_secondary_emails(user.name[0..2])).to eq([user])
    end

    it 'returns users with a matching name regardless of the casing' do
      expect(search_with_secondary_emails(user.name.upcase)).to eq([user])
    end

    it 'returns users with a matching email' do
      expect(search_with_secondary_emails(user.email)).to eq([user])
    end

    it 'returns users with a partially matching email' do
      expect(search_with_secondary_emails(user.email[0..2])).to eq([user])
    end

    it 'returns users with a matching email regardless of the casing' do
      expect(search_with_secondary_emails(user.email.upcase)).to eq([user])
    end

    it 'returns users with a matching username' do
      expect(search_with_secondary_emails(user.username)).to eq([user])
    end

    it 'returns users with a partially matching username' do
      expect(search_with_secondary_emails(user.username[0..2])).to eq([user])
    end

    it 'returns users with a matching username regardless of the casing' do
      expect(search_with_secondary_emails(user.username.upcase)).to eq([user])
    end

    it 'returns users with a matching whole secondary email' do
      expect(search_with_secondary_emails(email.email)).to eq([email.user])
    end

    it 'returns users with a matching part of secondary email' do
      expect(search_with_secondary_emails(email.email[1..4])).to eq([email.user])
    end

    it 'return users with a matching part of secondary email regardless of case' do
      expect(search_with_secondary_emails(email.email[1..4].upcase)).to eq([email.user])
      expect(search_with_secondary_emails(email.email[1..4].downcase)).to eq([email.user])
      expect(search_with_secondary_emails(email.email[1..4].capitalize)).to eq([email.user])
    end

    it 'returns multiple users with matching secondary emails' do
      email1 = create(:email, email: '1_testemail@example.com')
      email2 = create(:email, email: '2_testemail@example.com')
      email3 = create(:email, email: 'other@email.com')
      email3.user.update_attributes!(email: 'another@mail.com')

      expect(
        search_with_secondary_emails('testemail@example.com').map(&:id)
      ).to include(email1.user.id, email2.user.id)

      expect(
        search_with_secondary_emails('testemail@example.com').map(&:id)
      ).not_to include(email3.user.id)
    end
835 836
  end

837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853
  describe '.find_by_ssh_key_id' do
    context 'using an existing SSH key ID' do
      let(:user) { create(:user) }
      let(:key) { create(:key, user: user) }

      it 'returns the corresponding User' do
        expect(described_class.find_by_ssh_key_id(key.id)).to eq(user)
      end
    end

    context 'using an invalid SSH key ID' do
      it 'returns nil' do
        expect(described_class.find_by_ssh_key_id(-1)).to be_nil
      end
    end
  end

854 855 856 857
  describe '.by_login' do
    let(:username) { 'John' }
    let!(:user) { create(:user, username: username) }

858
    it 'gets the correct user' do
859 860 861 862 863 864 865 866 867
      expect(User.by_login(user.email.upcase)).to eq user
      expect(User.by_login(user.email)).to eq user
      expect(User.by_login(username.downcase)).to eq user
      expect(User.by_login(username)).to eq user
      expect(User.by_login(nil)).to be_nil
      expect(User.by_login('')).to be_nil
    end
  end

868 869 870 871 872 873 874 875 876 877 878
  describe '.find_by_username' do
    it 'returns nil if not found' do
      expect(described_class.find_by_username('JohnDoe')).to be_nil
    end

    it 'is case-insensitive' do
      user = create(:user, username: 'JohnDoe')
      expect(described_class.find_by_username('JOHNDOE')).to eq user
    end
  end

879 880
  describe '.find_by_username!' do
    it 'raises RecordNotFound' do
881 882
      expect { described_class.find_by_username!('JohnDoe') }.
        to raise_error(ActiveRecord::RecordNotFound)
883 884 885 886 887 888 889 890
    end

    it 'is case-insensitive' do
      user = create(:user, username: 'JohnDoe')
      expect(described_class.find_by_username!('JOHNDOE')).to eq user
    end
  end

891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941
  describe '.find_by_full_path' do
    let!(:user) { create(:user) }

    context 'with a route matching the given path' do
      let!(:route) { user.namespace.route }

      it 'returns the user' do
        expect(User.find_by_full_path(route.path)).to eq(user)
      end

      it 'is case-insensitive' do
        expect(User.find_by_full_path(route.path.upcase)).to eq(user)
        expect(User.find_by_full_path(route.path.downcase)).to eq(user)
      end
    end

    context 'with a redirect route matching the given path' do
      let!(:redirect_route) { user.namespace.redirect_routes.create(path: 'foo') }

      context 'without the follow_redirects option' do
        it 'returns nil' do
          expect(User.find_by_full_path(redirect_route.path)).to eq(nil)
        end
      end

      context 'with the follow_redirects option set to true' do
        it 'returns the user' do
          expect(User.find_by_full_path(redirect_route.path, follow_redirects: true)).to eq(user)
        end

        it 'is case-insensitive' do
          expect(User.find_by_full_path(redirect_route.path.upcase, follow_redirects: true)).to eq(user)
          expect(User.find_by_full_path(redirect_route.path.downcase, follow_redirects: true)).to eq(user)
        end
      end
    end

    context 'without a route or a redirect route matching the given path' do
      context 'without the follow_redirects option' do
        it 'returns nil' do
          expect(User.find_by_full_path('unknown')).to eq(nil)
        end
      end
      context 'with the follow_redirects option set to true' do
        it 'returns nil' do
          expect(User.find_by_full_path('unknown', follow_redirects: true)).to eq(nil)
        end
      end
    end

    context 'with a group route matching the given path' do
Michael Kozono committed
942 943
      context 'when the group namespace has an owner_id (legacy data)' do
        let!(:group) { create(:group, path: 'group_path', owner: user) }
944

Michael Kozono committed
945 946 947 948 949 950 951 952 953 954 955
        it 'returns nil' do
          expect(User.find_by_full_path('group_path')).to eq(nil)
        end
      end

      context 'when the group namespace does not have an owner_id' do
        let!(:group) { create(:group, path: 'group_path') }

        it 'returns nil' do
          expect(User.find_by_full_path('group_path')).to eq(nil)
        end
956 957 958 959
      end
    end
  end

960
  describe 'all_ssh_keys' do
961
    it { is_expected.to have_many(:keys).dependent(:destroy) }
962

963
    it "has all ssh keys" do
964 965 966
      user = create :user
      key = create :key, key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD33bWLBxu48Sev9Fert1yzEO4WGcWglWF7K/AwblIUFselOt/QdOL9DSjpQGxLagO1s9wl53STIO8qGS4Ms0EJZyIXOEFMjFJ5xmjSy+S37By4sG7SsltQEHMxtbtFOaW5LV2wCrX+rUsRNqLMamZjgjcPO0/EgGCXIGMAYW4O7cwGZdXWYIhQ1Vwy+CsVMDdPkPgBXqK7nR/ey8KMs8ho5fMNgB5hBw/AL9fNGhRw3QTD6Q12Nkhl4VZES2EsZqlpNnJttnPdp847DUsT6yuLRlfiQfz5Cn9ysHFdXObMN5VYIiPFwHeYCZp1X2S4fDZooRE8uOLTfxWHPXwrhqSH", user_id: user.id

967
      expect(user.all_ssh_keys).to include(a_string_starting_with(key.key))
968
    end
969
  end
970

971
  describe '#avatar_type' do
972 973
    let(:user) { create(:user) }

974
    it 'is true if avatar is image' do
975
      user.update_attribute(:avatar, 'uploads/avatar.png')
976
      expect(user.avatar_type).to be_truthy
977 978
    end

979
    it 'is false if avatar is html page' do
980
      user.update_attribute(:avatar, 'uploads/avatar.html')
981
      expect(user.avatar_type).to eq(['only images allowed'])
982 983
    end
  end
Jerome Dalbert committed
984

985 986 987 988
  describe '#avatar_url' do
    let(:user) { create(:user, :with_avatar) }

    context 'when avatar file is uploaded' do
989
      let(:gitlab_host) { "http://#{Gitlab.config.gitlab.host}" }
990
      let(:avatar_path) { "/uploads/system/user/avatar/#{user.id}/dk.png" }
991

992 993 994 995 996 997 998 999
      it 'shows correct avatar url' do
        expect(user.avatar_url).to eq(avatar_path)
        expect(user.avatar_url(only_path: false)).to eq([gitlab_host, avatar_path].join)

        allow(ActionController::Base).to receive(:asset_host).and_return(gitlab_host)

        expect(user.avatar_url).to eq([gitlab_host, avatar_path].join)
      end
1000 1001 1002
    end
  end

1003
  describe '#requires_ldap_check?' do
1004 1005
    let(:user) { User.new }

1006 1007
    it 'is false when LDAP is disabled' do
      # Create a condition which would otherwise cause 'true' to be returned
1008
      allow(user).to receive(:ldap_user?).and_return(true)
1009
      user.last_credential_check_at = nil
1010
      expect(user.requires_ldap_check?).to be_falsey
1011 1012
    end

1013
    context 'when LDAP is enabled' do
1014 1015 1016
      before do
        allow(Gitlab.config.ldap).to receive(:enabled).and_return(true)
      end
1017

1018
      it 'is false for non-LDAP users' do
1019
        allow(user).to receive(:ldap_user?).and_return(false)
1020
        expect(user.requires_ldap_check?).to be_falsey
1021 1022
      end

1023
      context 'and when the user is an LDAP user' do
1024 1025 1026
        before do
          allow(user).to receive(:ldap_user?).and_return(true)
        end
1027 1028 1029

        it 'is true when the user has never had an LDAP check before' do
          user.last_credential_check_at = nil
1030
          expect(user.requires_ldap_check?).to be_truthy
1031 1032 1033 1034
        end

        it 'is true when the last LDAP check happened over 1 hour ago' do
          user.last_credential_check_at = 2.hours.ago
1035
          expect(user.requires_ldap_check?).to be_truthy
1036
        end
1037 1038 1039 1040
      end
    end
  end

1041
  context 'ldap synchronized user' do
1042
    describe '#ldap_user?' do
1043 1044 1045 1046
      it 'is true if provider name starts with ldap' do
        user = create(:omniauth_user, provider: 'ldapmain')
        expect(user.ldap_user?).to be_truthy
      end
1047

1048 1049 1050 1051 1052 1053 1054 1055 1056
      it 'is false for other providers' do
        user = create(:omniauth_user, provider: 'other-provider')
        expect(user.ldap_user?).to be_falsey
      end

      it 'is false if no extern_uid is provided' do
        user = create(:omniauth_user, extern_uid: nil)
        expect(user.ldap_user?).to be_falsey
      end
1057 1058
    end

1059
    describe '#ldap_identity' do
1060 1061 1062 1063
      it 'returns ldap identity' do
        user = create :omniauth_user
        expect(user.ldap_identity.provider).not_to be_empty
      end
1064 1065
    end

1066 1067 1068 1069 1070 1071 1072 1073
    describe '#ldap_block' do
      let(:user) { create(:omniauth_user, provider: 'ldapmain', name: 'John Smith') }

      it 'blocks user flaging the action caming from ldap' do
        user.ldap_block
        expect(user.blocked?).to be_truthy
        expect(user.ldap_blocked?).to be_truthy
      end
1074 1075 1076
    end
  end

Jerome Dalbert committed
1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115
  describe '#full_website_url' do
    let(:user) { create(:user) }

    it 'begins with http if website url omits it' do
      user.website_url = 'test.com'

      expect(user.full_website_url).to eq 'http://test.com'
    end

    it 'begins with http if website url begins with http' do
      user.website_url = 'http://test.com'

      expect(user.full_website_url).to eq 'http://test.com'
    end

    it 'begins with https if website url begins with https' do
      user.website_url = 'https://test.com'

      expect(user.full_website_url).to eq 'https://test.com'
    end
  end

  describe '#short_website_url' do
    let(:user) { create(:user) }

    it 'does not begin with http if website url omits it' do
      user.website_url = 'test.com'

      expect(user.short_website_url).to eq 'test.com'
    end

    it 'does not begin with http if website url begins with http' do
      user.website_url = 'http://test.com'

      expect(user.short_website_url).to eq 'test.com'
    end

    it 'does not begin with https if website url begins with https' do
      user.website_url = 'https://test.com'
1116

Jerome Dalbert committed
1117 1118
      expect(user.short_website_url).to eq 'test.com'
    end
1119
  end
Ciro Santilli committed
1120

1121 1122
  describe '#starred?' do
    it 'determines if user starred a project' do
1123
      user = create :user
1124 1125
      project1 = create(:empty_project, :public)
      project2 = create(:empty_project, :public)
1126

1127 1128
      expect(user.starred?(project1)).to be_falsey
      expect(user.starred?(project2)).to be_falsey
1129 1130

      star1 = UsersStarProject.create!(project: project1, user: user)
1131 1132
      expect(user.starred?(project1)).to be_truthy
      expect(user.starred?(project2)).to be_falsey
1133 1134

      star2 = UsersStarProject.create!(project: project2, user: user)
1135 1136
      expect(user.starred?(project1)).to be_truthy
      expect(user.starred?(project2)).to be_truthy
1137 1138

      star1.destroy
1139 1140
      expect(user.starred?(project1)).to be_falsey
      expect(user.starred?(project2)).to be_truthy
1141 1142

      star2.destroy
1143 1144
      expect(user.starred?(project1)).to be_falsey
      expect(user.starred?(project2)).to be_falsey
1145 1146 1147
    end
  end

1148 1149
  describe '#toggle_star' do
    it 'toggles stars' do
Ciro Santilli committed
1150
      user = create :user
1151
      project = create(:empty_project, :public)
Ciro Santilli committed
1152

1153
      expect(user.starred?(project)).to be_falsey
Ciro Santilli committed
1154
      user.toggle_star(project)
1155
      expect(user.starred?(project)).to be_truthy
Ciro Santilli committed
1156
      user.toggle_star(project)
1157
      expect(user.starred?(project)).to be_falsey
Ciro Santilli committed
1158 1159
    end
  end
Valery Sizov committed
1160

1161
  describe '#sort' do
Valery Sizov committed
1162 1163 1164 1165
    before do
      User.delete_all
      @user = create :user, created_at: Date.today, last_sign_in_at: Date.today, name: 'Alpha'
      @user1 = create :user, created_at: Date.today - 1, last_sign_in_at: Date.today - 1, name: 'Omega'
1166
      @user2 = create :user, created_at: Date.today - 2, last_sign_in_at: nil, name: 'Beta'
Valery Sizov committed
1167
    end
1168

1169 1170 1171 1172 1173 1174 1175 1176
    context 'when sort by recent_sign_in' do
      it 'sorts users by the recent sign-in time' do
        expect(User.sort('recent_sign_in').first).to eq(@user)
      end

      it 'pushes users who never signed in to the end' do
        expect(User.sort('recent_sign_in').third).to eq(@user2)
      end
Valery Sizov committed
1177 1178
    end

1179 1180 1181 1182 1183 1184 1185 1186
    context 'when sort by oldest_sign_in' do
      it 'sorts users by the oldest sign-in time' do
        expect(User.sort('oldest_sign_in').first).to eq(@user1)
      end

      it 'pushes users who never signed in to the end' do
        expect(User.sort('oldest_sign_in').third).to eq(@user2)
      end
Valery Sizov committed
1187 1188
    end

1189
    it 'sorts users in descending order by their creation time' do
1190
      expect(User.sort('created_desc').first).to eq(@user)
Valery Sizov committed
1191 1192
    end

1193 1194
    it 'sorts users in ascending order by their creation time' do
      expect(User.sort('created_asc').first).to eq(@user2)
Valery Sizov committed
1195 1196
    end

1197 1198
    it 'sorts users by id in descending order when nil is passed' do
      expect(User.sort(nil).first).to eq(@user2)
Valery Sizov committed
1199 1200
    end
  end
1201

1202
  describe "#contributed_projects" do
1203
    subject { create(:user) }
1204 1205 1206
    let!(:project1) { create(:empty_project) }
    let!(:project2) { create(:empty_project, forked_from_project: project3) }
    let!(:project3) { create(:empty_project) }
1207
    let!(:merge_request) { create(:merge_request, source_project: project2, target_project: project3, author: subject) }
1208 1209
    let!(:push_event) { create(:event, :pushed, project: project1, target: project1, author: subject) }
    let!(:merge_event) { create(:event, :created, project: project3, target: merge_request, author: subject) }
1210 1211 1212 1213 1214 1215 1216

    before do
      project1.team << [subject, :master]
      project2.team << [subject, :master]
    end

    it "includes IDs for projects the user has pushed to" do
1217
      expect(subject.contributed_projects).to include(project1)
1218 1219 1220
    end

    it "includes IDs for projects the user has had merge requests merged into" do
1221
      expect(subject.contributed_projects).to include(project3)
1222 1223 1224
    end

    it "doesn't include IDs for unrelated projects" do
1225
      expect(subject.contributed_projects).not_to include(project2)
1226 1227
    end
  end
1228

1229
  describe '#can_be_removed?' do
1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244
    subject { create(:user) }

    context 'no owned groups' do
      it { expect(subject.can_be_removed?).to be_truthy }
    end

    context 'has owned groups' do
      before do
        group = create(:group)
        group.add_owner(subject)
      end

      it { expect(subject.can_be_removed?).to be_falsey }
    end
  end
1245 1246 1247

  describe "#recent_push" do
    subject { create(:user) }
1248 1249
    let!(:project1) { create(:project, :repository) }
    let!(:project2) { create(:project, :repository, forked_from_project: project1) }
1250
    let!(:push_data) do
1251
      Gitlab::DataBuilder::Push.build_sample(project2, subject)
1252
    end
1253
    let!(:push_event) { create(:event, :pushed, project: project2, target: project1, author: subject, data: push_data) }
1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274

    before do
      project1.team << [subject, :master]
      project2.team << [subject, :master]
    end

    it "includes push event" do
      expect(subject.recent_push).to eq(push_event)
    end

    it "excludes push event if branch has been deleted" do
      allow_any_instance_of(Repository).to receive(:branch_names).and_return(['foo'])

      expect(subject.recent_push).to eq(nil)
    end

    it "excludes push event if MR is opened for it" do
      create(:merge_request, source_project: project2, target_project: project1, source_branch: project2.default_branch, target_branch: 'fix', author: subject)

      expect(subject.recent_push).to eq(nil)
    end
1275 1276 1277 1278 1279 1280

    it "includes push events on any of the provided projects" do
      expect(subject.recent_push(project1)).to eq(nil)
      expect(subject.recent_push(project2)).to eq(push_event)

      push_data1 = Gitlab::DataBuilder::Push.build_sample(project1, subject)
1281
      push_event1 = create(:event, :pushed, project: project1, target: project1, author: subject, data: push_data1)
1282 1283 1284

      expect(subject.recent_push([project1, project2])).to eq(push_event1) # Newest
    end
1285
  end
1286 1287 1288 1289 1290 1291 1292 1293 1294

  describe '#authorized_groups' do
    let!(:user) { create(:user) }
    let!(:private_group) { create(:group) }

    before do
      private_group.add_user(user, Gitlab::Access::MASTER)
    end

1295
    subject { user.authorized_groups }
1296

1297
    it { is_expected.to eq([private_group]) }
1298 1299
  end

1300
  describe '#authorized_projects', truncate: true do
1301 1302 1303 1304
    context 'with a minimum access level' do
      it 'includes projects for which the user is an owner' do
        user = create(:user)
        project = create(:empty_project, :private, namespace: user.namespace)
1305

1306 1307
        expect(user.authorized_projects(Gitlab::Access::REPORTER))
          .to contain_exactly(project)
1308
      end
1309

1310 1311 1312 1313 1314
      it 'includes projects for which the user is a master' do
        user = create(:user)
        project = create(:empty_project, :private)

        project.team << [user, Gitlab::Access::MASTER]
1315

1316 1317
        expect(user.authorized_projects(Gitlab::Access::REPORTER))
          .to contain_exactly(project)
1318 1319
      end
    end
1320 1321 1322

    it "includes user's personal projects" do
      user    = create(:user)
1323
      project = create(:empty_project, :private, namespace: user.namespace)
1324 1325 1326 1327 1328 1329 1330

      expect(user.authorized_projects).to include(project)
    end

    it "includes personal projects user has been given access to" do
      user1   = create(:user)
      user2   = create(:user)
1331
      project = create(:empty_project, :private, namespace: user1.namespace)
1332 1333 1334 1335 1336 1337 1338 1339

      project.team << [user2, Gitlab::Access::DEVELOPER]

      expect(user2.authorized_projects).to include(project)
    end

    it "includes projects of groups user has been added to" do
      group   = create(:group)
1340
      project = create(:empty_project, group: group)
1341 1342 1343 1344 1345 1346 1347 1348 1349
      user    = create(:user)

      group.add_developer(user)

      expect(user.authorized_projects).to include(project)
    end

    it "does not include projects of groups user has been removed from" do
      group   = create(:group)
1350
      project = create(:empty_project, group: group)
1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361
      user    = create(:user)

      member = group.add_developer(user)
      expect(user.authorized_projects).to include(project)

      member.destroy
      expect(user.authorized_projects).not_to include(project)
    end

    it "includes projects shared with user's group" do
      user    = create(:user)
1362
      project = create(:empty_project, :private)
1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373
      group   = create(:group)

      group.add_reporter(user)
      project.project_group_links.create(group: group)

      expect(user.authorized_projects).to include(project)
    end

    it "does not include destroyed projects user had access to" do
      user1   = create(:user)
      user2   = create(:user)
1374
      project = create(:empty_project, :private, namespace: user1.namespace)
1375 1376 1377 1378 1379 1380 1381 1382 1383 1384

      project.team << [user2, Gitlab::Access::DEVELOPER]
      expect(user2.authorized_projects).to include(project)

      project.destroy
      expect(user2.authorized_projects).not_to include(project)
    end

    it "does not include projects of destroyed groups user had access to" do
      group   = create(:group)
1385
      project = create(:empty_project, namespace: group)
1386 1387 1388 1389 1390 1391 1392 1393
      user    = create(:user)

      group.add_developer(user)
      expect(user.authorized_projects).to include(project)

      group.destroy
      expect(user.authorized_projects).not_to include(project)
    end
1394
  end
1395

1396 1397 1398 1399
  describe '#projects_where_can_admin_issues' do
    let(:user) { create(:user) }

    it 'includes projects for which the user access level is above or equal to reporter' do
1400 1401 1402
      reporter_project  = create(:empty_project) { |p| p.add_reporter(user) }
      developer_project = create(:empty_project) { |p| p.add_developer(user) }
      master_project    = create(:empty_project) { |p| p.add_master(user) }
1403 1404 1405 1406 1407 1408 1409 1410

      expect(user.projects_where_can_admin_issues.to_a).to eq([master_project, developer_project, reporter_project])
      expect(user.can?(:admin_issue, master_project)).to eq(true)
      expect(user.can?(:admin_issue, developer_project)).to eq(true)
      expect(user.can?(:admin_issue, reporter_project)).to eq(true)
    end

    it 'does not include for which the user access level is below reporter' do
1411 1412
      project = create(:empty_project)
      guest_project = create(:empty_project) { |p| p.add_guest(user) }
1413 1414 1415 1416 1417 1418 1419

      expect(user.projects_where_can_admin_issues.to_a).to be_empty
      expect(user.can?(:admin_issue, guest_project)).to eq(false)
      expect(user.can?(:admin_issue, project)).to eq(false)
    end

    it 'does not include archived projects' do
1420
      project = create(:empty_project, :archived)
1421 1422 1423 1424 1425 1426

      expect(user.projects_where_can_admin_issues.to_a).to be_empty
      expect(user.can?(:admin_issue, project)).to eq(false)
    end

    it 'does not include projects for which issues are disabled' do
1427
      project = create(:empty_project, :issues_disabled)
1428 1429 1430 1431 1432 1433

      expect(user.projects_where_can_admin_issues.to_a).to be_empty
      expect(user.can?(:admin_issue, project)).to eq(false)
    end
  end

1434 1435 1436 1437
  describe '#ci_authorized_runners' do
    let(:user) { create(:user) }
    let(:runner) { create(:ci_runner) }

1438 1439 1440
    before do
      project.runners << runner
    end
1441 1442

    context 'without any projects' do
1443
      let(:project) { create(:empty_project) }
1444 1445

      it 'does not load' do
1446
        expect(user.ci_authorized_runners).to be_empty
1447 1448 1449 1450 1451
      end
    end

    context 'with personal projects runners' do
      let(:namespace) { create(:namespace, owner: user) }
1452
      let(:project) { create(:empty_project, namespace: namespace) }
1453 1454

      it 'loads' do
1455
        expect(user.ci_authorized_runners).to contain_exactly(runner)
1456 1457 1458 1459
      end
    end

    shared_examples :member do
1460
      context 'when the user is a master' do
1461 1462 1463
        before do
          add_user(Gitlab::Access::MASTER)
        end
1464

1465 1466 1467
        it 'loads' do
          expect(user.ci_authorized_runners).to contain_exactly(runner)
        end
1468 1469
      end

1470
      context 'when the user is a developer' do
1471 1472 1473
        before do
          add_user(Gitlab::Access::DEVELOPER)
        end
1474

1475 1476 1477
        it 'does not load' do
          expect(user.ci_authorized_runners).to be_empty
        end
1478 1479 1480 1481 1482
      end
    end

    context 'with groups projects runners' do
      let(:group) { create(:group) }
1483
      let(:project) { create(:empty_project, group: group) }
1484

1485
      def add_user(access)
1486 1487 1488 1489 1490 1491 1492
        group.add_user(user, access)
      end

      it_behaves_like :member
    end

    context 'with other projects runners' do
1493
      let(:project) { create(:empty_project) }
1494

1495
      def add_user(access)
1496
        project.team << [user, access]
1497 1498 1499 1500 1501 1502
      end

      it_behaves_like :member
    end
  end

1503
  describe '#projects_with_reporter_access_limited_to' do
1504 1505
    let(:project1) { create(:empty_project) }
    let(:project2) { create(:empty_project) }
1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525
    let(:user) { create(:user) }

    before do
      project1.team << [user, :reporter]
      project2.team << [user, :guest]
    end

    it 'returns the projects when using a single project ID' do
      projects = user.projects_with_reporter_access_limited_to(project1.id)

      expect(projects).to eq([project1])
    end

    it 'returns the projects when using an Array of project IDs' do
      projects = user.projects_with_reporter_access_limited_to([project1.id])

      expect(projects).to eq([project1])
    end

    it 'returns the projects when using an ActiveRecord relation' do
1526 1527
      projects = user.
        projects_with_reporter_access_limited_to(Project.select(:id))
1528 1529 1530 1531 1532 1533 1534 1535 1536 1537

      expect(projects).to eq([project1])
    end

    it 'does not return projects you do not have reporter access to' do
      projects = user.projects_with_reporter_access_limited_to(project2.id)

      expect(projects).to be_empty
    end
  end
1538

1539 1540
  describe '#all_expanded_groups' do
    # foo/bar would also match foo/barbaz instead of just foo/bar and foo/bar/baz
1541 1542
    let!(:user) { create(:user) }

1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558
    #                group
    #        _______ (foo) _______
    #       |                     |
    #       |                     |
    # nested_group_1        nested_group_2
    # (bar)                 (barbaz)
    #       |                     |
    #       |                     |
    # nested_group_1_1      nested_group_2_1
    # (baz)                 (baz)
    #
    let!(:group) { create :group }
    let!(:nested_group_1) { create :group, parent: group, name: 'bar' }
    let!(:nested_group_1_1) { create :group, parent: nested_group_1, name: 'baz' }
    let!(:nested_group_2) { create :group, parent: group, name: 'barbaz' }
    let!(:nested_group_2_1) { create :group, parent: nested_group_2, name: 'baz' }
1559

1560 1561 1562 1563 1564 1565
    subject { user.all_expanded_groups }

    context 'user is not a member of any group' do
      it 'returns an empty array' do
        is_expected.to eq([])
      end
1566 1567
    end

1568 1569 1570 1571 1572 1573 1574 1575
    context 'user is member of all groups' do
      before do
        group.add_owner(user)
        nested_group_1.add_owner(user)
        nested_group_1_1.add_owner(user)
        nested_group_2.add_owner(user)
        nested_group_2_1.add_owner(user)
      end
1576

1577 1578 1579 1580 1581 1582 1583 1584
      it 'returns all groups' do
        is_expected.to match_array [
          group,
          nested_group_1, nested_group_1_1,
          nested_group_2, nested_group_2_1
        ]
      end
    end
1585

1586 1587
    context 'user is member of the top group' do
      before { group.add_owner(user) }
1588

1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602
      if Group.supports_nested_groups?
        it 'returns all groups' do
          is_expected.to match_array [
            group,
            nested_group_1, nested_group_1_1,
            nested_group_2, nested_group_2_1
          ]
        end
      else
        it 'returns the top-level groups' do
          is_expected.to match_array [group]
        end
      end
    end
1603

1604 1605
    context 'user is member of the first child (internal node), branch 1', :nested_groups do
      before { nested_group_1.add_owner(user) }
1606

1607 1608 1609 1610 1611 1612 1613 1614 1615 1616
      it 'returns the groups in the hierarchy' do
        is_expected.to match_array [
          group,
          nested_group_1, nested_group_1_1
        ]
      end
    end

    context 'user is member of the first child (internal node), branch 2', :nested_groups do
      before { nested_group_2.add_owner(user) }
1617

1618 1619 1620 1621 1622 1623
      it 'returns the groups in the hierarchy' do
        is_expected.to match_array [
          group,
          nested_group_2, nested_group_2_1
        ]
      end
1624 1625
    end

1626 1627 1628 1629 1630 1631 1632 1633 1634 1635
    context 'user is member of the last child (leaf node)', :nested_groups do
      before { nested_group_1_1.add_owner(user) }

      it 'returns the groups in the hierarchy' do
        is_expected.to match_array [
          group,
          nested_group_1, nested_group_1_1
        ]
      end
    end
1636 1637
  end

1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659
  describe '#refresh_authorized_projects', redis: true do
    let(:project1) { create(:empty_project) }
    let(:project2) { create(:empty_project) }
    let(:user) { create(:user) }

    before do
      project1.team << [user, :reporter]
      project2.team << [user, :guest]

      user.project_authorizations.delete_all
      user.refresh_authorized_projects
    end

    it 'refreshes the list of authorized projects' do
      expect(user.project_authorizations.count).to eq(2)
    end

    it 'stores the correct access levels' do
      expect(user.project_authorizations.where(access_level: Gitlab::Access::GUEST).exists?).to eq(true)
      expect(user.project_authorizations.where(access_level: Gitlab::Access::REPORTER).exists?).to eq(true)
    end
  end
Douwe Maan committed
1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692

  describe '#access_level=' do
    let(:user) { build(:user) }

    it 'does nothing for an invalid access level' do
      user.access_level = :invalid_access_level

      expect(user.access_level).to eq(:regular)
      expect(user.admin).to be false
    end

    it "assigns the 'admin' access level" do
      user.access_level = :admin

      expect(user.access_level).to eq(:admin)
      expect(user.admin).to be true
    end

    it "doesn't clear existing access levels when an invalid access level is passed in" do
      user.access_level = :admin
      user.access_level = :invalid_access_level

      expect(user.access_level).to eq(:admin)
      expect(user.admin).to be true
    end

    it "accepts string values in addition to symbols" do
      user.access_level = 'admin'

      expect(user.access_level).to eq(:admin)
      expect(user.admin).to be true
    end
  end
1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 1711 1712 1713 1714 1715

  describe '.ghost' do
    it "creates a ghost user if one isn't already present" do
      ghost = User.ghost

      expect(ghost).to be_ghost
      expect(ghost).to be_persisted
    end

    it "does not create a second ghost user if one is already present" do
      expect do
        User.ghost
        User.ghost
      end.to change { User.count }.by(1)
      expect(User.ghost).to eq(User.ghost)
    end

    context "when a regular user exists with the username 'ghost'" do
      it "creates a ghost user with a non-conflicting username" do
        create(:user, username: 'ghost')
        ghost = User.ghost

        expect(ghost).to be_persisted
1716
        expect(ghost.username).to eq('ghost1')
1717 1718 1719 1720 1721 1722 1723 1724 1725
      end
    end

    context "when a regular user exists with the email 'ghost@example.com'" do
      it "creates a ghost user with a non-conflicting email" do
        create(:user, email: 'ghost@example.com')
        ghost = User.ghost

        expect(ghost).to be_persisted
1726
        expect(ghost.email).to eq('ghost1@example.com')
1727 1728
      end
    end
1729 1730 1731 1732 1733 1734 1735 1736 1737 1738

    context 'when a domain whitelist is in place' do
      before do
        stub_application_setting(domain_whitelist: ['gitlab.com'])
      end

      it 'creates a ghost user' do
        expect(User.ghost).to be_persisted
      end
    end
1739
  end
1740 1741 1742 1743 1744 1745 1746 1747 1748 1749 1750 1751 1752 1753 1754 1755

  describe '#update_two_factor_requirement' do
    let(:user) { create :user }

    context 'with 2FA requirement on groups' do
      let(:group1) { create :group, require_two_factor_authentication: true, two_factor_grace_period: 23 }
      let(:group2) { create :group, require_two_factor_authentication: true, two_factor_grace_period: 32 }

      before do
        group1.add_user(user, GroupMember::OWNER)
        group2.add_user(user, GroupMember::OWNER)

        user.update_two_factor_requirement
      end

      it 'requires 2FA' do
1756
        expect(user.require_two_factor_authentication_from_group).to be true
1757 1758 1759 1760 1761 1762 1763
      end

      it 'uses the shortest grace period' do
        expect(user.two_factor_grace_period).to be 23
      end
    end

1764
    context 'with 2FA requirement on nested parent group', :nested_groups do
1765 1766 1767 1768 1769 1770 1771 1772 1773 1774
      let!(:group1) { create :group, require_two_factor_authentication: true }
      let!(:group1a) { create :group, require_two_factor_authentication: false, parent: group1 }

      before do
        group1a.add_user(user, GroupMember::OWNER)

        user.update_two_factor_requirement
      end

      it 'requires 2FA' do
1775
        expect(user.require_two_factor_authentication_from_group).to be true
1776 1777 1778
      end
    end

1779
    context 'with 2FA requirement on nested child group', :nested_groups do
1780 1781 1782 1783 1784 1785 1786 1787 1788 1789
      let!(:group1) { create :group, require_two_factor_authentication: false }
      let!(:group1a) { create :group, require_two_factor_authentication: true, parent: group1 }

      before do
        group1.add_user(user, GroupMember::OWNER)

        user.update_two_factor_requirement
      end

      it 'requires 2FA' do
1790
        expect(user.require_two_factor_authentication_from_group).to be true
1791 1792 1793
      end
    end

1794 1795 1796 1797 1798 1799 1800 1801 1802 1803
    context 'without 2FA requirement on groups' do
      let(:group) { create :group }

      before do
        group.add_user(user, GroupMember::OWNER)

        user.update_two_factor_requirement
      end

      it 'does not require 2FA' do
1804
        expect(user.require_two_factor_authentication_from_group).to be false
1805 1806 1807 1808 1809 1810 1811
      end

      it 'falls back to the default grace period' do
        expect(user.two_factor_grace_period).to be 48
      end
    end
  end
James Lopez committed
1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823

  context '.active' do
    before do
      User.ghost
      create(:user, name: 'user', state: 'active')
      create(:user, name: 'user', state: 'blocked')
    end

    it 'only counts active and non internal users' do
      expect(User.active.count).to eq(1)
    end
  end
1824 1825 1826 1827 1828 1829 1830 1831

  describe 'preferred language' do
    it 'is English by default' do
      user = create(:user)

      expect(user.preferred_language).to eq('en')
    end
  end
1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1843 1844 1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859

  context '#invalidate_issue_cache_counts' do
    let(:user) { build_stubbed(:user) }

    it 'invalidates cache for issue counter' do
      cache_mock = double

      expect(cache_mock).to receive(:delete).with(['users', user.id, 'assigned_open_issues_count'])

      allow(Rails).to receive(:cache).and_return(cache_mock)

      user.invalidate_issue_cache_counts
    end
  end

  context '#invalidate_merge_request_cache_counts' do
    let(:user) { build_stubbed(:user) }

    it 'invalidates cache for Merge Request counter' do
      cache_mock = double

      expect(cache_mock).to receive(:delete).with(['users', user.id, 'assigned_open_merge_requests_count'])

      allow(Rails).to receive(:cache).and_return(cache_mock)

      user.invalidate_merge_request_cache_counts
    end
  end
gitlabhq committed
1860
end