BigW Consortium Gitlab

user_spec.rb 49 KB
Newer Older
gitlabhq committed
1 2
require 'spec_helper'

Douwe Maan committed
3
describe User, models: true do
4 5
  include Gitlab::CurrentSettings

6 7 8 9 10 11 12 13 14 15 16
  describe 'modules' do
    subject { described_class }

    it { is_expected.to include_module(Gitlab::ConfigHelper) }
    it { is_expected.to include_module(Gitlab::CurrentSettings) }
    it { is_expected.to include_module(Referable) }
    it { is_expected.to include_module(Sortable) }
    it { is_expected.to include_module(TokenAuthenticatable) }
  end

  describe 'associations' do
17
    it { is_expected.to have_one(:namespace) }
18
    it { is_expected.to have_many(:snippets).dependent(:destroy) }
19 20 21
    it { is_expected.to have_many(:project_members).dependent(:destroy) }
    it { is_expected.to have_many(:groups) }
    it { is_expected.to have_many(:keys).dependent(:destroy) }
22
    it { is_expected.to have_many(:deploy_keys).dependent(:destroy) }
23
    it { is_expected.to have_many(:events).dependent(:destroy) }
24
    it { is_expected.to have_many(:recent_events).class_name('Event') }
25
    it { is_expected.to have_many(:issues).dependent(:restrict_with_exception) }
26
    it { is_expected.to have_many(:notes).dependent(:destroy) }
Douwe Maan committed
27
    it { is_expected.to have_many(:assigned_issues).dependent(:nullify) }
28
    it { is_expected.to have_many(:merge_requests).dependent(:destroy) }
Douwe Maan committed
29
    it { is_expected.to have_many(:assigned_merge_requests).dependent(:nullify) }
30
    it { is_expected.to have_many(:identities).dependent(:destroy) }
31
    it { is_expected.to have_one(:abuse_report) }
32
    it { is_expected.to have_many(:spam_logs).dependent(:destroy) }
33
    it { is_expected.to have_many(:todos).dependent(:destroy) }
34
    it { is_expected.to have_many(:award_emoji).dependent(:destroy) }
35
    it { is_expected.to have_many(:triggers).dependent(:destroy) }
36 37
    it { is_expected.to have_many(:builds).dependent(:nullify) }
    it { is_expected.to have_many(:pipelines).dependent(:nullify) }
38
    it { is_expected.to have_many(:chat_names).dependent(:destroy) }
39
    it { is_expected.to have_many(:uploads).dependent(:destroy) }
40 41 42 43

    describe '#group_members' do
      it 'does not include group memberships for which user is a requester' do
        user = create(:user)
44
        group = create(:group, :public, :access_requestable)
45 46 47 48 49 50 51 52 53
        group.request_access(user)

        expect(user.group_members).to be_empty
      end
    end

    describe '#project_members' do
      it 'does not include project memberships for which user is a requester' do
        user = create(:user)
54
        project = create(:empty_project, :public, :access_requestable)
55 56 57 58 59
        project.request_access(user)

        expect(user.project_members).to be_empty
      end
    end
60 61 62
  end

  describe 'validations' do
63 64 65 66 67 68 69 70 71 72 73 74 75
    describe 'username' do
      it 'validates presence' do
        expect(subject).to validate_presence_of(:username)
      end

      it 'rejects blacklisted names' do
        user = build(:user, username: 'dashboard')

        expect(user).not_to be_valid
        expect(user.errors.values).to eq [['dashboard is a reserved name']]
      end

      it 'validates uniqueness' do
76
        expect(subject).to validate_uniqueness_of(:username).case_insensitive
77 78 79
      end
    end

80 81 82 83
    it { is_expected.to validate_presence_of(:projects_limit) }
    it { is_expected.to validate_numericality_of(:projects_limit) }
    it { is_expected.to allow_value(0).for(:projects_limit) }
    it { is_expected.not_to allow_value(-1).for(:projects_limit) }
84

85
    it { is_expected.to validate_length_of(:bio).is_at_most(255) }
86

87 88 89
    it_behaves_like 'an object with email-formated attributes', :email do
      subject { build(:user) }
    end
90

91 92 93
    it_behaves_like 'an object with email-formated attributes', :public_email, :notification_email do
      subject { build(:user).tap { |user| user.emails << build(:email, email: email_value) } }
    end
94

95
    describe 'email' do
96
      context 'when no signup domains whitelisted' do
97
        before do
98
          allow_any_instance_of(ApplicationSetting).to receive(:domain_whitelist).and_return([])
99
        end
100

101 102 103 104 105 106
        it 'accepts any email' do
          user = build(:user, email: "info@example.com")
          expect(user).to be_valid
        end
      end

107
      context 'when a signup domain is whitelisted and subdomains are allowed' do
108
        before do
109
          allow_any_instance_of(ApplicationSetting).to receive(:domain_whitelist).and_return(['example.com', '*.example.com'])
110
        end
111

112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127
        it 'accepts info@example.com' do
          user = build(:user, email: "info@example.com")
          expect(user).to be_valid
        end

        it 'accepts info@test.example.com' do
          user = build(:user, email: "info@test.example.com")
          expect(user).to be_valid
        end

        it 'rejects example@test.com' do
          user = build(:user, email: "example@test.com")
          expect(user).to be_invalid
        end
      end

128
      context 'when a signup domain is whitelisted and subdomains are not allowed' do
129
        before do
130
          allow_any_instance_of(ApplicationSetting).to receive(:domain_whitelist).and_return(['example.com'])
131
        end
132 133 134 135 136 137 138 139 140 141 142 143 144 145 146

        it 'accepts info@example.com' do
          user = build(:user, email: "info@example.com")
          expect(user).to be_valid
        end

        it 'rejects info@test.example.com' do
          user = build(:user, email: "info@test.example.com")
          expect(user).to be_invalid
        end

        it 'rejects example@test.com' do
          user = build(:user, email: "example@test.com")
          expect(user).to be_invalid
        end
147 148 149 150 151

        it 'accepts example@test.com when added by another user' do
          user = build(:user, email: "example@test.com", created_by_id: 1)
          expect(user).to be_valid
        end
152
      end
153

154 155 156 157 158 159
      context 'domain blacklist' do
        before do
          allow_any_instance_of(ApplicationSetting).to receive(:domain_blacklist_enabled?).and_return(true)
          allow_any_instance_of(ApplicationSetting).to receive(:domain_blacklist).and_return(['example.com'])
        end

160
        context 'when a signup domain is blacklisted' do
161 162 163 164 165 166 167 168 169
          it 'accepts info@test.com' do
            user = build(:user, email: 'info@test.com')
            expect(user).to be_valid
          end

          it 'rejects info@example.com' do
            user = build(:user, email: 'info@example.com')
            expect(user).not_to be_valid
          end
170 171 172 173 174

          it 'accepts info@example.com when added by another user' do
            user = build(:user, email: 'info@example.com', created_by_id: 1)
            expect(user).to be_valid
          end
175 176
        end

177
        context 'when a signup domain is blacklisted but a wildcard subdomain is allowed' do
178 179
          before do
            allow_any_instance_of(ApplicationSetting).to receive(:domain_blacklist).and_return(['test.example.com'])
180
            allow_any_instance_of(ApplicationSetting).to receive(:domain_whitelist).and_return(['*.example.com'])
181 182
          end

183
          it 'gives priority to whitelist and allow info@test.example.com' do
184 185 186 187 188 189 190
            user = build(:user, email: 'info@test.example.com')
            expect(user).to be_valid
          end
        end

        context 'with both lists containing a domain' do
          before do
191
            allow_any_instance_of(ApplicationSetting).to receive(:domain_whitelist).and_return(['test.com'])
192 193 194 195 196 197 198 199 200 201 202 203 204 205
          end

          it 'accepts info@test.com' do
            user = build(:user, email: 'info@test.com')
            expect(user).to be_valid
          end

          it 'rejects info@example.com' do
            user = build(:user, email: 'info@example.com')
            expect(user).not_to be_valid
          end
        end
      end

206 207 208 209 210 211
      context 'owns_notification_email' do
        it 'accepts temp_oauth_email emails' do
          user = build(:user, email: "temp-email-for-oauth@example.com")
          expect(user).to be_valid
        end
      end
212
    end
213 214 215

    describe 'ghost users' do
      it 'does not allow a non-blocked ghost user' do
216 217
        user = build(:user, :ghost)
        user.state = 'active'
218 219 220 221 222

        expect(user).to be_invalid
      end

      it 'allows a blocked ghost user' do
223 224
        user = build(:user, :ghost)
        user.state = 'blocked'
225 226 227 228

        expect(user).to be_valid
      end
    end
229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288
  end

  describe "scopes" do
    describe ".with_two_factor" do
      it "returns users with 2fa enabled via OTP" do
        user_with_2fa = create(:user, :two_factor_via_otp)
        user_without_2fa = create(:user)
        users_with_two_factor = User.with_two_factor.pluck(:id)

        expect(users_with_two_factor).to include(user_with_2fa.id)
        expect(users_with_two_factor).not_to include(user_without_2fa.id)
      end

      it "returns users with 2fa enabled via U2F" do
        user_with_2fa = create(:user, :two_factor_via_u2f)
        user_without_2fa = create(:user)
        users_with_two_factor = User.with_two_factor.pluck(:id)

        expect(users_with_two_factor).to include(user_with_2fa.id)
        expect(users_with_two_factor).not_to include(user_without_2fa.id)
      end

      it "returns users with 2fa enabled via OTP and U2F" do
        user_with_2fa = create(:user, :two_factor_via_otp, :two_factor_via_u2f)
        user_without_2fa = create(:user)
        users_with_two_factor = User.with_two_factor.pluck(:id)

        expect(users_with_two_factor).to eq([user_with_2fa.id])
        expect(users_with_two_factor).not_to include(user_without_2fa.id)
      end
    end

    describe ".without_two_factor" do
      it "excludes users with 2fa enabled via OTP" do
        user_with_2fa = create(:user, :two_factor_via_otp)
        user_without_2fa = create(:user)
        users_without_two_factor = User.without_two_factor.pluck(:id)

        expect(users_without_two_factor).to include(user_without_2fa.id)
        expect(users_without_two_factor).not_to include(user_with_2fa.id)
      end

      it "excludes users with 2fa enabled via U2F" do
        user_with_2fa = create(:user, :two_factor_via_u2f)
        user_without_2fa = create(:user)
        users_without_two_factor = User.without_two_factor.pluck(:id)

        expect(users_without_two_factor).to include(user_without_2fa.id)
        expect(users_without_two_factor).not_to include(user_with_2fa.id)
      end

      it "excludes users with 2fa enabled via OTP and U2F" do
        user_with_2fa = create(:user, :two_factor_via_otp, :two_factor_via_u2f)
        user_without_2fa = create(:user)
        users_without_two_factor = User.without_two_factor.pluck(:id)

        expect(users_without_two_factor).to include(user_without_2fa.id)
        expect(users_without_two_factor).not_to include(user_with_2fa.id)
      end
    end
289 290 291 292 293 294 295 296 297 298 299 300 301 302

    describe '.todo_authors' do
      it 'filters users' do
        create :user
        user_2 = create :user
        user_3 = create :user
        current_user = create :user
        create(:todo, user: current_user, author: user_2, state: :done)
        create(:todo, user: current_user, author: user_3, state: :pending)

        expect(User.todo_authors(current_user.id, 'pending')).to eq [user_3]
        expect(User.todo_authors(current_user.id, 'done')).to eq [user_2]
      end
    end
gitlabhq committed
303 304 305
  end

  describe "Respond to" do
306 307 308
    it { is_expected.to respond_to(:is_admin?) }
    it { is_expected.to respond_to(:name) }
    it { is_expected.to respond_to(:private_token) }
Zeger-Jan van de Weg committed
309 310 311 312 313 314 315 316 317 318 319 320 321 322
    it { is_expected.to respond_to(:external?) }
  end

  describe 'before save hook' do
    context 'when saving an external user' do
      let(:user)          { create(:user) }
      let(:external_user) { create(:user, external: true) }

      it "sets other properties aswell" do
        expect(external_user.can_create_team).to be_falsey
        expect(external_user.can_create_group).to be_falsey
        expect(external_user.projects_limit).to be 0
      end
    end
gitlabhq committed
323 324
  end

325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352
  shared_context 'user keys' do
    let(:user) { create(:user) }
    let!(:key) { create(:key, user: user) }
    let!(:deploy_key) { create(:deploy_key, user: user) }
  end

  describe '#keys' do
    include_context 'user keys'

    context 'with key and deploy key stored' do
      it 'returns stored key, but not deploy_key' do
        expect(user.keys).to include key
        expect(user.keys).not_to include deploy_key
      end
    end
  end

  describe '#deploy_keys' do
    include_context 'user keys'

    context 'with key and deploy key stored' do
      it 'returns stored deploy key, but not normal key' do
        expect(user.deploy_keys).to include deploy_key
        expect(user.deploy_keys).not_to include key
      end
    end
  end

353
  describe '#confirm' do
354 355 356
    before do
      allow_any_instance_of(ApplicationSetting).to receive(:send_user_confirmation_email).and_return(true)
    end
357

358 359 360 361 362 363 364
    let(:user) { create(:user, confirmed_at: nil, unconfirmed_email: 'test@gitlab.com') }

    it 'returns unconfirmed' do
      expect(user.confirmed?).to be_falsey
    end

    it 'confirms a user' do
365
      user.confirm
366 367 368 369
      expect(user.confirmed?).to be_truthy
    end
  end

370 371 372 373 374 375 376 377
  describe '#to_reference' do
    let(:user) { create(:user) }

    it 'returns a String reference to the object' do
      expect(user.to_reference).to eq "@#{user.username}"
    end
  end

378
  describe '#generate_password' do
379
    it "executes callback when force_random_password specified" do
380
      user = build(:user, force_random_password: true)
381
      expect(user).to receive(:generate_password)
382 383 384
      user.save
    end

385
    it "does not generate password by default" do
386
      user = create(:user, password: 'abcdefghe')
387
      expect(user.password).to eq('abcdefghe')
388
    end
389

390
    it "generates password when forcing random password" do
391
      allow(Devise).to receive(:friendly_token).and_return('123456789')
392
      user = create(:user, password: 'abcdefg', force_random_password: true)
393
      expect(user.password).to eq('12345678')
394
    end
395 396
  end

397
  describe 'authentication token' do
398
    it "has authentication token" do
399
      user = create(:user)
400
      expect(user.authentication_token).not_to be_blank
401
    end
Nihad Abbasov committed
402
  end
403

404
  describe '#recently_sent_password_reset?' do
405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423
    it 'is false when reset_password_sent_at is nil' do
      user = build_stubbed(:user, reset_password_sent_at: nil)

      expect(user.recently_sent_password_reset?).to eq false
    end

    it 'is false when sent more than one minute ago' do
      user = build_stubbed(:user, reset_password_sent_at: 5.minutes.ago)

      expect(user.recently_sent_password_reset?).to eq false
    end

    it 'is true when sent less than one minute ago' do
      user = build_stubbed(:user, reset_password_sent_at: Time.now)

      expect(user.recently_sent_password_reset?).to eq true
    end
  end

424 425 426 427 428 429 430
  describe '#disable_two_factor!' do
    it 'clears all 2FA-related fields' do
      user = create(:user, :two_factor)

      expect(user).to be_two_factor_enabled
      expect(user.encrypted_otp_secret).not_to be_nil
      expect(user.otp_backup_codes).not_to be_nil
431
      expect(user.otp_grace_period_started_at).not_to be_nil
432 433 434 435 436 437 438 439

      user.disable_two_factor!

      expect(user).not_to be_two_factor_enabled
      expect(user.encrypted_otp_secret).to be_nil
      expect(user.encrypted_otp_secret_iv).to be_nil
      expect(user.encrypted_otp_secret_salt).to be_nil
      expect(user.otp_backup_codes).to be_nil
440
      expect(user.otp_grace_period_started_at).to be_nil
441 442 443
    end
  end

444 445
  describe 'projects' do
    before do
446
      @user = create(:user)
447

448 449 450 451 452 453 454
      @project = create(:empty_project, namespace: @user.namespace)
      @project_2 = create(:empty_project, group: create(:group)) do |project|
        project.add_master(@user)
      end
      @project_3 = create(:empty_project, group: create(:group)) do |project|
        project.add_developer(@user)
      end
455 456
    end

457 458 459 460 461 462 463 464 465
    it { expect(@user.authorized_projects).to include(@project) }
    it { expect(@user.authorized_projects).to include(@project_2) }
    it { expect(@user.authorized_projects).to include(@project_3) }
    it { expect(@user.owned_projects).to include(@project) }
    it { expect(@user.owned_projects).not_to include(@project_2) }
    it { expect(@user.owned_projects).not_to include(@project_3) }
    it { expect(@user.personal_projects).to include(@project) }
    it { expect(@user.personal_projects).not_to include(@project_2) }
    it { expect(@user.personal_projects).not_to include(@project_3) }
466 467 468 469 470
  end

  describe 'groups' do
    before do
      @user = create :user
471 472
      @group = create :group
      @group.add_owner(@user)
473 474
    end

475 476 477
    it { expect(@user.several_namespaces?).to be_truthy }
    it { expect(@user.authorized_groups).to eq([@group]) }
    it { expect(@user.owned_groups).to eq([@group]) }
478
    it { expect(@user.namespaces).to match_array([@user.namespace, @group]) }
479 480
  end

481 482 483 484
  describe 'group multiple owners' do
    before do
      @user = create :user
      @user2 = create :user
485 486
      @group = create :group
      @group.add_owner(@user)
487

488
      @group.add_user(@user2, GroupMember::OWNER)
489 490
    end

491
    it { expect(@user2.several_namespaces?).to be_truthy }
492 493
  end

494 495 496
  describe 'namespaced' do
    before do
      @user = create :user
497
      @project = create(:empty_project, namespace: @user.namespace)
498 499
    end

500
    it { expect(@user.several_namespaces?).to be_falsey }
501
    it { expect(@user.namespaces).to eq([@user.namespace]) }
502 503 504 505 506
  end

  describe 'blocking user' do
    let(:user) { create(:user, name: 'John Smith') }

507
    it "blocks user" do
508
      user.block
509
      expect(user.blocked?).to be_truthy
510 511 512
    end
  end

513 514 515 516 517 518 519
  describe '.filter' do
    let(:user) { double }

    it 'filters by active users by default' do
      expect(User).to receive(:active).and_return([user])

      expect(User.filter(nil)).to include user
520 521
    end

522 523 524 525
    it 'filters by admins' do
      expect(User).to receive(:admins).and_return([user])

      expect(User.filter('admins')).to include user
526 527
    end

528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550
    it 'filters by blocked' do
      expect(User).to receive(:blocked).and_return([user])

      expect(User.filter('blocked')).to include user
    end

    it 'filters by two_factor_disabled' do
      expect(User).to receive(:without_two_factor).and_return([user])

      expect(User.filter('two_factor_disabled')).to include user
    end

    it 'filters by two_factor_enabled' do
      expect(User).to receive(:with_two_factor).and_return([user])

      expect(User.filter('two_factor_enabled')).to include user
    end

    it 'filters by wop' do
      expect(User).to receive(:without_projects).and_return([user])

      expect(User.filter('wop')).to include user
    end
551 552
  end

553
  describe '.without_projects' do
554
    let!(:project) { create(:empty_project, :public, :access_requestable) }
555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574
    let!(:user) { create(:user) }
    let!(:user_without_project) { create(:user) }
    let!(:user_without_project2) { create(:user) }

    before do
      # add user to project
      project.team << [user, :master]

      # create invite to projet
      create(:project_member, :developer, project: project, invite_token: '1234', invite_email: 'inviteduser1@example.com')

      # create request to join project
      project.request_access(user_without_project2)
    end

    it { expect(User.without_projects).not_to include user }
    it { expect(User.without_projects).to include user_without_project }
    it { expect(User.without_projects).to include user_without_project2 }
  end

575
  describe '.not_in_project' do
576
    before do
577
      User.delete_all
578
      @user = create :user
579
      @project = create(:empty_project)
580 581
    end

582
    it { expect(User.not_in_project(@project)).to include(@user, @project.owner) }
583
  end
Dmitriy Zaporozhets committed
584

585 586 587
  describe 'user creation' do
    describe 'normal user' do
      let(:user) { create(:user, name: 'John Smith') }
Dmitriy Zaporozhets committed
588

589 590 591 592 593
      it { expect(user.is_admin?).to be_falsey }
      it { expect(user.require_ssh_key?).to be_truthy }
      it { expect(user.can_create_group?).to be_truthy }
      it { expect(user.can_create_project?).to be_truthy }
      it { expect(user.first_name).to eq('John') }
594
      it { expect(user.external).to be_falsey }
595
    end
596

597
    describe 'with defaults' do
598
      let(:user) { User.new }
Dmitriy Zaporozhets committed
599

600
      it "applies defaults to user" do
601 602
        expect(user.projects_limit).to eq(Gitlab.config.gitlab.default_projects_limit)
        expect(user.can_create_group).to eq(Gitlab.config.gitlab.default_can_create_group)
Zeger-Jan van de Weg committed
603
        expect(user.external).to be_falsey
604 605 606
      end
    end

607
    describe 'with default overrides' do
608
      let(:user) { User.new(projects_limit: 123, can_create_group: false, can_create_team: true) }
Dmitriy Zaporozhets committed
609

610
      it "applies defaults to user" do
611 612
        expect(user.projects_limit).to eq(123)
        expect(user.can_create_group).to be_falsey
613
      end
614
    end
615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634

    context 'when current_application_settings.user_default_external is true' do
      before do
        stub_application_setting(user_default_external: true)
      end

      it "creates external user by default" do
        user = build(:user)

        expect(user.external).to be_truthy
      end

      describe 'with default overrides' do
        it "creates a non-external user" do
          user = build(:user, external: false)

          expect(user.external).to be_falsey
        end
      end
    end
635

636 637 638 639 640 641 642 643 644 645 646 647 648 649
    describe '#require_ssh_key?' do
      protocol_and_expectation = {
        'http' => false,
        'ssh' => true,
        '' => true,
      }

      protocol_and_expectation.each do |protocol, expected|
        it "has correct require_ssh_key?" do
          stub_application_setting(enabled_git_access_protocol: protocol)
          user = build(:user)

          expect(user.require_ssh_key?).to eq(expected)
        end
650 651
      end
    end
652
  end
653

654
  describe '.find_by_any_email' do
655 656 657
    it 'finds by primary email' do
      user = create(:user, email: 'foo@example.com')

658
      expect(User.find_by_any_email(user.email)).to eq user
659 660 661 662 663 664
    end

    it 'finds by secondary email' do
      email = create(:email, email: 'foo@example.com')
      user  = email.user

665
      expect(User.find_by_any_email(email.email)).to eq user
666 667 668
    end

    it 'returns nil when nothing found' do
669
      expect(User.find_by_any_email('')).to be_nil
670 671 672
    end
  end

673 674 675 676 677 678 679 680 681 682 683
  describe '.search' do
    let(:user) { create(:user) }

    it 'returns users with a matching name' do
      expect(described_class.search(user.name)).to eq([user])
    end

    it 'returns users with a partially matching name' do
      expect(described_class.search(user.name[0..2])).to eq([user])
    end

684
    it 'returns users with a matching name regardless of the casing' do
685 686 687 688 689 690 691 692 693 694 695
      expect(described_class.search(user.name.upcase)).to eq([user])
    end

    it 'returns users with a matching Email' do
      expect(described_class.search(user.email)).to eq([user])
    end

    it 'returns users with a partially matching Email' do
      expect(described_class.search(user.email[0..2])).to eq([user])
    end

696
    it 'returns users with a matching Email regardless of the casing' do
697 698 699 700 701 702 703 704 705 706 707
      expect(described_class.search(user.email.upcase)).to eq([user])
    end

    it 'returns users with a matching username' do
      expect(described_class.search(user.username)).to eq([user])
    end

    it 'returns users with a partially matching username' do
      expect(described_class.search(user.username[0..2])).to eq([user])
    end

708
    it 'returns users with a matching username regardless of the casing' do
709
      expect(described_class.search(user.username.upcase)).to eq([user])
710
    end
711 712 713
  end

  describe '.search_with_secondary_emails' do
Douwe Maan committed
714
    delegate :search_with_secondary_emails, to: :described_class
715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782

    let!(:user) { create(:user) }
    let!(:email) { create(:email) }

    it 'returns users with a matching name' do
      expect(search_with_secondary_emails(user.name)).to eq([user])
    end

    it 'returns users with a partially matching name' do
      expect(search_with_secondary_emails(user.name[0..2])).to eq([user])
    end

    it 'returns users with a matching name regardless of the casing' do
      expect(search_with_secondary_emails(user.name.upcase)).to eq([user])
    end

    it 'returns users with a matching email' do
      expect(search_with_secondary_emails(user.email)).to eq([user])
    end

    it 'returns users with a partially matching email' do
      expect(search_with_secondary_emails(user.email[0..2])).to eq([user])
    end

    it 'returns users with a matching email regardless of the casing' do
      expect(search_with_secondary_emails(user.email.upcase)).to eq([user])
    end

    it 'returns users with a matching username' do
      expect(search_with_secondary_emails(user.username)).to eq([user])
    end

    it 'returns users with a partially matching username' do
      expect(search_with_secondary_emails(user.username[0..2])).to eq([user])
    end

    it 'returns users with a matching username regardless of the casing' do
      expect(search_with_secondary_emails(user.username.upcase)).to eq([user])
    end

    it 'returns users with a matching whole secondary email' do
      expect(search_with_secondary_emails(email.email)).to eq([email.user])
    end

    it 'returns users with a matching part of secondary email' do
      expect(search_with_secondary_emails(email.email[1..4])).to eq([email.user])
    end

    it 'return users with a matching part of secondary email regardless of case' do
      expect(search_with_secondary_emails(email.email[1..4].upcase)).to eq([email.user])
      expect(search_with_secondary_emails(email.email[1..4].downcase)).to eq([email.user])
      expect(search_with_secondary_emails(email.email[1..4].capitalize)).to eq([email.user])
    end

    it 'returns multiple users with matching secondary emails' do
      email1 = create(:email, email: '1_testemail@example.com')
      email2 = create(:email, email: '2_testemail@example.com')
      email3 = create(:email, email: 'other@email.com')
      email3.user.update_attributes!(email: 'another@mail.com')

      expect(
        search_with_secondary_emails('testemail@example.com').map(&:id)
      ).to include(email1.user.id, email2.user.id)

      expect(
        search_with_secondary_emails('testemail@example.com').map(&:id)
      ).not_to include(email3.user.id)
    end
783 784
  end

785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801
  describe '.find_by_ssh_key_id' do
    context 'using an existing SSH key ID' do
      let(:user) { create(:user) }
      let(:key) { create(:key, user: user) }

      it 'returns the corresponding User' do
        expect(described_class.find_by_ssh_key_id(key.id)).to eq(user)
      end
    end

    context 'using an invalid SSH key ID' do
      it 'returns nil' do
        expect(described_class.find_by_ssh_key_id(-1)).to be_nil
      end
    end
  end

802 803 804 805
  describe '.by_login' do
    let(:username) { 'John' }
    let!(:user) { create(:user, username: username) }

806
    it 'gets the correct user' do
807 808 809 810 811 812 813 814 815
      expect(User.by_login(user.email.upcase)).to eq user
      expect(User.by_login(user.email)).to eq user
      expect(User.by_login(username.downcase)).to eq user
      expect(User.by_login(username)).to eq user
      expect(User.by_login(nil)).to be_nil
      expect(User.by_login('')).to be_nil
    end
  end

816 817 818 819 820 821 822 823 824 825 826
  describe '.find_by_username' do
    it 'returns nil if not found' do
      expect(described_class.find_by_username('JohnDoe')).to be_nil
    end

    it 'is case-insensitive' do
      user = create(:user, username: 'JohnDoe')
      expect(described_class.find_by_username('JOHNDOE')).to eq user
    end
  end

827 828
  describe '.find_by_username!' do
    it 'raises RecordNotFound' do
829 830
      expect { described_class.find_by_username!('JohnDoe') }.
        to raise_error(ActiveRecord::RecordNotFound)
831 832 833 834 835 836 837 838
    end

    it 'is case-insensitive' do
      user = create(:user, username: 'JohnDoe')
      expect(described_class.find_by_username!('JOHNDOE')).to eq user
    end
  end

839
  describe 'all_ssh_keys' do
840
    it { is_expected.to have_many(:keys).dependent(:destroy) }
841

842
    it "has all ssh keys" do
843 844 845
      user = create :user
      key = create :key, key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD33bWLBxu48Sev9Fert1yzEO4WGcWglWF7K/AwblIUFselOt/QdOL9DSjpQGxLagO1s9wl53STIO8qGS4Ms0EJZyIXOEFMjFJ5xmjSy+S37By4sG7SsltQEHMxtbtFOaW5LV2wCrX+rUsRNqLMamZjgjcPO0/EgGCXIGMAYW4O7cwGZdXWYIhQ1Vwy+CsVMDdPkPgBXqK7nR/ey8KMs8ho5fMNgB5hBw/AL9fNGhRw3QTD6Q12Nkhl4VZES2EsZqlpNnJttnPdp847DUsT6yuLRlfiQfz5Cn9ysHFdXObMN5VYIiPFwHeYCZp1X2S4fDZooRE8uOLTfxWHPXwrhqSH", user_id: user.id

846
      expect(user.all_ssh_keys).to include(a_string_starting_with(key.key))
847
    end
848
  end
849

850
  describe '#avatar_type' do
851 852
    let(:user) { create(:user) }

853
    it 'is true if avatar is image' do
854
      user.update_attribute(:avatar, 'uploads/avatar.png')
855
      expect(user.avatar_type).to be_truthy
856 857
    end

858
    it 'is false if avatar is html page' do
859
      user.update_attribute(:avatar, 'uploads/avatar.html')
860
      expect(user.avatar_type).to eq(['only images allowed'])
861 862
    end
  end
Jerome Dalbert committed
863

864
  describe '#requires_ldap_check?' do
865 866
    let(:user) { User.new }

867 868
    it 'is false when LDAP is disabled' do
      # Create a condition which would otherwise cause 'true' to be returned
869
      allow(user).to receive(:ldap_user?).and_return(true)
870
      user.last_credential_check_at = nil
871
      expect(user.requires_ldap_check?).to be_falsey
872 873
    end

874
    context 'when LDAP is enabled' do
875 876 877
      before do
        allow(Gitlab.config.ldap).to receive(:enabled).and_return(true)
      end
878

879
      it 'is false for non-LDAP users' do
880
        allow(user).to receive(:ldap_user?).and_return(false)
881
        expect(user.requires_ldap_check?).to be_falsey
882 883
      end

884
      context 'and when the user is an LDAP user' do
885 886 887
        before do
          allow(user).to receive(:ldap_user?).and_return(true)
        end
888 889 890

        it 'is true when the user has never had an LDAP check before' do
          user.last_credential_check_at = nil
891
          expect(user.requires_ldap_check?).to be_truthy
892 893 894 895
        end

        it 'is true when the last LDAP check happened over 1 hour ago' do
          user.last_credential_check_at = 2.hours.ago
896
          expect(user.requires_ldap_check?).to be_truthy
897
        end
898 899 900 901
      end
    end
  end

902
  context 'ldap synchronized user' do
903
    describe '#ldap_user?' do
904 905 906 907
      it 'is true if provider name starts with ldap' do
        user = create(:omniauth_user, provider: 'ldapmain')
        expect(user.ldap_user?).to be_truthy
      end
908

909 910 911 912 913 914 915 916 917
      it 'is false for other providers' do
        user = create(:omniauth_user, provider: 'other-provider')
        expect(user.ldap_user?).to be_falsey
      end

      it 'is false if no extern_uid is provided' do
        user = create(:omniauth_user, extern_uid: nil)
        expect(user.ldap_user?).to be_falsey
      end
918 919
    end

920
    describe '#ldap_identity' do
921 922 923 924
      it 'returns ldap identity' do
        user = create :omniauth_user
        expect(user.ldap_identity.provider).not_to be_empty
      end
925 926
    end

927 928 929 930 931 932 933 934
    describe '#ldap_block' do
      let(:user) { create(:omniauth_user, provider: 'ldapmain', name: 'John Smith') }

      it 'blocks user flaging the action caming from ldap' do
        user.ldap_block
        expect(user.blocked?).to be_truthy
        expect(user.ldap_blocked?).to be_truthy
      end
935 936 937
    end
  end

Jerome Dalbert committed
938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976
  describe '#full_website_url' do
    let(:user) { create(:user) }

    it 'begins with http if website url omits it' do
      user.website_url = 'test.com'

      expect(user.full_website_url).to eq 'http://test.com'
    end

    it 'begins with http if website url begins with http' do
      user.website_url = 'http://test.com'

      expect(user.full_website_url).to eq 'http://test.com'
    end

    it 'begins with https if website url begins with https' do
      user.website_url = 'https://test.com'

      expect(user.full_website_url).to eq 'https://test.com'
    end
  end

  describe '#short_website_url' do
    let(:user) { create(:user) }

    it 'does not begin with http if website url omits it' do
      user.website_url = 'test.com'

      expect(user.short_website_url).to eq 'test.com'
    end

    it 'does not begin with http if website url begins with http' do
      user.website_url = 'http://test.com'

      expect(user.short_website_url).to eq 'test.com'
    end

    it 'does not begin with https if website url begins with https' do
      user.website_url = 'https://test.com'
977

Jerome Dalbert committed
978 979
      expect(user.short_website_url).to eq 'test.com'
    end
980
  end
Ciro Santilli committed
981

982 983
  describe '#starred?' do
    it 'determines if user starred a project' do
984
      user = create :user
985 986
      project1 = create(:empty_project, :public)
      project2 = create(:empty_project, :public)
987

988 989
      expect(user.starred?(project1)).to be_falsey
      expect(user.starred?(project2)).to be_falsey
990 991

      star1 = UsersStarProject.create!(project: project1, user: user)
992 993
      expect(user.starred?(project1)).to be_truthy
      expect(user.starred?(project2)).to be_falsey
994 995

      star2 = UsersStarProject.create!(project: project2, user: user)
996 997
      expect(user.starred?(project1)).to be_truthy
      expect(user.starred?(project2)).to be_truthy
998 999

      star1.destroy
1000 1001
      expect(user.starred?(project1)).to be_falsey
      expect(user.starred?(project2)).to be_truthy
1002 1003

      star2.destroy
1004 1005
      expect(user.starred?(project1)).to be_falsey
      expect(user.starred?(project2)).to be_falsey
1006 1007 1008
    end
  end

1009 1010
  describe '#toggle_star' do
    it 'toggles stars' do
Ciro Santilli committed
1011
      user = create :user
1012
      project = create(:empty_project, :public)
Ciro Santilli committed
1013

1014
      expect(user.starred?(project)).to be_falsey
Ciro Santilli committed
1015
      user.toggle_star(project)
1016
      expect(user.starred?(project)).to be_truthy
Ciro Santilli committed
1017
      user.toggle_star(project)
1018
      expect(user.starred?(project)).to be_falsey
Ciro Santilli committed
1019 1020
    end
  end
Valery Sizov committed
1021

1022
  describe '#sort' do
Valery Sizov committed
1023 1024 1025 1026
    before do
      User.delete_all
      @user = create :user, created_at: Date.today, last_sign_in_at: Date.today, name: 'Alpha'
      @user1 = create :user, created_at: Date.today - 1, last_sign_in_at: Date.today - 1, name: 'Omega'
1027
      @user2 = create :user, created_at: Date.today - 2, last_sign_in_at: nil, name: 'Beta'
Valery Sizov committed
1028
    end
1029

1030 1031 1032 1033 1034 1035 1036 1037
    context 'when sort by recent_sign_in' do
      it 'sorts users by the recent sign-in time' do
        expect(User.sort('recent_sign_in').first).to eq(@user)
      end

      it 'pushes users who never signed in to the end' do
        expect(User.sort('recent_sign_in').third).to eq(@user2)
      end
Valery Sizov committed
1038 1039
    end

1040 1041 1042 1043 1044 1045 1046 1047
    context 'when sort by oldest_sign_in' do
      it 'sorts users by the oldest sign-in time' do
        expect(User.sort('oldest_sign_in').first).to eq(@user1)
      end

      it 'pushes users who never signed in to the end' do
        expect(User.sort('oldest_sign_in').third).to eq(@user2)
      end
Valery Sizov committed
1048 1049
    end

1050
    it 'sorts users in descending order by their creation time' do
1051
      expect(User.sort('created_desc').first).to eq(@user)
Valery Sizov committed
1052 1053
    end

1054 1055
    it 'sorts users in ascending order by their creation time' do
      expect(User.sort('created_asc').first).to eq(@user2)
Valery Sizov committed
1056 1057
    end

1058 1059
    it 'sorts users by id in descending order when nil is passed' do
      expect(User.sort(nil).first).to eq(@user2)
Valery Sizov committed
1060 1061
    end
  end
1062

1063
  describe "#contributed_projects" do
1064
    subject { create(:user) }
1065 1066 1067
    let!(:project1) { create(:empty_project) }
    let!(:project2) { create(:empty_project, forked_from_project: project3) }
    let!(:project3) { create(:empty_project) }
1068
    let!(:merge_request) { create(:merge_request, source_project: project2, target_project: project3, author: subject) }
1069 1070
    let!(:push_event) { create(:event, :pushed, project: project1, target: project1, author: subject) }
    let!(:merge_event) { create(:event, :created, project: project3, target: merge_request, author: subject) }
1071 1072 1073 1074 1075 1076 1077

    before do
      project1.team << [subject, :master]
      project2.team << [subject, :master]
    end

    it "includes IDs for projects the user has pushed to" do
1078
      expect(subject.contributed_projects).to include(project1)
1079 1080 1081
    end

    it "includes IDs for projects the user has had merge requests merged into" do
1082
      expect(subject.contributed_projects).to include(project3)
1083 1084 1085
    end

    it "doesn't include IDs for unrelated projects" do
1086
      expect(subject.contributed_projects).not_to include(project2)
1087 1088
    end
  end
1089

1090
  describe '#can_be_removed?' do
1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105
    subject { create(:user) }

    context 'no owned groups' do
      it { expect(subject.can_be_removed?).to be_truthy }
    end

    context 'has owned groups' do
      before do
        group = create(:group)
        group.add_owner(subject)
      end

      it { expect(subject.can_be_removed?).to be_falsey }
    end
  end
1106 1107 1108

  describe "#recent_push" do
    subject { create(:user) }
1109 1110
    let!(:project1) { create(:project, :repository) }
    let!(:project2) { create(:project, :repository, forked_from_project: project1) }
1111
    let!(:push_data) do
1112
      Gitlab::DataBuilder::Push.build_sample(project2, subject)
1113
    end
1114
    let!(:push_event) { create(:event, :pushed, project: project2, target: project1, author: subject, data: push_data) }
1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135

    before do
      project1.team << [subject, :master]
      project2.team << [subject, :master]
    end

    it "includes push event" do
      expect(subject.recent_push).to eq(push_event)
    end

    it "excludes push event if branch has been deleted" do
      allow_any_instance_of(Repository).to receive(:branch_names).and_return(['foo'])

      expect(subject.recent_push).to eq(nil)
    end

    it "excludes push event if MR is opened for it" do
      create(:merge_request, source_project: project2, target_project: project1, source_branch: project2.default_branch, target_branch: 'fix', author: subject)

      expect(subject.recent_push).to eq(nil)
    end
1136 1137 1138 1139 1140 1141

    it "includes push events on any of the provided projects" do
      expect(subject.recent_push(project1)).to eq(nil)
      expect(subject.recent_push(project2)).to eq(push_event)

      push_data1 = Gitlab::DataBuilder::Push.build_sample(project1, subject)
1142
      push_event1 = create(:event, :pushed, project: project1, target: project1, author: subject, data: push_data1)
1143 1144 1145

      expect(subject.recent_push([project1, project2])).to eq(push_event1) # Newest
    end
1146
  end
1147 1148 1149 1150 1151 1152 1153 1154 1155

  describe '#authorized_groups' do
    let!(:user) { create(:user) }
    let!(:private_group) { create(:group) }

    before do
      private_group.add_user(user, Gitlab::Access::MASTER)
    end

1156
    subject { user.authorized_groups }
1157

1158
    it { is_expected.to eq([private_group]) }
1159 1160
  end

1161
  describe '#authorized_projects', truncate: true do
1162 1163 1164 1165
    context 'with a minimum access level' do
      it 'includes projects for which the user is an owner' do
        user = create(:user)
        project = create(:empty_project, :private, namespace: user.namespace)
1166

1167 1168
        expect(user.authorized_projects(Gitlab::Access::REPORTER))
          .to contain_exactly(project)
1169
      end
1170

1171 1172 1173 1174 1175
      it 'includes projects for which the user is a master' do
        user = create(:user)
        project = create(:empty_project, :private)

        project.team << [user, Gitlab::Access::MASTER]
1176

1177 1178
        expect(user.authorized_projects(Gitlab::Access::REPORTER))
          .to contain_exactly(project)
1179 1180
      end
    end
1181 1182 1183

    it "includes user's personal projects" do
      user    = create(:user)
1184
      project = create(:empty_project, :private, namespace: user.namespace)
1185 1186 1187 1188 1189 1190 1191

      expect(user.authorized_projects).to include(project)
    end

    it "includes personal projects user has been given access to" do
      user1   = create(:user)
      user2   = create(:user)
1192
      project = create(:empty_project, :private, namespace: user1.namespace)
1193 1194 1195 1196 1197 1198 1199 1200

      project.team << [user2, Gitlab::Access::DEVELOPER]

      expect(user2.authorized_projects).to include(project)
    end

    it "includes projects of groups user has been added to" do
      group   = create(:group)
1201
      project = create(:empty_project, group: group)
1202 1203 1204 1205 1206 1207 1208 1209 1210
      user    = create(:user)

      group.add_developer(user)

      expect(user.authorized_projects).to include(project)
    end

    it "does not include projects of groups user has been removed from" do
      group   = create(:group)
1211
      project = create(:empty_project, group: group)
1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222
      user    = create(:user)

      member = group.add_developer(user)
      expect(user.authorized_projects).to include(project)

      member.destroy
      expect(user.authorized_projects).not_to include(project)
    end

    it "includes projects shared with user's group" do
      user    = create(:user)
1223
      project = create(:empty_project, :private)
1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234
      group   = create(:group)

      group.add_reporter(user)
      project.project_group_links.create(group: group)

      expect(user.authorized_projects).to include(project)
    end

    it "does not include destroyed projects user had access to" do
      user1   = create(:user)
      user2   = create(:user)
1235
      project = create(:empty_project, :private, namespace: user1.namespace)
1236 1237 1238 1239 1240 1241 1242 1243 1244 1245

      project.team << [user2, Gitlab::Access::DEVELOPER]
      expect(user2.authorized_projects).to include(project)

      project.destroy
      expect(user2.authorized_projects).not_to include(project)
    end

    it "does not include projects of destroyed groups user had access to" do
      group   = create(:group)
1246
      project = create(:empty_project, namespace: group)
1247 1248 1249 1250 1251 1252 1253 1254
      user    = create(:user)

      group.add_developer(user)
      expect(user.authorized_projects).to include(project)

      group.destroy
      expect(user.authorized_projects).not_to include(project)
    end
1255
  end
1256

1257 1258 1259 1260
  describe '#projects_where_can_admin_issues' do
    let(:user) { create(:user) }

    it 'includes projects for which the user access level is above or equal to reporter' do
1261 1262 1263
      reporter_project  = create(:empty_project) { |p| p.add_reporter(user) }
      developer_project = create(:empty_project) { |p| p.add_developer(user) }
      master_project    = create(:empty_project) { |p| p.add_master(user) }
1264 1265 1266 1267 1268 1269 1270 1271

      expect(user.projects_where_can_admin_issues.to_a).to eq([master_project, developer_project, reporter_project])
      expect(user.can?(:admin_issue, master_project)).to eq(true)
      expect(user.can?(:admin_issue, developer_project)).to eq(true)
      expect(user.can?(:admin_issue, reporter_project)).to eq(true)
    end

    it 'does not include for which the user access level is below reporter' do
1272 1273
      project = create(:empty_project)
      guest_project = create(:empty_project) { |p| p.add_guest(user) }
1274 1275 1276 1277 1278 1279 1280

      expect(user.projects_where_can_admin_issues.to_a).to be_empty
      expect(user.can?(:admin_issue, guest_project)).to eq(false)
      expect(user.can?(:admin_issue, project)).to eq(false)
    end

    it 'does not include archived projects' do
1281
      project = create(:empty_project, :archived)
1282 1283 1284 1285 1286 1287

      expect(user.projects_where_can_admin_issues.to_a).to be_empty
      expect(user.can?(:admin_issue, project)).to eq(false)
    end

    it 'does not include projects for which issues are disabled' do
1288
      project = create(:empty_project, :issues_disabled)
1289 1290 1291 1292 1293 1294

      expect(user.projects_where_can_admin_issues.to_a).to be_empty
      expect(user.can?(:admin_issue, project)).to eq(false)
    end
  end

1295 1296 1297 1298
  describe '#ci_authorized_runners' do
    let(:user) { create(:user) }
    let(:runner) { create(:ci_runner) }

1299 1300 1301
    before do
      project.runners << runner
    end
1302 1303

    context 'without any projects' do
1304
      let(:project) { create(:empty_project) }
1305 1306

      it 'does not load' do
1307
        expect(user.ci_authorized_runners).to be_empty
1308 1309 1310 1311 1312
      end
    end

    context 'with personal projects runners' do
      let(:namespace) { create(:namespace, owner: user) }
1313
      let(:project) { create(:empty_project, namespace: namespace) }
1314 1315

      it 'loads' do
1316
        expect(user.ci_authorized_runners).to contain_exactly(runner)
1317 1318 1319 1320
      end
    end

    shared_examples :member do
1321
      context 'when the user is a master' do
1322 1323 1324
        before do
          add_user(Gitlab::Access::MASTER)
        end
1325

1326 1327 1328
        it 'loads' do
          expect(user.ci_authorized_runners).to contain_exactly(runner)
        end
1329 1330
      end

1331
      context 'when the user is a developer' do
1332 1333 1334
        before do
          add_user(Gitlab::Access::DEVELOPER)
        end
1335

1336 1337 1338
        it 'does not load' do
          expect(user.ci_authorized_runners).to be_empty
        end
1339 1340 1341 1342 1343
      end
    end

    context 'with groups projects runners' do
      let(:group) { create(:group) }
1344
      let(:project) { create(:empty_project, group: group) }
1345

1346
      def add_user(access)
1347 1348 1349 1350 1351 1352 1353
        group.add_user(user, access)
      end

      it_behaves_like :member
    end

    context 'with other projects runners' do
1354
      let(:project) { create(:empty_project) }
1355

1356
      def add_user(access)
1357
        project.team << [user, access]
1358 1359 1360 1361 1362 1363
      end

      it_behaves_like :member
    end
  end

1364 1365
  describe '#viewable_starred_projects' do
    let(:user) { create(:user) }
1366 1367 1368
    let(:public_project) { create(:empty_project, :public) }
    let(:private_project) { create(:empty_project, :private) }
    let(:private_viewable_project) { create(:empty_project, :private) }
1369 1370 1371 1372

    before do
      private_viewable_project.team << [user, Gitlab::Access::MASTER]

1373 1374 1375
      [public_project, private_project, private_viewable_project].each do |project|
        user.toggle_star(project)
      end
1376 1377
    end

1378 1379
    it 'returns only starred projects the user can view' do
      expect(user.viewable_starred_projects).not_to include(private_project)
1380 1381
    end
  end
1382 1383

  describe '#projects_with_reporter_access_limited_to' do
1384 1385
    let(:project1) { create(:empty_project) }
    let(:project2) { create(:empty_project) }
1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405
    let(:user) { create(:user) }

    before do
      project1.team << [user, :reporter]
      project2.team << [user, :guest]
    end

    it 'returns the projects when using a single project ID' do
      projects = user.projects_with_reporter_access_limited_to(project1.id)

      expect(projects).to eq([project1])
    end

    it 'returns the projects when using an Array of project IDs' do
      projects = user.projects_with_reporter_access_limited_to([project1.id])

      expect(projects).to eq([project1])
    end

    it 'returns the projects when using an ActiveRecord relation' do
1406 1407
      projects = user.
        projects_with_reporter_access_limited_to(Project.select(:id))
1408 1409 1410 1411 1412 1413 1414 1415 1416 1417

      expect(projects).to eq([project1])
    end

    it 'does not return projects you do not have reporter access to' do
      projects = user.projects_with_reporter_access_limited_to(project2.id)

      expect(projects).to be_empty
    end
  end
1418

1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433
  describe '#nested_groups' do
    let!(:user) { create(:user) }
    let!(:group) { create(:group) }
    let!(:nested_group) { create(:group, parent: group) }

    before do
      group.add_owner(user)

      # Add more data to ensure method does not include wrong groups
      create(:group).add_owner(create(:user))
    end

    it { expect(user.nested_groups).to eq([nested_group]) }
  end

1434
  describe '#nested_groups_projects' do
1435 1436 1437
    let!(:user) { create(:user) }
    let!(:group) { create(:group) }
    let!(:nested_group) { create(:group, parent: group) }
1438 1439
    let!(:project) { create(:empty_project, namespace: group) }
    let!(:nested_project) { create(:empty_project, namespace: nested_group) }
1440 1441 1442 1443 1444

    before do
      group.add_owner(user)

      # Add more data to ensure method does not include wrong projects
1445
      other_project = create(:empty_project, namespace: create(:group, :nested))
1446 1447 1448
      other_project.add_developer(create(:user))
    end

1449
    it { expect(user.nested_groups_projects).to eq([nested_project]) }
1450 1451
  end

1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477
  describe '#refresh_authorized_projects', redis: true do
    let(:project1) { create(:empty_project) }
    let(:project2) { create(:empty_project) }
    let(:user) { create(:user) }

    before do
      project1.team << [user, :reporter]
      project2.team << [user, :guest]

      user.project_authorizations.delete_all
      user.refresh_authorized_projects
    end

    it 'refreshes the list of authorized projects' do
      expect(user.project_authorizations.count).to eq(2)
    end

    it 'sets the authorized_projects_populated column' do
      expect(user.authorized_projects_populated).to eq(true)
    end

    it 'stores the correct access levels' do
      expect(user.project_authorizations.where(access_level: Gitlab::Access::GUEST).exists?).to eq(true)
      expect(user.project_authorizations.where(access_level: Gitlab::Access::REPORTER).exists?).to eq(true)
    end
  end
Douwe Maan committed
1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510

  describe '#access_level=' do
    let(:user) { build(:user) }

    it 'does nothing for an invalid access level' do
      user.access_level = :invalid_access_level

      expect(user.access_level).to eq(:regular)
      expect(user.admin).to be false
    end

    it "assigns the 'admin' access level" do
      user.access_level = :admin

      expect(user.access_level).to eq(:admin)
      expect(user.admin).to be true
    end

    it "doesn't clear existing access levels when an invalid access level is passed in" do
      user.access_level = :admin
      user.access_level = :invalid_access_level

      expect(user.access_level).to eq(:admin)
      expect(user.admin).to be true
    end

    it "accepts string values in addition to symbols" do
      user.access_level = 'admin'

      expect(user.access_level).to eq(:admin)
      expect(user.admin).to be true
    end
  end
1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533

  describe '.ghost' do
    it "creates a ghost user if one isn't already present" do
      ghost = User.ghost

      expect(ghost).to be_ghost
      expect(ghost).to be_persisted
    end

    it "does not create a second ghost user if one is already present" do
      expect do
        User.ghost
        User.ghost
      end.to change { User.count }.by(1)
      expect(User.ghost).to eq(User.ghost)
    end

    context "when a regular user exists with the username 'ghost'" do
      it "creates a ghost user with a non-conflicting username" do
        create(:user, username: 'ghost')
        ghost = User.ghost

        expect(ghost).to be_persisted
1534
        expect(ghost.username).to eq('ghost1')
1535 1536 1537 1538 1539 1540 1541 1542 1543
      end
    end

    context "when a regular user exists with the email 'ghost@example.com'" do
      it "creates a ghost user with a non-conflicting email" do
        create(:user, email: 'ghost@example.com')
        ghost = User.ghost

        expect(ghost).to be_persisted
1544
        expect(ghost.email).to eq('ghost1@example.com')
1545 1546 1547
      end
    end
  end
gitlabhq committed
1548
end