user_spec.rb 38.2 KB
Newer Older
gitlabhq's avatar
gitlabhq committed
1 2
require 'spec_helper'

Douwe Maan's avatar
Douwe Maan committed
3
describe User, models: true do
4 5
  include Gitlab::CurrentSettings

6 7 8 9 10 11 12 13 14 15 16
  describe 'modules' do
    subject { described_class }

    it { is_expected.to include_module(Gitlab::ConfigHelper) }
    it { is_expected.to include_module(Gitlab::CurrentSettings) }
    it { is_expected.to include_module(Referable) }
    it { is_expected.to include_module(Sortable) }
    it { is_expected.to include_module(TokenAuthenticatable) }
  end

  describe 'associations' do
17
    it { is_expected.to have_one(:namespace) }
18
    it { is_expected.to have_many(:snippets).dependent(:destroy) }
19 20 21
    it { is_expected.to have_many(:project_members).dependent(:destroy) }
    it { is_expected.to have_many(:groups) }
    it { is_expected.to have_many(:keys).dependent(:destroy) }
22
    it { is_expected.to have_many(:events).dependent(:destroy) }
23 24 25 26 27 28 29
    it { is_expected.to have_many(:recent_events).class_name('Event') }
    it { is_expected.to have_many(:issues).dependent(:destroy) }
    it { is_expected.to have_many(:notes).dependent(:destroy) }
    it { is_expected.to have_many(:assigned_issues).dependent(:destroy) }
    it { is_expected.to have_many(:merge_requests).dependent(:destroy) }
    it { is_expected.to have_many(:assigned_merge_requests).dependent(:destroy) }
    it { is_expected.to have_many(:identities).dependent(:destroy) }
30
    it { is_expected.to have_one(:abuse_report) }
31
    it { is_expected.to have_many(:spam_logs).dependent(:destroy) }
32
    it { is_expected.to have_many(:todos).dependent(:destroy) }
33
    it { is_expected.to have_many(:award_emoji).dependent(:destroy) }
34 35
    it { is_expected.to have_many(:builds).dependent(:nullify) }
    it { is_expected.to have_many(:pipelines).dependent(:nullify) }
36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55

    describe '#group_members' do
      it 'does not include group memberships for which user is a requester' do
        user = create(:user)
        group = create(:group, :public)
        group.request_access(user)

        expect(user.group_members).to be_empty
      end
    end

    describe '#project_members' do
      it 'does not include project memberships for which user is a requester' do
        user = create(:user)
        project = create(:project, :public)
        project.request_access(user)

        expect(user.project_members).to be_empty
      end
    end
56 57 58
  end

  describe 'validations' do
59 60 61 62 63 64 65 66 67 68 69 70 71
    describe 'username' do
      it 'validates presence' do
        expect(subject).to validate_presence_of(:username)
      end

      it 'rejects blacklisted names' do
        user = build(:user, username: 'dashboard')

        expect(user).not_to be_valid
        expect(user.errors.values).to eq [['dashboard is a reserved name']]
      end

      it 'validates uniqueness' do
72
        expect(subject).to validate_uniqueness_of(:username).case_insensitive
73 74 75
      end
    end

76 77 78 79
    it { is_expected.to validate_presence_of(:projects_limit) }
    it { is_expected.to validate_numericality_of(:projects_limit) }
    it { is_expected.to allow_value(0).for(:projects_limit) }
    it { is_expected.not_to allow_value(-1).for(:projects_limit) }
80

81
    it { is_expected.to validate_length_of(:bio).is_within(0..255) }
82

83 84 85
    it_behaves_like 'an object with email-formated attributes', :email do
      subject { build(:user) }
    end
86

87 88 89
    it_behaves_like 'an object with email-formated attributes', :public_email, :notification_email do
      subject { build(:user).tap { |user| user.emails << build(:email, email: email_value) } }
    end
90

91
    describe 'email' do
92
      context 'when no signup domains whitelisted' do
93
        before do
94
          allow_any_instance_of(ApplicationSetting).to receive(:domain_whitelist).and_return([])
95
        end
96

97 98 99 100 101 102
        it 'accepts any email' do
          user = build(:user, email: "info@example.com")
          expect(user).to be_valid
        end
      end

103
      context 'when a signup domain is whitelisted and subdomains are allowed' do
104
        before do
105
          allow_any_instance_of(ApplicationSetting).to receive(:domain_whitelist).and_return(['example.com', '*.example.com'])
106
        end
107

108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123
        it 'accepts info@example.com' do
          user = build(:user, email: "info@example.com")
          expect(user).to be_valid
        end

        it 'accepts info@test.example.com' do
          user = build(:user, email: "info@test.example.com")
          expect(user).to be_valid
        end

        it 'rejects example@test.com' do
          user = build(:user, email: "example@test.com")
          expect(user).to be_invalid
        end
      end

124
      context 'when a signup domain is whitelisted and subdomains are not allowed' do
125
        before do
126
          allow_any_instance_of(ApplicationSetting).to receive(:domain_whitelist).and_return(['example.com'])
127
        end
128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143

        it 'accepts info@example.com' do
          user = build(:user, email: "info@example.com")
          expect(user).to be_valid
        end

        it 'rejects info@test.example.com' do
          user = build(:user, email: "info@test.example.com")
          expect(user).to be_invalid
        end

        it 'rejects example@test.com' do
          user = build(:user, email: "example@test.com")
          expect(user).to be_invalid
        end
      end
144

145 146 147 148 149 150
      context 'domain blacklist' do
        before do
          allow_any_instance_of(ApplicationSetting).to receive(:domain_blacklist_enabled?).and_return(true)
          allow_any_instance_of(ApplicationSetting).to receive(:domain_blacklist).and_return(['example.com'])
        end

151
        context 'when a signup domain is blacklisted' do
152 153 154 155 156 157 158 159 160 161 162
          it 'accepts info@test.com' do
            user = build(:user, email: 'info@test.com')
            expect(user).to be_valid
          end

          it 'rejects info@example.com' do
            user = build(:user, email: 'info@example.com')
            expect(user).not_to be_valid
          end
        end

163
        context 'when a signup domain is blacklisted but a wildcard subdomain is allowed' do
164 165
          before do
            allow_any_instance_of(ApplicationSetting).to receive(:domain_blacklist).and_return(['test.example.com'])
166
            allow_any_instance_of(ApplicationSetting).to receive(:domain_whitelist).and_return(['*.example.com'])
167 168
          end

169
          it 'gives priority to whitelist and allow info@test.example.com' do
170 171 172 173 174 175 176
            user = build(:user, email: 'info@test.example.com')
            expect(user).to be_valid
          end
        end

        context 'with both lists containing a domain' do
          before do
177
            allow_any_instance_of(ApplicationSetting).to receive(:domain_whitelist).and_return(['test.com'])
178 179 180 181 182 183 184 185 186 187 188 189 190 191
          end

          it 'accepts info@test.com' do
            user = build(:user, email: 'info@test.com')
            expect(user).to be_valid
          end

          it 'rejects info@example.com' do
            user = build(:user, email: 'info@example.com')
            expect(user).not_to be_valid
          end
        end
      end

192 193 194 195 196 197
      context 'owns_notification_email' do
        it 'accepts temp_oauth_email emails' do
          user = build(:user, email: "temp-email-for-oauth@example.com")
          expect(user).to be_valid
        end
      end
198
    end
199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258
  end

  describe "scopes" do
    describe ".with_two_factor" do
      it "returns users with 2fa enabled via OTP" do
        user_with_2fa = create(:user, :two_factor_via_otp)
        user_without_2fa = create(:user)
        users_with_two_factor = User.with_two_factor.pluck(:id)

        expect(users_with_two_factor).to include(user_with_2fa.id)
        expect(users_with_two_factor).not_to include(user_without_2fa.id)
      end

      it "returns users with 2fa enabled via U2F" do
        user_with_2fa = create(:user, :two_factor_via_u2f)
        user_without_2fa = create(:user)
        users_with_two_factor = User.with_two_factor.pluck(:id)

        expect(users_with_two_factor).to include(user_with_2fa.id)
        expect(users_with_two_factor).not_to include(user_without_2fa.id)
      end

      it "returns users with 2fa enabled via OTP and U2F" do
        user_with_2fa = create(:user, :two_factor_via_otp, :two_factor_via_u2f)
        user_without_2fa = create(:user)
        users_with_two_factor = User.with_two_factor.pluck(:id)

        expect(users_with_two_factor).to eq([user_with_2fa.id])
        expect(users_with_two_factor).not_to include(user_without_2fa.id)
      end
    end

    describe ".without_two_factor" do
      it "excludes users with 2fa enabled via OTP" do
        user_with_2fa = create(:user, :two_factor_via_otp)
        user_without_2fa = create(:user)
        users_without_two_factor = User.without_two_factor.pluck(:id)

        expect(users_without_two_factor).to include(user_without_2fa.id)
        expect(users_without_two_factor).not_to include(user_with_2fa.id)
      end

      it "excludes users with 2fa enabled via U2F" do
        user_with_2fa = create(:user, :two_factor_via_u2f)
        user_without_2fa = create(:user)
        users_without_two_factor = User.without_two_factor.pluck(:id)

        expect(users_without_two_factor).to include(user_without_2fa.id)
        expect(users_without_two_factor).not_to include(user_with_2fa.id)
      end

      it "excludes users with 2fa enabled via OTP and U2F" do
        user_with_2fa = create(:user, :two_factor_via_otp, :two_factor_via_u2f)
        user_without_2fa = create(:user)
        users_without_two_factor = User.without_two_factor.pluck(:id)

        expect(users_without_two_factor).to include(user_without_2fa.id)
        expect(users_without_two_factor).not_to include(user_with_2fa.id)
      end
    end
gitlabhq's avatar
gitlabhq committed
259 260 261
  end

  describe "Respond to" do
262 263 264
    it { is_expected.to respond_to(:is_admin?) }
    it { is_expected.to respond_to(:name) }
    it { is_expected.to respond_to(:private_token) }
Zeger-Jan van de Weg's avatar
Zeger-Jan van de Weg committed
265 266 267 268 269 270 271 272 273 274 275 276 277 278
    it { is_expected.to respond_to(:external?) }
  end

  describe 'before save hook' do
    context 'when saving an external user' do
      let(:user)          { create(:user) }
      let(:external_user) { create(:user, external: true) }

      it "sets other properties aswell" do
        expect(external_user.can_create_team).to be_falsey
        expect(external_user.can_create_group).to be_falsey
        expect(external_user.projects_limit).to be 0
      end
    end
gitlabhq's avatar
gitlabhq committed
279 280
  end

281
  describe '#confirm' do
282 283 284
    before do
      allow_any_instance_of(ApplicationSetting).to receive(:send_user_confirmation_email).and_return(true)
    end
285

286 287 288 289 290 291 292
    let(:user) { create(:user, confirmed_at: nil, unconfirmed_email: 'test@gitlab.com') }

    it 'returns unconfirmed' do
      expect(user.confirmed?).to be_falsey
    end

    it 'confirms a user' do
293
      user.confirm
294 295 296 297
      expect(user.confirmed?).to be_truthy
    end
  end

298 299 300 301 302 303 304 305
  describe '#to_reference' do
    let(:user) { create(:user) }

    it 'returns a String reference to the object' do
      expect(user.to_reference).to eq "@#{user.username}"
    end
  end

306
  describe '#generate_password' do
307
    it "executes callback when force_random_password specified" do
308
      user = build(:user, force_random_password: true)
309
      expect(user).to receive(:generate_password)
310 311 312
      user.save
    end

313
    it "does not generate password by default" do
314
      user = create(:user, password: 'abcdefghe')
315
      expect(user.password).to eq('abcdefghe')
316
    end
317

318
    it "generates password when forcing random password" do
319
      allow(Devise).to receive(:friendly_token).and_return('123456789')
320
      user = create(:user, password: 'abcdefg', force_random_password: true)
321
      expect(user.password).to eq('12345678')
322
    end
323 324
  end

325
  describe 'authentication token' do
326
    it "has authentication token" do
327
      user = create(:user)
328
      expect(user.authentication_token).not_to be_blank
329
    end
Nihad Abbasov's avatar
Nihad Abbasov committed
330
  end
331

332
  describe '#recently_sent_password_reset?' do
333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351
    it 'is false when reset_password_sent_at is nil' do
      user = build_stubbed(:user, reset_password_sent_at: nil)

      expect(user.recently_sent_password_reset?).to eq false
    end

    it 'is false when sent more than one minute ago' do
      user = build_stubbed(:user, reset_password_sent_at: 5.minutes.ago)

      expect(user.recently_sent_password_reset?).to eq false
    end

    it 'is true when sent less than one minute ago' do
      user = build_stubbed(:user, reset_password_sent_at: Time.now)

      expect(user.recently_sent_password_reset?).to eq true
    end
  end

352 353 354 355 356 357 358
  describe '#disable_two_factor!' do
    it 'clears all 2FA-related fields' do
      user = create(:user, :two_factor)

      expect(user).to be_two_factor_enabled
      expect(user.encrypted_otp_secret).not_to be_nil
      expect(user.otp_backup_codes).not_to be_nil
359
      expect(user.otp_grace_period_started_at).not_to be_nil
360 361 362 363 364 365 366 367

      user.disable_two_factor!

      expect(user).not_to be_two_factor_enabled
      expect(user.encrypted_otp_secret).to be_nil
      expect(user.encrypted_otp_secret_iv).to be_nil
      expect(user.encrypted_otp_secret_salt).to be_nil
      expect(user.otp_backup_codes).to be_nil
368
      expect(user.otp_grace_period_started_at).to be_nil
369 370 371
    end
  end

372 373 374 375
  describe 'projects' do
    before do
      @user = create :user
      @project = create :project, namespace: @user.namespace
Dmytro Zaporozhets's avatar
Dmytro Zaporozhets committed
376 377
      @project_2 = create :project, group: create(:group) # Grant MASTER access to the user
      @project_3 = create :project, group: create(:group) # Grant DEVELOPER access to the user
378

379 380
      @project_2.team << [@user, :master]
      @project_3.team << [@user, :developer]
381 382
    end

383 384 385 386 387 388 389 390 391
    it { expect(@user.authorized_projects).to include(@project) }
    it { expect(@user.authorized_projects).to include(@project_2) }
    it { expect(@user.authorized_projects).to include(@project_3) }
    it { expect(@user.owned_projects).to include(@project) }
    it { expect(@user.owned_projects).not_to include(@project_2) }
    it { expect(@user.owned_projects).not_to include(@project_3) }
    it { expect(@user.personal_projects).to include(@project) }
    it { expect(@user.personal_projects).not_to include(@project_2) }
    it { expect(@user.personal_projects).not_to include(@project_3) }
392 393 394 395 396
  end

  describe 'groups' do
    before do
      @user = create :user
397 398
      @group = create :group
      @group.add_owner(@user)
399 400
    end

401 402 403
    it { expect(@user.several_namespaces?).to be_truthy }
    it { expect(@user.authorized_groups).to eq([@group]) }
    it { expect(@user.owned_groups).to eq([@group]) }
404
    it { expect(@user.namespaces).to match_array([@user.namespace, @group]) }
405 406
  end

407 408 409 410
  describe 'group multiple owners' do
    before do
      @user = create :user
      @user2 = create :user
411 412
      @group = create :group
      @group.add_owner(@user)
413

414
      @group.add_user(@user2, GroupMember::OWNER)
415 416
    end

417
    it { expect(@user2.several_namespaces?).to be_truthy }
418 419
  end

420 421 422 423 424 425
  describe 'namespaced' do
    before do
      @user = create :user
      @project = create :project, namespace: @user.namespace
    end

426
    it { expect(@user.several_namespaces?).to be_falsey }
427
    it { expect(@user.namespaces).to eq([@user.namespace]) }
428 429 430 431 432
  end

  describe 'blocking user' do
    let(:user) { create(:user, name: 'John Smith') }

433
    it "blocks user" do
434
      user.block
435
      expect(user.blocked?).to be_truthy
436 437 438
    end
  end

439 440 441 442 443 444 445
  describe '.filter' do
    let(:user) { double }

    it 'filters by active users by default' do
      expect(User).to receive(:active).and_return([user])

      expect(User.filter(nil)).to include user
446 447
    end

448 449 450 451
    it 'filters by admins' do
      expect(User).to receive(:admins).and_return([user])

      expect(User.filter('admins')).to include user
452 453
    end

454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476
    it 'filters by blocked' do
      expect(User).to receive(:blocked).and_return([user])

      expect(User.filter('blocked')).to include user
    end

    it 'filters by two_factor_disabled' do
      expect(User).to receive(:without_two_factor).and_return([user])

      expect(User.filter('two_factor_disabled')).to include user
    end

    it 'filters by two_factor_enabled' do
      expect(User).to receive(:with_two_factor).and_return([user])

      expect(User.filter('two_factor_enabled')).to include user
    end

    it 'filters by wop' do
      expect(User).to receive(:without_projects).and_return([user])

      expect(User.filter('wop')).to include user
    end
477 478
  end

479
  describe '.not_in_project' do
480
    before do
481
      User.delete_all
482 483 484 485
      @user = create :user
      @project = create :project
    end

486
    it { expect(User.not_in_project(@project)).to include(@user, @project.owner) }
487
  end
Dmytro Zaporozhets's avatar
Dmytro Zaporozhets committed
488

489 490 491
  describe 'user creation' do
    describe 'normal user' do
      let(:user) { create(:user, name: 'John Smith') }
Dmytro Zaporozhets's avatar
Dmytro Zaporozhets committed
492

493 494 495 496 497
      it { expect(user.is_admin?).to be_falsey }
      it { expect(user.require_ssh_key?).to be_truthy }
      it { expect(user.can_create_group?).to be_truthy }
      it { expect(user.can_create_project?).to be_truthy }
      it { expect(user.first_name).to eq('John') }
498
      it { expect(user.external).to be_falsey }
499
    end
500

Dmytro Zaporozhets's avatar
Dmytro Zaporozhets committed
501
    describe 'with defaults' do
502
      let(:user) { User.new }
Dmytro Zaporozhets's avatar
Dmytro Zaporozhets committed
503

504
      it "applies defaults to user" do
505 506 507
        expect(user.projects_limit).to eq(Gitlab.config.gitlab.default_projects_limit)
        expect(user.can_create_group).to eq(Gitlab.config.gitlab.default_can_create_group)
        expect(user.theme_id).to eq(Gitlab.config.gitlab.default_theme)
Zeger-Jan van de Weg's avatar
Zeger-Jan van de Weg committed
508
        expect(user.external).to be_falsey
509 510 511
      end
    end

Dmytro Zaporozhets's avatar
Dmytro Zaporozhets committed
512
    describe 'with default overrides' do
513
      let(:user) { User.new(projects_limit: 123, can_create_group: false, can_create_team: true, theme_id: 1) }
Dmytro Zaporozhets's avatar
Dmytro Zaporozhets committed
514

515
      it "applies defaults to user" do
516 517
        expect(user.projects_limit).to eq(123)
        expect(user.can_create_group).to be_falsey
518
        expect(user.theme_id).to eq(1)
519
      end
520
    end
521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540

    context 'when current_application_settings.user_default_external is true' do
      before do
        stub_application_setting(user_default_external: true)
      end

      it "creates external user by default" do
        user = build(:user)

        expect(user.external).to be_truthy
      end

      describe 'with default overrides' do
        it "creates a non-external user" do
          user = build(:user, external: false)

          expect(user.external).to be_falsey
        end
      end
    end
541
  end
542

543
  describe '.find_by_any_email' do
544 545 546
    it 'finds by primary email' do
      user = create(:user, email: 'foo@example.com')

547
      expect(User.find_by_any_email(user.email)).to eq user
548 549 550 551 552 553
    end

    it 'finds by secondary email' do
      email = create(:email, email: 'foo@example.com')
      user  = email.user

554
      expect(User.find_by_any_email(email.email)).to eq user
555 556 557
    end

    it 'returns nil when nothing found' do
558
      expect(User.find_by_any_email('')).to be_nil
559 560 561
    end
  end

562 563 564 565 566 567 568 569 570 571 572
  describe '.search' do
    let(:user) { create(:user) }

    it 'returns users with a matching name' do
      expect(described_class.search(user.name)).to eq([user])
    end

    it 'returns users with a partially matching name' do
      expect(described_class.search(user.name[0..2])).to eq([user])
    end

Yorick Peterse's avatar
Yorick Peterse committed
573
    it 'returns users with a matching name regardless of the casing' do
574 575 576 577 578 579 580 581 582 583 584
      expect(described_class.search(user.name.upcase)).to eq([user])
    end

    it 'returns users with a matching Email' do
      expect(described_class.search(user.email)).to eq([user])
    end

    it 'returns users with a partially matching Email' do
      expect(described_class.search(user.email[0..2])).to eq([user])
    end

Yorick Peterse's avatar
Yorick Peterse committed
585
    it 'returns users with a matching Email regardless of the casing' do
586 587 588 589 590 591 592 593 594 595 596
      expect(described_class.search(user.email.upcase)).to eq([user])
    end

    it 'returns users with a matching username' do
      expect(described_class.search(user.username)).to eq([user])
    end

    it 'returns users with a partially matching username' do
      expect(described_class.search(user.username[0..2])).to eq([user])
    end

Yorick Peterse's avatar
Yorick Peterse committed
597
    it 'returns users with a matching username regardless of the casing' do
598
      expect(described_class.search(user.username.upcase)).to eq([user])
599
    end
600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673
  end

  describe '.search_with_secondary_emails' do
    def search_with_secondary_emails(query)
      described_class.search_with_secondary_emails(query)
    end

    let!(:user) { create(:user) }
    let!(:email) { create(:email) }

    it 'returns users with a matching name' do
      expect(search_with_secondary_emails(user.name)).to eq([user])
    end

    it 'returns users with a partially matching name' do
      expect(search_with_secondary_emails(user.name[0..2])).to eq([user])
    end

    it 'returns users with a matching name regardless of the casing' do
      expect(search_with_secondary_emails(user.name.upcase)).to eq([user])
    end

    it 'returns users with a matching email' do
      expect(search_with_secondary_emails(user.email)).to eq([user])
    end

    it 'returns users with a partially matching email' do
      expect(search_with_secondary_emails(user.email[0..2])).to eq([user])
    end

    it 'returns users with a matching email regardless of the casing' do
      expect(search_with_secondary_emails(user.email.upcase)).to eq([user])
    end

    it 'returns users with a matching username' do
      expect(search_with_secondary_emails(user.username)).to eq([user])
    end

    it 'returns users with a partially matching username' do
      expect(search_with_secondary_emails(user.username[0..2])).to eq([user])
    end

    it 'returns users with a matching username regardless of the casing' do
      expect(search_with_secondary_emails(user.username.upcase)).to eq([user])
    end

    it 'returns users with a matching whole secondary email' do
      expect(search_with_secondary_emails(email.email)).to eq([email.user])
    end

    it 'returns users with a matching part of secondary email' do
      expect(search_with_secondary_emails(email.email[1..4])).to eq([email.user])
    end

    it 'return users with a matching part of secondary email regardless of case' do
      expect(search_with_secondary_emails(email.email[1..4].upcase)).to eq([email.user])
      expect(search_with_secondary_emails(email.email[1..4].downcase)).to eq([email.user])
      expect(search_with_secondary_emails(email.email[1..4].capitalize)).to eq([email.user])
    end

    it 'returns multiple users with matching secondary emails' do
      email1 = create(:email, email: '1_testemail@example.com')
      email2 = create(:email, email: '2_testemail@example.com')
      email3 = create(:email, email: 'other@email.com')
      email3.user.update_attributes!(email: 'another@mail.com')

      expect(
        search_with_secondary_emails('testemail@example.com').map(&:id)
      ).to include(email1.user.id, email2.user.id)

      expect(
        search_with_secondary_emails('testemail@example.com').map(&:id)
      ).not_to include(email3.user.id)
    end
674 675
  end

676
  describe 'by_username_or_id' do
Dmytro Zaporozhets's avatar
Dmytro Zaporozhets committed
677 678
    let(:user1) { create(:user, username: 'foo') }

679
    it "gets the correct user" do
680 681 682 683
      expect(User.by_username_or_id(user1.id)).to eq(user1)
      expect(User.by_username_or_id('foo')).to eq(user1)
      expect(User.by_username_or_id(-1)).to be_nil
      expect(User.by_username_or_id('bar')).to be_nil
684 685
    end
  end
686

Yorick Peterse's avatar
Yorick Peterse committed
687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703
  describe '.find_by_ssh_key_id' do
    context 'using an existing SSH key ID' do
      let(:user) { create(:user) }
      let(:key) { create(:key, user: user) }

      it 'returns the corresponding User' do
        expect(described_class.find_by_ssh_key_id(key.id)).to eq(user)
      end
    end

    context 'using an invalid SSH key ID' do
      it 'returns nil' do
        expect(described_class.find_by_ssh_key_id(-1)).to be_nil
      end
    end
  end

704 705 706 707
  describe '.by_login' do
    let(:username) { 'John' }
    let!(:user) { create(:user, username: username) }

708
    it 'gets the correct user' do
709 710 711 712 713 714 715 716 717
      expect(User.by_login(user.email.upcase)).to eq user
      expect(User.by_login(user.email)).to eq user
      expect(User.by_login(username.downcase)).to eq user
      expect(User.by_login(username)).to eq user
      expect(User.by_login(nil)).to be_nil
      expect(User.by_login('')).to be_nil
    end
  end

Robert Speicher's avatar
Robert Speicher committed
718 719 720 721 722 723 724 725 726 727 728 729
  describe '.find_by_username!' do
    it 'raises RecordNotFound' do
      expect { described_class.find_by_username!('JohnDoe') }.
        to raise_error(ActiveRecord::RecordNotFound)
    end

    it 'is case-insensitive' do
      user = create(:user, username: 'JohnDoe')
      expect(described_class.find_by_username!('JOHNDOE')).to eq user
    end
  end

730
  describe 'all_ssh_keys' do
731
    it { is_expected.to have_many(:keys).dependent(:destroy) }
732

733
    it "has all ssh keys" do
734 735 736
      user = create :user
      key = create :key, key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD33bWLBxu48Sev9Fert1yzEO4WGcWglWF7K/AwblIUFselOt/QdOL9DSjpQGxLagO1s9wl53STIO8qGS4Ms0EJZyIXOEFMjFJ5xmjSy+S37By4sG7SsltQEHMxtbtFOaW5LV2wCrX+rUsRNqLMamZjgjcPO0/EgGCXIGMAYW4O7cwGZdXWYIhQ1Vwy+CsVMDdPkPgBXqK7nR/ey8KMs8ho5fMNgB5hBw/AL9fNGhRw3QTD6Q12Nkhl4VZES2EsZqlpNnJttnPdp847DUsT6yuLRlfiQfz5Cn9ysHFdXObMN5VYIiPFwHeYCZp1X2S4fDZooRE8uOLTfxWHPXwrhqSH", user_id: user.id

737
      expect(user.all_ssh_keys).to include(a_string_starting_with(key.key))
738
    end
739
  end
740

741
  describe '#avatar_type' do
742 743
    let(:user) { create(:user) }

744
    it "is true if avatar is image" do
745
      user.update_attribute(:avatar, 'uploads/avatar.png')
746
      expect(user.avatar_type).to be_truthy
747 748
    end

749
    it "is false if avatar is html page" do
750
      user.update_attribute(:avatar, 'uploads/avatar.html')
751
      expect(user.avatar_type).to eq(["only images allowed"])
752 753
    end
  end
Jerome Dalbert's avatar
Jerome Dalbert committed
754

755
  describe '#requires_ldap_check?' do
756 757
    let(:user) { User.new }

758 759
    it 'is false when LDAP is disabled' do
      # Create a condition which would otherwise cause 'true' to be returned
760
      allow(user).to receive(:ldap_user?).and_return(true)
761
      user.last_credential_check_at = nil
762
      expect(user.requires_ldap_check?).to be_falsey
763 764
    end

765
    context 'when LDAP is enabled' do
766 767 768
      before do
        allow(Gitlab.config.ldap).to receive(:enabled).and_return(true)
      end
769

770
      it 'is false for non-LDAP users' do
771
        allow(user).to receive(:ldap_user?).and_return(false)
772
        expect(user.requires_ldap_check?).to be_falsey
773 774
      end

775
      context 'and when the user is an LDAP user' do
776 777 778
        before do
          allow(user).to receive(:ldap_user?).and_return(true)
        end
779 780 781

        it 'is true when the user has never had an LDAP check before' do
          user.last_credential_check_at = nil
782
          expect(user.requires_ldap_check?).to be_truthy
783 784 785 786
        end

        it 'is true when the last LDAP check happened over 1 hour ago' do
          user.last_credential_check_at = 2.hours.ago
787
          expect(user.requires_ldap_check?).to be_truthy
788
        end
789 790 791 792
      end
    end
  end

793
  context 'ldap synchronized user' do
794
    describe '#ldap_user?' do
795 796 797 798
      it 'is true if provider name starts with ldap' do
        user = create(:omniauth_user, provider: 'ldapmain')
        expect(user.ldap_user?).to be_truthy
      end
799

800 801 802 803 804 805 806 807 808
      it 'is false for other providers' do
        user = create(:omniauth_user, provider: 'other-provider')
        expect(user.ldap_user?).to be_falsey
      end

      it 'is false if no extern_uid is provided' do
        user = create(:omniauth_user, extern_uid: nil)
        expect(user.ldap_user?).to be_falsey
      end
809 810
    end

811
    describe '#ldap_identity' do
812 813 814 815
      it 'returns ldap identity' do
        user = create :omniauth_user
        expect(user.ldap_identity.provider).not_to be_empty
      end
816 817
    end

818 819 820 821 822 823 824 825
    describe '#ldap_block' do
      let(:user) { create(:omniauth_user, provider: 'ldapmain', name: 'John Smith') }

      it 'blocks user flaging the action caming from ldap' do
        user.ldap_block
        expect(user.blocked?).to be_truthy
        expect(user.ldap_blocked?).to be_truthy
      end
826 827 828
    end
  end

Jerome Dalbert's avatar
Jerome Dalbert committed
829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867
  describe '#full_website_url' do
    let(:user) { create(:user) }

    it 'begins with http if website url omits it' do
      user.website_url = 'test.com'

      expect(user.full_website_url).to eq 'http://test.com'
    end

    it 'begins with http if website url begins with http' do
      user.website_url = 'http://test.com'

      expect(user.full_website_url).to eq 'http://test.com'
    end

    it 'begins with https if website url begins with https' do
      user.website_url = 'https://test.com'

      expect(user.full_website_url).to eq 'https://test.com'
    end
  end

  describe '#short_website_url' do
    let(:user) { create(:user) }

    it 'does not begin with http if website url omits it' do
      user.website_url = 'test.com'

      expect(user.short_website_url).to eq 'test.com'
    end

    it 'does not begin with http if website url begins with http' do
      user.website_url = 'http://test.com'

      expect(user.short_website_url).to eq 'test.com'
    end

    it 'does not begin with https if website url begins with https' do
      user.website_url = 'https://test.com'
868

Jerome Dalbert's avatar
Jerome Dalbert committed
869 870
      expect(user.short_website_url).to eq 'test.com'
    end
871
  end
872

873 874 875 876 877 878
  describe "#starred?" do
    it "determines if user starred a project" do
      user = create :user
      project1 = create :project, :public
      project2 = create :project, :public

879 880
      expect(user.starred?(project1)).to be_falsey
      expect(user.starred?(project2)).to be_falsey
881 882

      star1 = UsersStarProject.create!(project: project1, user: user)
883 884
      expect(user.starred?(project1)).to be_truthy
      expect(user.starred?(project2)).to be_falsey
885 886

      star2 = UsersStarProject.create!(project: project2, user: user)
887 888
      expect(user.starred?(project1)).to be_truthy
      expect(user.starred?(project2)).to be_truthy
889 890

      star1.destroy
891 892
      expect(user.starred?(project1)).to be_falsey
      expect(user.starred?(project2)).to be_truthy
893 894

      star2.destroy
895 896
      expect(user.starred?(project1)).to be_falsey
      expect(user.starred?(project2)).to be_falsey
897 898 899
    end
  end

900 901 902 903 904
  describe "#toggle_star" do
    it "toggles stars" do
      user = create :user
      project = create :project, :public

905
      expect(user.starred?(project)).to be_falsey
906
      user.toggle_star(project)
907
      expect(user.starred?(project)).to be_truthy
908
      user.toggle_star(project)
909
      expect(user.starred?(project)).to be_falsey
910 911
    end
  end
Valery Sizov's avatar
Valery Sizov committed
912 913 914 915 916 917 918

  describe "#sort" do
    before do
      User.delete_all
      @user = create :user, created_at: Date.today, last_sign_in_at: Date.today, name: 'Alpha'
      @user1 = create :user, created_at: Date.today - 1, last_sign_in_at: Date.today - 1, name: 'Omega'
    end
919

Yorick Peterse's avatar
Yorick Peterse committed
920
    it "sorts users by the recent sign-in time" do
921
      expect(User.sort('recent_sign_in').first).to eq(@user)
Valery Sizov's avatar
Valery Sizov committed
922 923
    end

Yorick Peterse's avatar
Yorick Peterse committed
924
    it "sorts users by the oldest sign-in time" do
925
      expect(User.sort('oldest_sign_in').first).to eq(@user1)
Valery Sizov's avatar
Valery Sizov committed
926 927
    end

Yorick Peterse's avatar
Yorick Peterse committed
928
    it "sorts users in descending order by their creation time" do
929
      expect(User.sort('created_desc').first).to eq(@user)
Valery Sizov's avatar
Valery Sizov committed
930 931
    end

Yorick Peterse's avatar
Yorick Peterse committed
932
    it "sorts users in ascending order by their creation time" do
933
      expect(User.sort('created_asc').first).to eq(@user1)
Valery Sizov's avatar
Valery Sizov committed
934 935
    end

Yorick Peterse's avatar
Yorick Peterse committed
936 937
    it "sorts users by id in descending order when nil is passed" do
      expect(User.sort(nil).first).to eq(@user1)
Valery Sizov's avatar
Valery Sizov committed
938 939
    end
  end
940

941
  describe "#contributed_projects" do
942 943 944 945 946 947 948 949 950 951 952 953 954 955
    subject { create(:user) }
    let!(:project1) { create(:project) }
    let!(:project2) { create(:project, forked_from_project: project3) }
    let!(:project3) { create(:project) }
    let!(:merge_request) { create(:merge_request, source_project: project2, target_project: project3, author: subject) }
    let!(:push_event) { create(:event, action: Event::PUSHED, project: project1, target: project1, author: subject) }
    let!(:merge_event) { create(:event, action: Event::CREATED, project: project3, target: merge_request, author: subject) }

    before do
      project1.team << [subject, :master]
      project2.team << [subject, :master]
    end

    it "includes IDs for projects the user has pushed to" do
956
      expect(subject.contributed_projects).to include(project1)
957 958 959
    end

    it "includes IDs for projects the user has had merge requests merged into" do
960
      expect(subject.contributed_projects).to include(project3)
961 962 963
    end

    it "doesn't include IDs for unrelated projects" do
964
      expect(subject.contributed_projects).not_to include(project2)
965 966
    end
  end
967

968
  describe '#can_be_removed?' do
969 970 971 972 973 974 975 976 977 978 979 980 981 982 983
    subject { create(:user) }

    context 'no owned groups' do
      it { expect(subject.can_be_removed?).to be_truthy }
    end

    context 'has owned groups' do
      before do
        group = create(:group)
        group.add_owner(subject)
      end

      it { expect(subject.can_be_removed?).to be_falsey }
    end
  end
984 985 986 987 988

  describe "#recent_push" do
    subject { create(:user) }
    let!(:project1) { create(:project) }
    let!(:project2) { create(:project, forked_from_project: project1) }
989
    let!(:push_data) do
990
      Gitlab::DataBuilder::Push.build_sample(project2, subject)
991
    end
992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013
    let!(:push_event) { create(:event, action: Event::PUSHED, project: project2, target: project1, author: subject, data: push_data) }

    before do
      project1.team << [subject, :master]
      project2.team << [subject, :master]
    end

    it "includes push event" do
      expect(subject.recent_push).to eq(push_event)
    end

    it "excludes push event if branch has been deleted" do
      allow_any_instance_of(Repository).to receive(:branch_names).and_return(['foo'])

      expect(subject.recent_push).to eq(nil)
    end

    it "excludes push event if MR is opened for it" do
      create(:merge_request, source_project: project2, target_project: project1, source_branch: project2.default_branch, target_branch: 'fix', author: subject)

      expect(subject.recent_push).to eq(nil)
    end
1014 1015 1016 1017 1018 1019 1020 1021 1022 1023

    it "includes push events on any of the provided projects" do
      expect(subject.recent_push(project1)).to eq(nil)
      expect(subject.recent_push(project2)).to eq(push_event)

      push_data1 = Gitlab::DataBuilder::Push.build_sample(project1, subject)
      push_event1 = create(:event, action: Event::PUSHED, project: project1, target: project1, author: subject, data: push_data1)

      expect(subject.recent_push([project1, project2])).to eq(push_event1) # Newest
    end
1024
  end
1025 1026 1027 1028 1029 1030 1031 1032 1033

  describe '#authorized_groups' do
    let!(:user) { create(:user) }
    let!(:private_group) { create(:group) }

    before do
      private_group.add_user(user, Gitlab::Access::MASTER)
    end

1034
    subject { user.authorized_groups }
1035

1036
    it { is_expected.to eq([private_group]) }
1037 1038 1039
  end

  describe '#authorized_projects' do
1040 1041 1042 1043
    context 'with a minimum access level' do
      it 'includes projects for which the user is an owner' do
        user = create(:user)
        project = create(:empty_project, :private, namespace: user.namespace)
1044

1045 1046 1047
        expect(user.authorized_projects(Gitlab::Access::REPORTER))
          .to contain_exactly(project)
      end
1048

1049 1050 1051 1052 1053
      it 'includes projects for which the user is a master' do
        user = create(:user)
        project = create(:empty_project, :private)

        project.team << [user, Gitlab::Access::MASTER]
1054

1055 1056 1057 1058
        expect(user.authorized_projects(Gitlab::Access::REPORTER))
          .to contain_exactly(project)
      end
    end
1059
  end
1060

1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099
  describe '#projects_where_can_admin_issues' do
    let(:user) { create(:user) }

    it 'includes projects for which the user access level is above or equal to reporter' do
      create(:project)
      reporter_project = create(:project)
      developer_project = create(:project)
      master_project = create(:project)

      reporter_project.team << [user, :reporter]
      developer_project.team << [user, :developer]
      master_project.team << [user, :master]

      expect(user.projects_where_can_admin_issues.to_a).to eq([master_project, developer_project, reporter_project])
      expect(user.can?(:admin_issue, master_project)).to eq(true)
      expect(user.can?(:admin_issue, developer_project)).to eq(true)
      expect(user.can?(:admin_issue, reporter_project)).to eq(true)
    end

    it 'does not include for which the user access level is below reporter' do
      project = create(:project)
      guest_project = create(:project)

      guest_project.team << [user, :guest]

      expect(user.projects_where_can_admin_issues.to_a).to be_empty
      expect(user.can?(:admin_issue, guest_project)).to eq(false)
      expect(user.can?(:admin_issue, project)).to eq(false)
    end

    it 'does not include archived projects' do
      project = create(:project)
      project.update_attributes(archived: true)

      expect(user.projects_where_can_admin_issues.to_a).to be_empty
      expect(user.can?(:admin_issue, project)).to eq(false)
    end

    it 'does not include projects for which issues are disabled' do
Felipe's avatar
Felipe committed
1100
      project = create(:project, issues_access_level: ProjectFeature::DISABLED)
1101 1102 1103 1104 1105 1106

      expect(user.projects_where_can_admin_issues.to_a).to be_empty
      expect(user.can?(:admin_issue, project)).to eq(false)
    end
  end

1107 1108 1109 1110
  describe '#ci_authorized_runners' do
    let(:user) { create(:user) }
    let(:runner) { create(:ci_runner) }

1111 1112 1113
    before do
      project.runners << runner
    end
1114 1115 1116 1117 1118

    context 'without any projects' do
      let(:project) { create(:project) }

      it 'does not load' do
1119
        expect(user.ci_authorized_runners).to be_empty
1120 1121 1122 1123 1124 1125 1126 1127
      end
    end

    context 'with personal projects runners' do
      let(:namespace) { create(:namespace, owner: user) }
      let(:project) { create(:project, namespace: namespace) }

      it 'loads' do
1128
        expect(user.ci_authorized_runners).to contain_exactly(runner)
1129 1130 1131 1132
      end
    end

    shared_examples :member do
1133
      context 'when the user is a master' do
1134 1135 1136
        before do
          add_user(Gitlab::Access::MASTER)
        end
1137

1138 1139 1140
        it 'loads' do
          expect(user.ci_authorized_runners).to contain_exactly(runner)
        end
1141 1142
      end

1143
      context 'when the user is a developer' do
1144 1145 1146
        before do
          add_user(Gitlab::Access::DEVELOPER)
        end
1147

1148 1149 1150
        it 'does not load' do
          expect(user.ci_authorized_runners).to be_empty
        end
1151 1152 1153 1154 1155 1156 1157
      end
    end

    context 'with groups projects runners' do
      let(:group) { create(:group) }
      let(:project) { create(:project, group: group) }

Lin Jen-Shin's avatar
Lin Jen-Shin committed
1158
      def add_user(access)
1159 1160 1161 1162 1163 1164 1165 1166 1167
        group.add_user(user, access)
      end

      it_behaves_like :member
    end

    context 'with other projects runners' do
      let(:project) { create(:project) }

Lin Jen-Shin's avatar
Lin Jen-Shin committed
1168
      def add_user(access)
Lin Jen-Shin's avatar
Lin Jen-Shin committed
1169
        project.team << [user, access]
1170 1171 1172 1173 1174 1175
      end

      it_behaves_like :member
    end
  end

1176 1177
  describe '#viewable_starred_projects' do
    let(:user) { create(:user) }
Sean McGivern's avatar
Sean McGivern committed
1178 1179 1180
    let(:public_project) { create(:empty_project, :public) }
    let(:private_project) { create(:empty_project, :private) }
    let(:private_viewable_project) { create(:empty_project, :private) }
1181 1182 1183 1184

    before do
      private_viewable_project.team << [user, Gitlab::Access::MASTER]

Sean McGivern's avatar
Sean McGivern committed
1185 1186 1187
      [public_project, private_project, private_viewable_project].each do |project|
        user.toggle_star(project)
      end
1188 1189
    end

Sean McGivern's avatar
Sean McGivern committed
1190 1191
    it 'returns only starred projects the user can view' do
      expect(user.viewable_starred_projects).not_to include(private_project)
1192 1193
    end
  end
gitlabhq's avatar
gitlabhq committed
1194
end