diff --git a/app/models/user.rb b/app/models/user.rb index f367d74aa6..8840de82d5 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -68,10 +68,6 @@ class User < ApplicationRecord save! end - def send_devise_notification(notification, *args) - devise_mailer.send(notification, self, *args).deliver_later - end - def setting_default_privacy settings.default_privacy || (account.locked? ? 'private' : 'public') end @@ -88,6 +84,12 @@ class User < ApplicationRecord settings.auto_play_gif end + protected + + def send_devise_notification(notification, *args) + devise_mailer.send(notification, self, *args).deliver_later + end + private def sanitize_languages diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index c3e924fd81..d7ca91e819 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -4,6 +4,17 @@ require 'devise_two_factor/spec_helpers' RSpec.describe User, type: :model do it_behaves_like 'two_factor_backupable' + describe 'otp_secret' do + it 'is encrypted with OTP_SECRET environment variable' do + user = Fabricate(:user, + encrypted_otp_secret: "Fttsy7QAa0edaDfdfSz094rRLAxc8cJweDQ4BsWH/zozcdVA8o9GLqcKhn2b\nGi/V\n", + encrypted_otp_secret_iv: 'rys3THICkr60BoWC', + encrypted_otp_secret_salt: '_LMkAGvdg7a+sDIKjI3mR2Q==') + + expect(user.otp_secret).to eq 'anotpsecretthatshouldbeencrypted' + end + end + describe 'validations' do it 'is invalid without an account' do user = Fabricate.build(:user, account: nil) @@ -85,6 +96,36 @@ RSpec.describe User, type: :model do expect(User.confirmed).to match_array([user_2]) end end + + describe 'inactive' do + it 'returns a relation of inactive users' do + specified = Fabricate(:user, current_sign_in_at: 15.days.ago) + Fabricate(:user, current_sign_in_at: 13.days.ago) + + expect(User.inactive).to match_array([specified]) + end + end + + describe 'matches_email' do + it 'returns a relation of users whose email starts with the given string' do + specified = Fabricate(:user, email: 'specified@spec') + Fabricate(:user, email: 'unspecified@spec') + + expect(User.matches_email('specified')).to match_array([specified]) + end + end + + describe 'with_recent_ip_address' do + it 'returns a relation of users who is, or was at last time, online with the given IP address' do + specifieds = [ + Fabricate(:user, current_sign_in_ip: '0.0.0.42', last_sign_in_ip: '0.0.0.0'), + Fabricate(:user, current_sign_in_ip: nil, last_sign_in_ip: '0.0.0.42') + ] + Fabricate(:user, current_sign_in_ip: '0.0.0.0', last_sign_in_ip: '0.0.0.0') + + expect(User.with_recent_ip_address('0.0.0.42')).to eq specifieds + end + end end let(:account) { Fabricate(:account, username: 'alice') } @@ -133,16 +174,73 @@ RSpec.describe User, type: :model do end describe '#disable_two_factor!' do - it 'sets otp_required_for_login to false' do + it 'saves false for otp_required_for_login' do user = Fabricate.build(:user, otp_required_for_login: true) user.disable_two_factor! - expect(user.otp_required_for_login).to be false + expect(user.reload.otp_required_for_login).to be false end - it 'clears otp_backup_codes' do + it 'saves cleared otp_backup_codes' do user = Fabricate.build(:user, otp_backup_codes: %w[dummy dummy]) user.disable_two_factor! - expect(user.otp_backup_codes.empty?).to be true + expect(user.reload.otp_backup_codes.empty?).to be true + end + end + + describe '#send_confirmation_instructions' do + around do |example| + queue_adapter = ActiveJob::Base.queue_adapter + example.run + ActiveJob::Base.queue_adapter = queue_adapter + end + + it 'delivers confirmation instructions later' do + user = Fabricate(:user) + ActiveJob::Base.queue_adapter = :test + + expect { user.send_confirmation_instructions }.to have_enqueued_job(ActionMailer::DeliveryJob) + end + end + + describe '#setting_auto_play_gif' do + it 'returns auto-play gif setting' do + user = Fabricate(:user) + user.settings[:auto_play_gif] = false + expect(user.setting_auto_play_gif).to eq false + end + end + + describe '#setting_boost_modal' do + it 'returns boost modal setting' do + user = Fabricate(:user) + user.settings[:boost_modal] = false + expect(user.setting_boost_modal).to eq false + end + end + + describe '#setting_default_privacy' do + it 'returns default privacy setting if user has configured' do + user = Fabricate(:user) + user.settings[:default_privacy] = 'unlisted' + expect(user.setting_default_privacy).to eq 'unlisted' + end + + it "returns 'private' if user has not configured default privacy setting and account is locked" do + user = Fabricate(:user, account: Fabricate(:account, locked: true)) + expect(user.setting_default_privacy).to eq 'private' + end + + it "returns 'public' if user has not configured default privacy setting and account is not locked" do + user = Fabricate(:user, account: Fabricate(:account, locked: false)) + expect(user.setting_default_privacy).to eq 'public' + end + end + + describe '#setting_delete_modal' do + it 'returns delete modal setting' do + user = Fabricate(:user) + user.settings[:delete_modal] = false + expect(user.setting_delete_modal).to eq false end end @@ -172,14 +270,19 @@ RSpec.describe User, type: :model do expect(user.valid?).to be_falsey end - it 'should not allow a user to be created with a specific blacklisted subdomain even if the top domain is whitelisted' do - old_blacklist = Rails.configuration.x.email_blacklist - Rails.configuration.x.email_domains_blacklist = 'blacklisted.mastodon.space' + context do + around do |example| + old_blacklist = Rails.configuration.x.email_blacklist + example.run + Rails.configuration.x.email_domains_blacklist = old_blacklist + end - user = User.new(email: 'foo@blacklisted.mastodon.space', account: account, password: password) - expect(user.valid?).to be_falsey + it 'should not allow a user to be created with a specific blacklisted subdomain even if the top domain is whitelisted' do + Rails.configuration.x.email_domains_blacklist = 'blacklisted.mastodon.space' - Rails.configuration.x.email_domains_blacklist = old_blacklist + user = User.new(email: 'foo@blacklisted.mastodon.space', account: account, password: password) + expect(user.valid?).to be_falsey + end end end end