demarches-normaliennes/spec/models/user_spec.rb

describe User, type: :model do
  describe '#after_confirmation' do
    let(:email) { 'mail@beta.gouv.fr' }
    let!(:invite) { create(:invite, email: email) }
    let!(:invite2) { create(:invite, email: email) }
    let(:user) do
      create(:user,
        email: email,
        password: 'my-s3cure-p4ssword',
        confirmation_token: '123',
        confirmed_at: nil)
    end

    it 'when confirming a user, it links the pending invitations to this user' do
      expect(user.invites.size).to eq(0)
      user.confirm
      expect(user.reload.invites.size).to eq(2)
    end
  end

  describe '#owns?' do
    let(:owner) { create(:user) }
    let(:dossier) { create(:dossier, user: owner) }
    let(:invite_user) { create(:user) }
    let(:invite_instructeur) { create(:user) }

    subject { user.owns?(dossier) }

    context 'when user is owner' do
      let(:user) { owner }

      it { is_expected.to be_truthy }
    end

    context 'when user was invited by user' do
      before do
        create(:invite, dossier: dossier, user: invite_user)
      end

      let(:user) { invite_user }

      it { is_expected.to be_falsy }
    end

    context 'when user is quidam' do
      let(:user) { create(:user) }

      it { is_expected.to be_falsey }
    end
  end

  describe '#invite?' do
    let(:dossier) { create :dossier }
    let(:user) { dossier.user }

    subject { user.invite? dossier.id }

    context 'when user is invite at the dossier' do
      before do
        create :invite, dossier_id: dossier.id, user: user
      end

      it { is_expected.to be_truthy }
    end

    context 'when user is not invite at the dossier' do
      it { is_expected.to be_falsey }
    end
  end

  describe '#owns_or_invite?' do
    let(:owner) { create(:user) }
    let(:dossier) { create(:dossier, user: owner) }
    let(:invite_user) { create(:user) }
    let(:invite_instructeur) { create(:user) }

    subject { user.owns_or_invite?(dossier) }

    context 'when user is owner' do
      let(:user) { owner }

      it { is_expected.to be_truthy }
    end

    context 'when user was invited by user' do
      before do
        create(:invite, dossier: dossier, user: invite_user)
      end

      let(:user) { invite_user }

      it { is_expected.to be_truthy }
    end

    context 'when user is quidam' do
      let(:user) { create(:user) }

      it { is_expected.to be_falsey }
    end
  end

  describe '.create_or_promote_to_instructeur' do
    let(:email) { 'inst1@gmail.com' }
    let(:password) { 'un super password !' }
    let(:admins) { [] }

    subject { User.create_or_promote_to_instructeur(email, password, administrateurs: admins) }

    context 'without an existing user' do
      it do
        user = subject
        expect(user.valid_password?(password)).to be true
        expect(user.confirmed_at).to be_present
        expect(user.instructeur).to be_present
      end

      context 'with an administrateur' do
        let(:admins) { [create(:administrateur)] }

        it do
          user = subject
          expect(user.instructeur.administrateurs).to eq(admins)
        end
      end
    end

    context 'with an existing user' do
      before { create(:user, email: email, password: 'my-s3cure-p4ssword') }

      it 'keeps the previous password' do
        user = subject
        expect(user.valid_password?('my-s3cure-p4ssword')).to be true
        expect(user.instructeur).to be_present
      end

      context 'with an existing instructeur' do
        let(:old_admins) { [create(:administrateur)] }
        let(:admins) { [create(:administrateur)] }
        let!(:instructeur) { create(:instructeur, email: 'i@mail.com', administrateurs: old_admins) }

        before do
          User
            .find_by(email: email)
            .update!(instructeur: instructeur)
        end

        it 'keeps the existing instructeurs and adds administrateur' do
          user = subject
          expect(user.instructeur).to eq(instructeur)
          expect(user.instructeur.administrateurs).to match_array(old_admins + admins)
        end
      end
    end

    context 'with an invalid email' do
      let(:email) { 'invalid' }

      it 'does not build an instructeur' do
        user = subject
        expect(user.valid?).to be false
        expect(user.instructeur).to be_nil
      end
    end
  end

  describe '.create_or_promote_to_expert' do
    let(:email) { 'exp1@gmail.com' }
    let(:password) { 'un super expert !' }

    subject { User.create_or_promote_to_expert(email, password) }

    context 'with an invalid email' do
      let(:email) { 'invalid' }

      it 'does not build an expert' do
        user = subject
        expect(user.valid?).to be false
        expect(user.expert).to be_nil
      end
    end

    context 'without an existing user' do
      it do
        user = subject
        expect(user.valid_password?(password)).to be true
        expect(user.confirmed_at).to be_present
        expect(user.expert).to be_present
      end
    end

    context 'with an existing user' do
      before { create(:user, email: email, password: 'my-s3cure-p4ssword') }

      it 'keeps the previous password' do
        user = subject
        expect(user.valid_password?('my-s3cure-p4ssword')).to be true
        expect(user.expert).to be_present
      end

      context 'with an existing expert' do
        let!(:expert) { Expert.create }

        before do
          User
            .find_by(email: email)
            .update!(expert: expert)
        end

        it 'keeps the existing experts' do
          user = subject
          expect(user.expert).to eq(expert)
        end
      end
    end
  end

  describe 'invite_administrateur!' do
    let(:super_admin) { create(:super_admin) }
    let(:administrateur) { create(:administrateur) }
    let(:user) { administrateur.user }

    let(:mailer_double) { double('mailer', deliver_later: true) }

    before { allow(AdministrationMailer).to receive(:invite_admin).and_return(mailer_double) }

    subject { user.invite_administrateur!(super_admin.id) }

    context 'when the user is inactif' do
      before { subject }

      it { expect(AdministrationMailer).to have_received(:invite_admin).with(user, kind_of(String), super_admin.id) }
    end

    context 'when the user is actif' do
      before do
        user.update(last_sign_in_at: Time.zone.now)
        subject
      end

      it 'receives an invitation to update its password' do
        expect(AdministrationMailer).to have_received(:invite_admin).with(user, kind_of(String), super_admin.id)
      end
    end
  end

  describe '#active?' do
    let!(:user) { create(:user) }

    subject { user.active? }

    context 'when the user has never signed in' do
      before { user.update(last_sign_in_at: nil) }

      it { is_expected.to be false }
    end

    context 'when the user has already signed in' do
      before { user.update(last_sign_in_at: Time.zone.now) }

      it { is_expected.to be true }
    end
  end

  describe '#can_be_deleted?' do
    let(:user) { create(:user) }
    let(:administrateur) { create(:administrateur) }
    let(:instructeur) { create(:instructeur) }
    let(:expert) { create(:expert) }

    subject { user.can_be_deleted? }

    context 'when the user has a dossier in instruction' do
      let!(:dossier) { create(:dossier, :en_instruction, user: user) }

      it { is_expected.to be true }
    end

    context 'when the user has no dossier in instruction' do
      it { is_expected.to be true }
    end

    context 'when the user is an administrateur' do
      it 'cannot be deleted' do
        expect(administrateur.user.can_be_deleted?).to be_falsy
      end
    end

    context 'when the user is an instructeur' do
      it 'cannot be deleted' do
        expect(instructeur.user.can_be_deleted?).to be_falsy
      end
    end

    context 'when the user is an expert' do
      it 'cannot be deleted' do
        expect(expert.user.can_be_deleted?).to be_falsy
      end
    end
  end

  describe '#delete_and_keep_track_dossiers' do
    let(:super_admin) { create(:super_admin) }
    let(:user) { create(:user) }

    context 'without a dossier with processing strted' do
      let!(:dossier_en_construction) { create(:dossier, :en_construction, user: user) }
      let!(:dossier_brouillon) { create(:dossier, user: user) }

      context 'without a discarded dossier' do
        it "keep track of dossiers and delete user" do
          user.delete_and_keep_track_dossiers(super_admin)

          expect(DeletedDossier.find_by(dossier_id: dossier_en_construction)).to be_present
          expect(DeletedDossier.find_by(dossier_id: dossier_brouillon)).to be_nil
          expect(User.find_by(id: user.id)).to be_nil
        end
      end

      context 'with a deleted dossier' do
        let(:dossier_to_delete) { create(:dossier, :en_construction, user: user) }
        let!(:dossier_from_another_user) { create(:dossier, :en_construction, user: create(:user)) }

        it "keep track of dossiers and delete user" do
          dossier_to_delete.hide_and_keep_track!(user, :user_request)
          user.delete_and_keep_track_dossiers(super_admin)

          expect(DeletedDossier.find_by(dossier_id: dossier_en_construction)).to be_present
          expect(DeletedDossier.find_by(dossier_id: dossier_brouillon)).to be_nil
          expect(Dossier.find_by(id: dossier_from_another_user.id)).to be_present
          expect(User.find_by(id: user.id)).to be_nil
        end
      end
    end

    context 'with dossiers with processing started' do
      let!(:dossier_en_instruction) { create(:dossier, :en_instruction, user: user) }
      let!(:dossier_termine) { create(:dossier, :accepte, user: user) }

      it "keep track of dossiers and delete user" do
        user.delete_and_keep_track_dossiers(super_admin)

        expect(dossier_en_instruction.reload).to be_present
        expect(dossier_en_instruction.user).to be_nil
        expect(dossier_en_instruction.user_email_for(:display)).to eq(user.email)
        expect { dossier_en_instruction.user_email_for(:notification) }.to raise_error(RuntimeError)

        expect(dossier_termine.reload).to be_present
        expect(dossier_termine.user).to be_nil
        expect(dossier_termine.user_email_for(:display)).to eq(user.email)
        expect(dossier_termine.valid?).to be_truthy
        expect(dossier_termine.france_connect_information).to be_nil
        expect { dossier_termine.user_email_for(:notification) }.to raise_error(RuntimeError)

        expect(User.find_by(id: user.id)).to be_nil
      end
    end
  end

  describe '#password_complexity' do
    # This password list is sorted by password complexity, according to zxcvbn (used for complexity evaluation)
    # 0 - too guessable: risky password. (guesses < 10^3)
    # 1 - very guessable: protection from throttled online attacks. (guesses < 10^6)
    # 2 - somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8)
    # 3 - safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10)
    # 4 - very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10)
    passwords = ['password', '12pass23', 'démarches ', 'démarches-simple', '{My-$3cure-p4ssWord}']
    min_complexity = PASSWORD_COMPLEXITY_FOR_ADMIN

    subject do
      user.valid?
      user.errors.full_messages
    end

    context 'for administrateurs' do
      let(:user) { build(:user, email: 'admin@exemple.fr', password: password, administrateur: build(:administrateur, user: nil)) }

      context 'when the password is too short' do
        let(:password) { 's' * (PASSWORD_MIN_LENGTH - 1) }

        it 'reports an error about password length (but not about complexity)' do
          expect(subject).to eq(["Le mot de passe est trop court"])
        end
      end

      passwords[0..(min_complexity - 1)].each do |simple_password|
        context 'when the password is long enough, but too simple' do
          let(:password) { simple_password }

          it { expect(subject).to eq(["Le mot de passe n’est pas assez complexe"]) }
        end
      end

      context 'when the password is long and complex' do
        let(:password) { passwords[min_complexity] }

        it { expect(subject).to be_empty }
      end
    end

    context 'for simple users' do
      let(:user) { build(:user, email: 'user@exemple.fr', password: password) }

      context 'when the password is too short' do
        let(:password) { 's' * (PASSWORD_MIN_LENGTH - 1) }

        it 'reports an error about password length (but not about complexity)' do
          expect(subject).to eq(["Le mot de passe est trop court"])
        end
      end

      context 'when the password is long enough, but simple' do
        let(:password) { 'simple-password' }

        it 'doesn’t enforce the password complexity' do
          expect(subject).to be_empty
        end
      end
    end
  end

  describe '#merge' do
    let(:old_user) { create(:user) }
    let(:targeted_user) { create(:user) }

    subject { targeted_user.merge(old_user) }

    context 'and the old account has some stuff' do
      let!(:dossier) { create(:dossier, user: old_user) }
      let!(:hidden_dossier) { create(:dossier, user: old_user, hidden_by_user_at: 1.hour.ago) }
      let!(:invite) { create(:invite, user: old_user) }
      let!(:merge_log) { MergeLog.create(user: old_user, from_user_id: 1, from_user_email: 'a') }

      it 'transfers the dossier' do
        subject

        expect(targeted_user.dossiers).to contain_exactly(dossier, hidden_dossier)
        expect(targeted_user.invites).to match([invite])
        expect(targeted_user.merge_logs.first).to eq(merge_log)

        added_merge_log = targeted_user.merge_logs.last
        expect(added_merge_log.from_user_id).to eq(old_user.id)
        expect(added_merge_log.from_user_email).to eq(old_user.email)
      end
    end

    context 'and the old account belongs to an instructeur, expert and administrateur' do
      let!(:expert) { create(:expert, user: old_user) }
      let!(:administrateur) { create(:administrateur, user: old_user) }
      let!(:instructeur) { old_user.instructeur }

      it 'transfers instructeur account' do
        subject
        targeted_user.reload

        expect(targeted_user.instructeur).to match(instructeur)
        expect(targeted_user.administrateur).to match(administrateur)
        expect(targeted_user.expert).to match(expert)
      end

      context 'and the targeted account owns an instructeur and expert as well' do
        let!(:targeted_administrateur) { create(:administrateur, user: targeted_user) }
        let!(:targeted_instructeur) { targeted_user.instructeur }
        let!(:targeted_expert) { create(:expert, user: targeted_user) }

        it 'merge the account' do
          expect(targeted_instructeur).to receive(:merge).with(instructeur)
          expect(targeted_expert).to receive(:merge).with(expert)
          expect(targeted_administrateur).to receive(:merge).with(administrateur)

          subject

          expect { instructeur.reload }.to raise_error(ActiveRecord::RecordNotFound)
          expect { expert.reload }.to raise_error(ActiveRecord::RecordNotFound)
          expect { administrateur.reload }.to raise_error(ActiveRecord::RecordNotFound)
          expect { old_user.reload }.to raise_error(ActiveRecord::RecordNotFound)
        end
      end
    end

    context 'and the old account had targeted_user_links' do
      let(:expert) { create(:expert, user: old_user) }
      let(:expert_procedure) { create(:experts_procedure, expert: expert) }
      let!(:targeted_user_link) { create(:targeted_user_link, user: old_user, target_model: create(:avis, experts_procedure: expert_procedure)) }

      it 'transfers the targeted_user_link' do
        subject
        targeted_user.reload
        expect(targeted_user.targeted_user_links).to include(targeted_user_link)
      end
    end
  end
end
-												[#884] add user
											
										
										
											2015-09-23 10:02:01 +02:00
+								describe User, type: :model do
-												invite: move invites link to the `after_confirmation` callback

Refactored from 6a69d958dafa510b0f313e37eaa2cd12c7fd16ef

The `after_confirmation_path_for` isn't really made to be a callbback.
For instance, it is not executed during tests.

Moving the invitations linking to a proper documented callback allows
the linking to work in a testing environment, when invoking `user.confirm`.

											
										
										
											2018-09-19 11:56:05 +02:00
+								  describe '#after_confirmation' do
 								    let(:email) { 'mail@beta.gouv.fr' }
-												#3928 administrator new & edit pwd pages

											
										
										
											2019-06-20 00:36:50 +02:00
+								    let!(:invite) { create(:invite, email: email) }
-												invite: move invites link to the `after_confirmation` callback

Refactored from 6a69d958dafa510b0f313e37eaa2cd12c7fd16ef

The `after_confirmation_path_for` isn't really made to be a callbback.
For instance, it is not executed during tests.

Moving the invitations linking to a proper documented callback allows
the linking to work in a testing environment, when invoking `user.confirm`.

											
										
										
											2018-09-19 11:56:05 +02:00
+								    let!(:invite2) { create(:invite, email: email) }
 								    let(:user) do
 								      create(:user,
 								        email: email,
-												spec: replace reference to ds in password

											
										
										
											2020-07-21 16:49:26 +02:00
+								        password: 'my-s3cure-p4ssword',
-												invite: move invites link to the `after_confirmation` callback

Refactored from 6a69d958dafa510b0f313e37eaa2cd12c7fd16ef

The `after_confirmation_path_for` isn't really made to be a callbback.
For instance, it is not executed during tests.

Moving the invitations linking to a proper documented callback allows
the linking to work in a testing environment, when invoking `user.confirm`.

											
										
										
											2018-09-19 11:56:05 +02:00
+								        confirmation_token: '123',
 								        confirmed_at: nil)
 								    end
 								    it 'when confirming a user, it links the pending invitations to this user' do
 								      expect(user.invites.size).to eq(0)
 								      user.confirm
 								      expect(user.reload.invites.size).to eq(2)
 								    end
 								  end
-												Adds User#owns?

											
										
										
											2018-05-30 18:26:23 +02:00
+								  describe '#owns?' do
 								    let(:owner) { create(:user) }
 								    let(:dossier) { create(:dossier, user: owner) }
 								    let(:invite_user) { create(:user) }
-												Rename gestionnaire in code to instructeur

											
										
										
											2019-08-06 11:02:54 +02:00
+								    let(:invite_instructeur) { create(:user) }
-												Adds User#owns?

											
										
										
											2018-05-30 18:26:23 +02:00
 								    subject { user.owns?(dossier) }
 								    context 'when user is owner' do
 								      let(:user) { owner }
 								      it { is_expected.to be_truthy }
 								    end
 								    context 'when user was invited by user' do
 								      before do
-												InviteUser → Invite

											
										
										
											2018-10-10 09:23:08 +02:00
+								        create(:invite, dossier: dossier, user: invite_user)
-												Adds User#owns?

											
										
										
											2018-05-30 18:26:23 +02:00
+								      end
 								      let(:user) { invite_user }
 								      it { is_expected.to be_falsy }
 								    end
 								    context 'when user is quidam' do
 								      let(:user) { create(:user) }
 								      it { is_expected.to be_falsey }
 								    end
 								  end
-												User and Guest can be upload new documents on our recapitulative dossier page.

											
										
										
											2016-03-22 17:36:36 +01:00
+								  describe '#invite?' do
 								    let(:dossier) { create :dossier }
 								    let(:user) { dossier.user }
 								    subject { user.invite? dossier.id }
 								    context 'when user is invite at the dossier' do
 								      before do
 								        create :invite, dossier_id: dossier.id, user: user
 								      end
 								      it { is_expected.to be_truthy }
 								    end
 								    context 'when user is not invite at the dossier' do
 								      it { is_expected.to be_falsey }
 								    end
 								  end
-												Sync user/gestionnaire credentials (OpenSimplif)

Syncs email and password when either a gestionnaire or a user is
updated and it has an associated user or gestionnaire (same email).

											
										
										
											2016-10-11 10:31:32 +02:00
-												Use User#owns_or_invite? instead of Dossier#owner_or_invite?

											
										
										
											2018-05-30 18:31:02 +02:00
+								  describe '#owns_or_invite?' do
 								    let(:owner) { create(:user) }
 								    let(:dossier) { create(:dossier, user: owner) }
 								    let(:invite_user) { create(:user) }
-												Rename gestionnaire in code to instructeur

											
										
										
											2019-08-06 11:02:54 +02:00
+								    let(:invite_instructeur) { create(:user) }
-												Use User#owns_or_invite? instead of Dossier#owner_or_invite?

											
										
										
											2018-05-30 18:31:02 +02:00
 								    subject { user.owns_or_invite?(dossier) }
 								    context 'when user is owner' do
 								      let(:user) { owner }
 								      it { is_expected.to be_truthy }
 								    end
 								    context 'when user was invited by user' do
 								      before do
-												InviteUser → Invite

											
										
										
											2018-10-10 09:23:08 +02:00
+								        create(:invite, dossier: dossier, user: invite_user)
-												Use User#owns_or_invite? instead of Dossier#owner_or_invite?

											
										
										
											2018-05-30 18:31:02 +02:00
+								      end
 								      let(:user) { invite_user }
 								      it { is_expected.to be_truthy }
 								    end
 								    context 'when user is quidam' do
 								      let(:user) { create(:user) }
 								      it { is_expected.to be_falsey }
 								    end
 								  end
-												add User.create_or_promote_to_instructeur

											
										
										
											2019-08-16 18:15:05 +02:00
 								  describe '.create_or_promote_to_instructeur' do
 								    let(:email) { 'inst1@gmail.com' }
 								    let(:password) { 'un super password !' }
 								    let(:admins) { [] }
 								    subject { User.create_or_promote_to_instructeur(email, password, administrateurs: admins) }
 								    context 'without an existing user' do
 								      it do
 								        user = subject
 								        expect(user.valid_password?(password)).to be true
 								        expect(user.confirmed_at).to be_present
 								        expect(user.instructeur).to be_present
 								      end
 								      context 'with an administrateur' do
 								        let(:admins) { [create(:administrateur)] }
 								        it do
 								          user = subject
 								          expect(user.instructeur.administrateurs).to eq(admins)
 								        end
 								      end
 								    end
 								    context 'with an existing user' do
-												spec: replace reference to ds in password

											
										
										
											2020-07-21 16:49:26 +02:00
+								      before { create(:user, email: email, password: 'my-s3cure-p4ssword') }
-												add User.create_or_promote_to_instructeur

											
										
										
											2019-08-16 18:15:05 +02:00
 								      it 'keeps the previous password' do
 								        user = subject
-												spec: replace reference to ds in password

											
										
										
											2020-07-21 16:49:26 +02:00
+								        expect(user.valid_password?('my-s3cure-p4ssword')).to be true
-												add User.create_or_promote_to_instructeur

											
										
										
											2019-08-16 18:15:05 +02:00
+								        expect(user.instructeur).to be_present
 								      end
 								      context 'with an existing instructeur' do
 								        let(:old_admins) { [create(:administrateur)] }
 								        let(:admins) { [create(:administrateur)] }
-												instructeurs: create without providing the email

											
										
										
											2019-10-16 14:15:47 +02:00
+								        let!(:instructeur) { create(:instructeur, email: 'i@mail.com', administrateurs: old_admins) }
-												add User.create_or_promote_to_instructeur

											
										
										
											2019-08-16 18:15:05 +02:00
 								        before do
 								          User
 								            .find_by(email: email)
 								            .update!(instructeur: instructeur)
 								        end
 								        it 'keeps the existing instructeurs and adds administrateur' do
 								          user = subject
 								          expect(user.instructeur).to eq(instructeur)
-												fix flaky test

											
										
										
											2019-11-18 17:26:28 +01:00
+								          expect(user.instructeur.administrateurs).to match_array(old_admins + admins)
-												add User.create_or_promote_to_instructeur

											
										
										
											2019-08-16 18:15:05 +02:00
+								        end
 								      end
 								    end
 								    context 'with an invalid email' do
 								      let(:email) { 'invalid' }
 								      it 'does not build an instructeur' do
 								        user = subject
 								        expect(user.valid?).to be false
 								        expect(user.instructeur).to be_nil
 								      end
 								    end
 								  end
-												Invite_administrateur!: characterization test

											
										
										
											2019-11-05 09:12:14 +01:00
-												Add create expert method

											
										
										
											2021-01-15 16:33:36 +01:00
+								  describe '.create_or_promote_to_expert' do
 								    let(:email) { 'exp1@gmail.com' }
 								    let(:password) { 'un super expert !' }
 								    subject { User.create_or_promote_to_expert(email, password) }
 								    context 'with an invalid email' do
 								      let(:email) { 'invalid' }
 								      it 'does not build an expert' do
 								        user = subject
 								        expect(user.valid?).to be false
 								        expect(user.expert).to be_nil
 								      end
 								    end
 								    context 'without an existing user' do
 								      it do
 								        user = subject
 								        expect(user.valid_password?(password)).to be true
 								        expect(user.confirmed_at).to be_present
 								        expect(user.expert).to be_present
 								      end
 								    end
 								    context 'with an existing user' do
 								      before { create(:user, email: email, password: 'my-s3cure-p4ssword') }
 								      it 'keeps the previous password' do
 								        user = subject
 								        expect(user.valid_password?('my-s3cure-p4ssword')).to be true
 								        expect(user.expert).to be_present
 								      end
 								      context 'with an existing expert' do
 								        let!(:expert) { Expert.create }
 								        before do
 								          User
 								            .find_by(email: email)
 								            .update!(expert: expert)
 								        end
 								        it 'keeps the existing experts' do
 								          user = subject
 								          expect(user.expert).to eq(expert)
 								        end
 								      end
 								    end
 								  end
-												Invite_administrateur!: characterization test

											
										
										
											2019-11-05 09:12:14 +01:00
+								  describe 'invite_administrateur!' do
-												refacto: rename administration to super_admin

											
										
										
											2020-11-05 15:09:11 +01:00
+								    let(:super_admin) { create(:super_admin) }
-												Invite_administrateur!: characterization test

											
										
										
											2019-11-05 09:12:14 +01:00
+								    let(:administrateur) { create(:administrateur) }
 								    let(:user) { administrateur.user }
-												Cleaning spec

											
										
										
											2019-11-05 09:52:25 +01:00
+								    let(:mailer_double) { double('mailer', deliver_later: true) }
 								    before { allow(AdministrationMailer).to receive(:invite_admin).and_return(mailer_double) }
-												refacto: rename administration to super_admin

											
										
										
											2020-11-05 15:09:11 +01:00
+								    subject { user.invite_administrateur!(super_admin.id) }
-												Invite_administrateur!: characterization test

											
										
										
											2019-11-05 09:12:14 +01:00
 								    context 'when the user is inactif' do
-												Cleaning spec

											
										
										
											2019-11-05 09:52:25 +01:00
+								      before { subject }
-												Invite_administrateur!: characterization test

											
										
										
											2019-11-05 09:12:14 +01:00
-												refacto: rename administration to super_admin

											
										
										
											2020-11-05 15:09:11 +01:00
+								      it { expect(AdministrationMailer).to have_received(:invite_admin).with(user, kind_of(String), super_admin.id) }
-												Invite_administrateur!: characterization test

											
										
										
											2019-11-05 09:12:14 +01:00
+								    end
-												[fix #4473] Invite_administrateur!: do not reset password if the user is active

											
										
										
											2019-11-05 09:37:53 +01:00
 								    context 'when the user is actif' do
 								      before do
 								        user.update(last_sign_in_at: Time.zone.now)
 								        subject
 								      end
-												force password reset on admin promotion or creation

											
										
										
											2020-09-17 15:35:40 +02:00
+								      it 'receives an invitation to update its password' do
-												refacto: rename administration to super_admin

											
										
										
											2020-11-05 15:09:11 +01:00
+								        expect(AdministrationMailer).to have_received(:invite_admin).with(user, kind_of(String), super_admin.id)
-												force password reset on admin promotion or creation

											
										
										
											2020-09-17 15:35:40 +02:00
+								      end
-												[fix #4473] Invite_administrateur!: do not reset password if the user is active

											
										
										
											2019-11-05 09:37:53 +01:00
+								    end
-												Invite_administrateur!: characterization test

											
										
										
											2019-11-05 09:12:14 +01:00
+								  end
-												User get the active notion

											
										
										
											2019-11-05 10:01:07 +01:00
 								  describe '#active?' do
 								    let!(:user) { create(:user) }
 								    subject { user.active? }
 								    context 'when the user has never signed in' do
 								      before { user.update(last_sign_in_at: nil) }
 								      it { is_expected.to be false }
 								    end
 								    context 'when the user has already signed in' do
 								      before { user.update(last_sign_in_at: Time.zone.now) }
 								      it { is_expected.to be true }
 								    end
 								  end
-												tells if a user can be deleted

											
										
										
											2020-01-06 17:33:09 +01:00
 								  describe '#can_be_deleted?' do
 								    let(:user) { create(:user) }
-												Enable user destruction

											
										
										
											2021-05-01 12:20:24 +02:00
+								    let(:administrateur) { create(:administrateur) }
 								    let(:instructeur) { create(:instructeur) }
 								    let(:expert) { create(:expert) }
-												tells if a user can be deleted

											
										
										
											2020-01-06 17:33:09 +01:00
 								    subject { user.can_be_deleted? }
 								    context 'when the user has a dossier in instruction' do
 								      let!(:dossier) { create(:dossier, :en_instruction, user: user) }
-												Enable user destruction

											
										
										
											2021-05-01 12:20:24 +02:00
+								      it { is_expected.to be true }
-												tells if a user can be deleted

											
										
										
											2020-01-06 17:33:09 +01:00
+								    end
 								    context 'when the user has no dossier in instruction' do
 								      it { is_expected.to be true }
 								    end
-												Revert "Revert "4127 fix superadmin supprime compte usager""

This reverts commit 751f24f7bb79c7d9d0af4ef1b7afe7aeabb4cdbc.

											
										
										
											2020-01-30 10:48:28 +01:00
 								    context 'when the user is an administrateur' do
 								      it 'cannot be deleted' do
-												Enable user destruction

											
										
										
											2021-05-01 12:20:24 +02:00
+								        expect(administrateur.user.can_be_deleted?).to be_falsy
-												Revert "Revert "4127 fix superadmin supprime compte usager""

This reverts commit 751f24f7bb79c7d9d0af4ef1b7afe7aeabb4cdbc.

											
										
										
											2020-01-30 10:48:28 +01:00
+								      end
 								    end
 								    context 'when the user is an instructeur' do
 								      it 'cannot be deleted' do
-												Enable user destruction

											
										
										
											2021-05-01 12:20:24 +02:00
+								        expect(instructeur.user.can_be_deleted?).to be_falsy
 								      end
 								    end
-												Revert "Revert "4127 fix superadmin supprime compte usager""

This reverts commit 751f24f7bb79c7d9d0af4ef1b7afe7aeabb4cdbc.

											
										
										
											2020-01-30 10:48:28 +01:00
-												Enable user destruction

											
										
										
											2021-05-01 12:20:24 +02:00
+								    context 'when the user is an expert' do
 								      it 'cannot be deleted' do
 								        expect(expert.user.can_be_deleted?).to be_falsy
-												Revert "Revert "4127 fix superadmin supprime compte usager""

This reverts commit 751f24f7bb79c7d9d0af4ef1b7afe7aeabb4cdbc.

											
										
										
											2020-01-30 10:48:28 +01:00
+								      end
 								    end
-												tells if a user can be deleted

											
										
										
											2020-01-06 17:33:09 +01:00
+								  end
-												delete a user

											
										
										
											2020-01-08 10:50:16 +01:00
 								  describe '#delete_and_keep_track_dossiers' do
-												refacto: rename administration to super_admin

											
										
										
											2020-11-05 15:09:11 +01:00
+								    let(:super_admin) { create(:super_admin) }
-												delete a user

											
										
										
											2020-01-08 10:50:16 +01:00
+								    let(:user) { create(:user) }
-												Enable user destruction

											
										
										
											2021-05-01 12:20:24 +02:00
+								    context 'without a dossier with processing strted' do
-												delete a user

											
										
										
											2020-01-08 10:50:16 +01:00
+								      let!(:dossier_en_construction) { create(:dossier, :en_construction, user: user) }
 								      let!(:dossier_brouillon) { create(:dossier, user: user) }
-												use discard

											
										
										
											2020-02-05 16:09:03 +01:00
+								      context 'without a discarded dossier' do
-												Revert "Revert "4127 fix superadmin supprime compte usager""

This reverts commit 751f24f7bb79c7d9d0af4ef1b7afe7aeabb4cdbc.

											
										
										
											2020-01-30 10:48:28 +01:00
+								        it "keep track of dossiers and delete user" do
-												refacto: rename administration to super_admin

											
										
										
											2020-11-05 15:09:11 +01:00
+								          user.delete_and_keep_track_dossiers(super_admin)
-												delete a user

											
										
										
											2020-01-08 10:50:16 +01:00
-												test(dossier): update spec to use visible_by_administration

											
										
										
											2022-03-09 10:29:16 +01:00
+								          expect(DeletedDossier.find_by(dossier_id: dossier_en_construction)).to be_present
-												Always add a reason to dossier deletion

											
										
										
											2020-03-19 11:53:25 +01:00
+								          expect(DeletedDossier.find_by(dossier_id: dossier_brouillon)).to be_nil
-												Revert "Revert "4127 fix superadmin supprime compte usager""

This reverts commit 751f24f7bb79c7d9d0af4ef1b7afe7aeabb4cdbc.

											
										
										
											2020-01-30 10:48:28 +01:00
+								          expect(User.find_by(id: user.id)).to be_nil
 								        end
 								      end
-												test(dossier): update spec to use visible_by_administration

											
										
										
											2022-03-09 10:29:16 +01:00
+								      context 'with a deleted dossier' do
 								        let(:dossier_to_delete) { create(:dossier, :en_construction, user: user) }
-												Enable user destruction

											
										
										
											2021-05-01 12:20:24 +02:00
+								        let!(:dossier_from_another_user) { create(:dossier, :en_construction, user: create(:user)) }
-												Revert "Revert "4127 fix superadmin supprime compte usager""

This reverts commit 751f24f7bb79c7d9d0af4ef1b7afe7aeabb4cdbc.

											
										
										
											2020-01-30 10:48:28 +01:00
 								        it "keep track of dossiers and delete user" do
-												test(dossier): update spec to use visible_by_administration

											
										
										
											2022-03-09 10:29:16 +01:00
+								          dossier_to_delete.hide_and_keep_track!(user, :user_request)
-												refacto: rename administration to super_admin

											
										
										
											2020-11-05 15:09:11 +01:00
+								          user.delete_and_keep_track_dossiers(super_admin)
-												Revert "Revert "4127 fix superadmin supprime compte usager""

This reverts commit 751f24f7bb79c7d9d0af4ef1b7afe7aeabb4cdbc.

											
										
										
											2020-01-30 10:48:28 +01:00
-												test(dossier): update spec to use visible_by_administration

											
										
										
											2022-03-09 10:29:16 +01:00
+								          expect(DeletedDossier.find_by(dossier_id: dossier_en_construction)).to be_present
-												Always add a reason to dossier deletion

											
										
										
											2020-03-19 11:53:25 +01:00
+								          expect(DeletedDossier.find_by(dossier_id: dossier_brouillon)).to be_nil
-												Enable user destruction

											
										
										
											2021-05-01 12:20:24 +02:00
+								          expect(Dossier.find_by(id: dossier_from_another_user.id)).to be_present
-												Revert "Revert "4127 fix superadmin supprime compte usager""

This reverts commit 751f24f7bb79c7d9d0af4ef1b7afe7aeabb4cdbc.

											
										
										
											2020-01-30 10:48:28 +01:00
+								          expect(User.find_by(id: user.id)).to be_nil
 								        end
-												Enable user destruction

											
										
										
											2021-05-01 12:20:24 +02:00
+								      end
 								    end
-												destroys not all dossiers

but only dossiers for a specific user

											
										
										
											2020-01-30 11:18:01 +01:00
-												Dossier without user should be valid

											
										
										
											2021-05-11 17:49:29 +02:00
+								    context 'with dossiers with processing started' do
-												Enable user destruction

											
										
										
											2021-05-01 12:20:24 +02:00
+								      let!(:dossier_en_instruction) { create(:dossier, :en_instruction, user: user) }
 								      let!(:dossier_termine) { create(:dossier, :accepte, user: user) }
-												destroys not all dossiers

but only dossiers for a specific user

											
										
										
											2020-01-30 11:18:01 +01:00
-												Enable user destruction

											
										
										
											2021-05-01 12:20:24 +02:00
+								      it "keep track of dossiers and delete user" do
 								        user.delete_and_keep_track_dossiers(super_admin)
 								        expect(dossier_en_instruction.reload).to be_present
 								        expect(dossier_en_instruction.user).to be_nil
 								        expect(dossier_en_instruction.user_email_for(:display)).to eq(user.email)
 								        expect { dossier_en_instruction.user_email_for(:notification) }.to raise_error(RuntimeError)
 								        expect(dossier_termine.reload).to be_present
 								        expect(dossier_termine.user).to be_nil
 								        expect(dossier_termine.user_email_for(:display)).to eq(user.email)
-												Dossier without user should be valid

											
										
										
											2021-05-11 17:49:29 +02:00
+								        expect(dossier_termine.valid?).to be_truthy
-												Fix dossier deleted user display

											
										
										
											2021-05-12 19:04:31 +02:00
+								        expect(dossier_termine.france_connect_information).to be_nil
-												Enable user destruction

											
										
										
											2021-05-01 12:20:24 +02:00
+								        expect { dossier_termine.user_email_for(:notification) }.to raise_error(RuntimeError)
 								        expect(User.find_by(id: user.id)).to be_nil
-												delete a user

											
										
										
											2020-01-08 10:50:16 +01:00
+								      end
 								    end
 								  end
-												add complexity check to admin account creation

											
										
										
											2020-09-17 15:53:03 +02:00
 								  describe '#password_complexity' do
-												add a test scenario for users

											
										
										
											2020-09-17 16:08:08 +02:00
+								    # This password list is sorted by password complexity, according to zxcvbn (used for complexity evaluation)
 								    # 0 - too guessable: risky password. (guesses < 10^3)
 								    # 1 - very guessable: protection from throttled online attacks. (guesses < 10^6)
 								    # 2 - somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8)
 								    # 3 - safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10)
 								    # 4 - very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10)
-												models: improve password complexity specs
											
										
										
											2021-09-09 16:40:23 +02:00
+								    passwords = ['password', '12pass23', 'démarches ', 'démarches-simple', '{My-$3cure-p4ssWord}']
-												add a test scenario for users

											
										
										
											2020-09-17 16:08:08 +02:00
+								    min_complexity = PASSWORD_COMPLEXITY_FOR_ADMIN
-												models: improve password complexity specs
											
										
										
											2021-09-09 16:40:23 +02:00
+								    subject do
 								      user.valid?
 								      user.errors.full_messages
 								    end
-												add a test scenario for users

											
										
										
											2020-09-17 16:08:08 +02:00
-												models: improve password complexity specs
											
										
										
											2021-09-09 16:40:23 +02:00
+								    context 'for administrateurs' do
-												models: inverse the direction of the User role associations
											
										
										
											2022-03-15 17:28:22 +01:00
+								      let(:user) { build(:user, email: 'admin@exemple.fr', password: password, administrateur: build(:administrateur, user: nil)) }
-												add complexity check to admin account creation

											
										
										
											2020-09-17 15:53:03 +02:00
-												models: improve password complexity specs
											
										
										
											2021-09-09 16:40:23 +02:00
+								      context 'when the password is too short' do
-												add a test scenario for users

											
										
										
											2020-09-17 16:08:08 +02:00
+								        let(:password) { 's' * (PASSWORD_MIN_LENGTH - 1) }
-												add complexity check to admin account creation

											
										
										
											2020-09-17 15:53:03 +02:00
-												models: improve password complexity specs
											
										
										
											2021-09-09 16:40:23 +02:00
+								        it 'reports an error about password length (but not about complexity)' do
 								          expect(subject).to eq(["Le mot de passe est trop court"])
 								        end
-												add a test scenario for users

											
										
										
											2020-09-17 16:08:08 +02:00
+								      end
-												add complexity check to admin account creation

											
										
										
											2020-09-17 15:53:03 +02:00
-												models: improve password complexity specs
											
										
										
											2021-09-09 16:40:23 +02:00
+								      passwords[0..(min_complexity - 1)].each do |simple_password|
 								        context 'when the password is long enough, but too simple' do
 								          let(:password) { simple_password }
-												add a test scenario for users

											
										
										
											2020-09-17 16:08:08 +02:00
 								          it { expect(subject).to eq(["Le mot de passe n’est pas assez complexe"]) }
 								        end
 								      end
-												add complexity check to admin account creation

											
										
										
											2020-09-17 15:53:03 +02:00
-												models: improve password complexity specs
											
										
										
											2021-09-09 16:40:23 +02:00
+								      context 'when the password is long and complex' do
-												add a test scenario for users

											
										
										
											2020-09-17 16:08:08 +02:00
+								        let(:password) { passwords[min_complexity] }
-												add complexity check to admin account creation

											
										
										
											2020-09-17 15:53:03 +02:00
-												models: improve password complexity specs
											
										
										
											2021-09-09 16:40:23 +02:00
+								        it { expect(subject).to be_empty }
-												add a test scenario for users

											
										
										
											2020-09-17 16:08:08 +02:00
+								      end
-												add complexity check to admin account creation

											
										
										
											2020-09-17 15:53:03 +02:00
+								    end
-												models: improve password complexity specs
											
										
										
											2021-09-09 16:40:23 +02:00
+								    context 'for simple users' do
 								      let(:user) { build(:user, email: 'user@exemple.fr', password: password) }
 								      context 'when the password is too short' do
 								        let(:password) { 's' * (PASSWORD_MIN_LENGTH - 1) }
 								        it 'reports an error about password length (but not about complexity)' do
 								          expect(subject).to eq(["Le mot de passe est trop court"])
 								        end
 								      end
 								      context 'when the password is long enough, but simple' do
 								        let(:password) { 'simple-password' }
 								        it 'doesn’t enforce the password complexity' do
 								          expect(subject).to be_empty
-												add a test scenario for users

											
										
										
											2020-09-17 16:08:08 +02:00
+								        end
 								      end
-												add complexity check to admin account creation

											
										
										
											2020-09-17 15:53:03 +02:00
+								    end
 								  end
-												move merge method to user

											
										
										
											2021-10-22 15:17:25 +02:00
 								  describe '#merge' do
 								    let(:old_user) { create(:user) }
 								    let(:targeted_user) { create(:user) }
 								    subject { targeted_user.merge(old_user) }
-												merge move invite as well

											
										
										
											2021-10-28 12:09:35 +02:00
+								    context 'and the old account has some stuff' do
-												move merge method to user

											
										
										
											2021-10-22 15:17:25 +02:00
+								      let!(:dossier) { create(:dossier, user: old_user) }
-												test(dossier): update spec to use visible_by_administration

											
										
										
											2022-03-09 10:29:16 +01:00
+								      let!(:hidden_dossier) { create(:dossier, user: old_user, hidden_by_user_at: 1.hour.ago) }
-												merge move invite as well

											
										
										
											2021-10-28 12:09:35 +02:00
+								      let!(:invite) { create(:invite, user: old_user) }
-												Add merge log

											
										
										
											2021-10-26 14:41:30 +02:00
+								      let!(:merge_log) { MergeLog.create(user: old_user, from_user_id: 1, from_user_email: 'a') }
-												move merge method to user

											
										
										
											2021-10-22 15:17:25 +02:00
 								      it 'transfers the dossier' do
 								        subject
-												test(dossier): update spec to use visible_by_administration

											
										
										
											2022-03-09 10:29:16 +01:00
+								        expect(targeted_user.dossiers).to contain_exactly(dossier, hidden_dossier)
-												merge move invite as well

											
										
										
											2021-10-28 12:09:35 +02:00
+								        expect(targeted_user.invites).to match([invite])
-												Add merge log

											
										
										
											2021-10-26 14:41:30 +02:00
+								        expect(targeted_user.merge_logs.first).to eq(merge_log)
 								        added_merge_log = targeted_user.merge_logs.last
 								        expect(added_merge_log.from_user_id).to eq(old_user.id)
 								        expect(added_merge_log.from_user_email).to eq(old_user.email)
-												move merge method to user

											
										
										
											2021-10-22 15:17:25 +02:00
+								      end
 								    end
 								    context 'and the old account belongs to an instructeur, expert and administrateur' do
 								      let!(:expert) { create(:expert, user: old_user) }
 								      let!(:administrateur) { create(:administrateur, user: old_user) }
 								      let!(:instructeur) { old_user.instructeur }
 								      it 'transfers instructeur account' do
 								        subject
 								        targeted_user.reload
 								        expect(targeted_user.instructeur).to match(instructeur)
 								        expect(targeted_user.administrateur).to match(administrateur)
-												models: inverse the direction of the User role associations
											
										
										
											2022-03-15 17:28:22 +01:00
+								        expect(targeted_user.expert).to match(expert)
-												move merge method to user

											
										
										
											2021-10-22 15:17:25 +02:00
+								      end
 								      context 'and the targeted account owns an instructeur and expert as well' do
 								        let!(:targeted_administrateur) { create(:administrateur, user: targeted_user) }
 								        let!(:targeted_instructeur) { targeted_user.instructeur }
 								        let!(:targeted_expert) { create(:expert, user: targeted_user) }
 								        it 'merge the account' do
 								          expect(targeted_instructeur).to receive(:merge).with(instructeur)
 								          expect(targeted_expert).to receive(:merge).with(expert)
 								          expect(targeted_administrateur).to receive(:merge).with(administrateur)
 								          subject
-												merge destroys the old role and account

											
										
										
											2021-10-28 12:09:30 +02:00
 								          expect { instructeur.reload }.to raise_error(ActiveRecord::RecordNotFound)
 								          expect { expert.reload }.to raise_error(ActiveRecord::RecordNotFound)
 								          expect { administrateur.reload }.to raise_error(ActiveRecord::RecordNotFound)
 								          expect { old_user.reload }.to raise_error(ActiveRecord::RecordNotFound)
-												move merge method to user

											
										
										
											2021-10-22 15:17:25 +02:00
+								        end
 								      end
 								    end
-												feat(targeted_user_link): add targeted user link to wrap expert invitation in order to avoid access issue when the expert is connected with another account

feat(user.merge): ensure to merge user.targeted_user_link

Update app/models/targeted_user_link.rb

Co-authored-by: LeSim <mail@simon.lehericey.net>

Update app/models/targeted_user_link.rb

Co-authored-by: LeSim <mail@simon.lehericey.net>

Update app/models/targeted_user_link.rb

Co-authored-by: LeSim <mail@simon.lehericey.net>

feat(db/create_targeted_user_links): ensure not null with fk

											
										
										
											2022-05-23 15:09:22 +02:00
 								    context 'and the old account had targeted_user_links' do
 								      let(:expert) { create(:expert, user: old_user) }
 								      let(:expert_procedure) { create(:experts_procedure, expert: expert) }
 								      let!(:targeted_user_link) { create(:targeted_user_link, user: old_user, target_model: create(:avis, experts_procedure: expert_procedure)) }
 								      it 'transfers the targeted_user_link' do
 								        subject
 								        targeted_user.reload
 								        expect(targeted_user.targeted_user_links).to include(targeted_user_link)
 								      end
 								    end
-												move merge method to user

											
										
										
											2021-10-22 15:17:25 +02:00
+								  end
-												[#884] add user
											
										
										
											2015-09-23 10:02:01 +02:00
+								end