Add invalid token flow with feature specs

mumuki · Mar 11, 2021 · ef25533 · ef25533
1 parent 143d03a
commit ef25533
Show file tree

Hide file tree

Showing 10 changed files with 115 additions and 20 deletions.
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
@@ -51,6 +51,10 @@ def send_delete_confirmation_email
   end
 
   def delete_confirmation
+    redirect_to delete_confirmation_invalid_user_path unless @user.delete_account_token_matches? params[:token]
+  end
+
+  def delete_confirmation_invalid
   end
 
   def disable

diff --git a/app/views/users/_user_delete_modal.html.erb b/app/views/users/_user_delete_modal.html.erb
@@ -1,6 +1,6 @@
 <script type="text/javascript" charset="utf-8">
   function checkConfirmationText() {
-    const val = $('#confirmDeleteInput').val();
+    const val = $('#confirm-delete-input').val();
     $('#delete-account-button').prop('disabled', val !== '<%= t :delete_account_confirmation_text %>');
   }
 </script>
@@ -32,7 +32,7 @@
           <div class="row">
             <%= form_with url: submit_url do |f| %>
               <div class="form-group">
-                <input class="form-control" type="text" id="confirmDeleteInput" autocomplete="off" onkeyup="checkConfirmationText()">
+                <input class="form-control" type="text" id="confirm-delete-input" autocomplete="off" onkeyup="checkConfirmationText()">
               </div>
               <%= f.submit t(:delete_account_agree), class: 'btn btn-danger', id: 'delete-account-button', disabled: true %>
             <% end %>

diff --git a/app/views/users/delete_confirmation_invalid.html.erb b/app/views/users/delete_confirmation_invalid.html.erb
@@ -0,0 +1,24 @@
+<%= content_for :breadcrumbs do %>
+  <%= breadcrumbs @user %>
+<% end %>
+
+<div class="row">
+  <div class="mu-inline-block-left">
+    <h1>
+      <%= t :delete_account %>
+    </h1>
+  </div>
+</div>
+
+<div class="row">
+  <div class="col-md-12">
+    <p>
+      Lo sentimos, el enlace que te trajo hasta aquí ha expirado o es inválido.
+      <%= t :delete_account_invalid_token %>
+    </p>
+    <p>
+      Si todavía querés eliminar tu cuenta, volvé a iniciar el proceso desde <%= link_to 'tu perfil', user_path %>.
+      <%= t :delete_account_try_again_html, profile_url: user_path %>
+    </p>
+  </div>
+</div>
diff --git a/config/routes.rb b/config/routes.rb
@@ -68,6 +68,7 @@
       get :certificates
       get :delete_request
       post :delete_request, to: 'users#send_delete_confirmation_email'
+      get :delete_confirmation_invalid
       get :delete_confirmation
       post :delete_confirmation, to: 'users#disable'
     end

diff --git a/lib/mumuki/laboratory/locales/en.yml b/lib/mumuki/laboratory/locales/en.yml
@@ -70,8 +70,10 @@ en:
   delete_account_confirmation_request: To confirm this action, please write
   delete_account_confirmation_text: delete my account
   delete_account_explain: After deleting your account, you will lose access to all the contents and to your progress.
+  delete_account_invalid_token: We are sorry, the link has expired or is invalid.
   delete_account_modal_explain_html: <p>You're about to delete <strong>%{name}</strong> account</p><p>By doing that, you will lose access to the following paths:</p>
   delete_account_mumuki: Delete your Mumuki account
+  delete_account_try_again_html: If you still want to delete your account, begin the process again from <a href="&{profile_url}">your profile</a>.
   description: Description
   destroy: Destroy
   destroy_message: delete the message

diff --git a/lib/mumuki/laboratory/locales/es-CL.yml b/lib/mumuki/laboratory/locales/es-CL.yml
@@ -71,9 +71,11 @@ es-CL:
   delete_account_confirmation_text: quiero eliminar mi cuenta
     <p>Si no lo recibiste, por favor escribinos a <a href="%{support_email}">%{support_email}</a>.</p>
   delete_account_explain: Al eliminar tu cuenta, perderás acceso a todos los contenidos, así como a tu progreso.
+  delete_account_invalid_token: Lo sentimos, el enlace que te trajo hasta aquí ha expirado o es inválido.
   delete_account_modal_explain_html: <p>Estás a punto de eliminar la cuenta de <strong>%{name}</strong></p>
             <p>Al hacerlo, perderás acceso a los siguientes recorridos:</p>
   delete_account_mumuki: Eliminar tu cuenta de Mumuki
+  delete_account_try_again_html: Si todavía quieres eliminar tu cuenta, volvé a iniciar el proceso desde <a href="{profile_url}">tu perfil</a>.
   description: Descripción
   destroy_message: eliminar el mensaje
   destroy: Eliminar

diff --git a/lib/mumuki/laboratory/locales/es.yml b/lib/mumuki/laboratory/locales/es.yml
@@ -76,8 +76,10 @@ es:
   delete_account_confirmation_request: Para confirmar esta acción, escribí
   delete_account_confirmation_text: quiero eliminar mi cuenta
   delete_account_explain: Al eliminar tu cuenta, perderás acceso a todos los contenidos, así como a tu progreso.
+  delete_account_invalid_token: Lo sentimos, el enlace que te trajo hasta aquí ha expirado o es inválido.
   delete_account_modal_explain_html: <p>Estás a punto de eliminar la cuenta de <strong>%{name}</strong></p><p>Al hacerlo, perderás acceso a los siguientes recorridos:</p>
   delete_account_mumuki: Eliminar tu cuenta de Mumuki
+  delete_account_try_again_html: Si todavía querés eliminar tu cuenta, volvé a iniciar el proceso desde <a href="&{profile_url}">tu perfil</a>.
   description: Descripción
   destroy_message: eliminar el mensaje
   destroy: Eliminar

diff --git a/spec/capybara_helper.rb b/spec/capybara_helper.rb
@@ -75,27 +75,35 @@ class ActionDispatch::Request
   EOR
 end
 
-def exclude_selenium_failing_tests!
+def exclude_tests_with_tags!(tags)
   RSpec.configure do |config|
-    config.filter_run_excluding(
-      # Response headers are not supported by Selenium Driver
-      :http_response_headers,
-
-      # TODO: the following ignored groups should be fixed
-      :element_not_interactable_error,
-      :invalid_selector_error,
-      :json_eq_error,
-      :navigation_error,
-      :organization_not_nil,
-      :xpath_no_matches,
-
-      # Fails because Rails redirection doesn't include Capybara port.
-      # It can be fixed by using path mapping instead of subdomain.
-      :subdomain_redirection_without_port
-    )
+    config.filter_run_excluding(tags)
   end
 end
 
+def exclude_selenium_failing_tests!
+  exclude_tests_with_tags! [
+    # Response headers are not supported by Selenium Driver
+    :http_response_headers,
+
+    # TODO: the following ignored groups should be fixed
+    :element_not_interactable_error,
+    :invalid_selector_error,
+    :json_eq_error,
+    :navigation_error,
+    :organization_not_nil,
+    :xpath_no_matches,
+
+    # Fails because Rails redirection doesn't include Capybara port.
+    # It can be fixed by using path mapping instead of subdomain.
+    :subdomain_redirection_without_port
+   ]
+end
+
+def exclude_js_dependant_tests!
+  exclude_tests_with_tags! [:requires_js]
+end
+
 # Configuration
 
 register_safari_driver! if selected_driver == :selenium_safari
@@ -110,6 +118,8 @@ def exclude_selenium_failing_tests!
 
   # Include port on the URL, so we don't need to forward it via nginx or so
   Capybara.always_include_port = true
+else
+  exclude_js_dependant_tests!
 end
 
 puts "Running Capybara tests with #{selected_driver}, #{Capybara.ignore_hidden_elements ? '' : 'not '}ignoring hidden elements"
diff --git a/spec/dummy/db/schema.rb b/spec/dummy/db/schema.rb
@@ -510,7 +510,7 @@
     t.boolean "banned_from_forum"
     t.boolean "uppercase_mode"
     t.string "delete_account_token"
-    t.datetime "delete_account_token_expiration"
+    t.datetime "delete_account_token_expiration_date"
     t.index ["avatar_type", "avatar_id"], name: "index_users_on_avatar_type_and_avatar_id"
     t.index ["disabled_at"], name: "index_users_on_disabled_at"
     t.index ["last_organization_id"], name: "index_users_on_last_organization_id"

diff --git a/spec/features/delete_account_flow_spec.rb b/spec/features/delete_account_flow_spec.rb
@@ -0,0 +1,50 @@
+require 'spec_helper'
+
+feature 'Delete account Flow', organization_workspace: :test, requires_js: true do
+  before { set_current_user! user }
+
+  def accept_delete_confirmation_modal!
+    within '#user-delete-account-modal' do
+      fill_in 'confirm-delete-input', with: 'delete my account'
+      click_on 'delete-account-button'
+    end
+  end
+
+  context 'Step 1: delete request' do
+    let(:user) { create(:user, email: 'pirulo@mail.com') }
+
+    before do
+      visit user_path
+      click_on 'Delete account'
+      accept_delete_confirmation_modal!
+    end
+
+    context 'redirects to confirmation view' do
+      it { expect(page).to have_text 'We sent you an email to pirulo@mail.com' }
+    end
+  end
+
+  context 'Step 2: delete confirmation' do
+    let(:expiration_date) { 2.days.from_now }
+    let(:user) { create(:user, delete_account_token: 'abc1234', delete_account_token_expiration_date: expiration_date) }
+
+    before { visit delete_confirmation_user_path token: token }
+
+    context 'with valid token' do
+      let(:token) { 'abc1234' }
+      before { accept_delete_confirmation_modal! }
+      it { expect(page).to have_text 'You are not allowed to see this content' }
+    end
+
+    context 'with invalid token' do
+      let(:token) { 'faketoken' }
+      it { expect(page).to have_text 'We are sorry, the link has expired or is invalid' }
+    end
+
+    context 'with expired token' do
+      let(:token) { 'abc1234' }
+      let(:expiration_date) { 1.hour.ago }
+      it { expect(page).to have_text 'We are sorry, the link has expired or is invalid' }
+    end
+  end
+end