FEATURE: login by a link from email

Co-authored-by: tgxworld <tgx@discourse.org>

spec/requests/session_controller_spec.rb

@@ -0,0 +1,141 @@
+require 'rails_helper'
+
+RSpec.describe SessionController do
+  let(:email_token) { Fabricate(:email_token) }
+  let(:user) { email_token.user }
+
+  describe '#email_login' do
+    before do
+      SiteSetting.enable_local_logins_via_email = true
+    end
+
+    context 'missing token' do
+      it 'returns the right response' do
+        get "/session/email-login"
+        expect(response.status).to eq(404)
+      end
+    end
+
+    context 'invalid token' do
+      it 'returns the right response' do
+        get "/session/email-login/adasdad"
+
+        expect(response).to be_success
+
+        expect(CGI.unescapeHTML(response.body)).to match(
+          I18n.t('email_login.invalid_token')
+        )
+      end
+
+      context 'when token has expired' do
+        it 'should return the right response' do
+          email_token.update!(created_at: 999.years.ago)
+
+          get "/session/email-login/#{email_token.token}"
+
+          expect(response).to be_success
+
+          expect(CGI.unescapeHTML(response.body)).to match(
+            I18n.t('email_login.invalid_token')
+          )
+        end
+      end
+    end
+
+    context 'valid token' do
+      it 'returns success' do
+        get "/session/email-login/#{email_token.token}"
+
+        expect(response).to redirect_to("/")
+      end
+
+      it 'fails when local logins via email is disabled' do
+        SiteSetting.enable_local_logins_via_email = false
+
+        get "/session/email-login/#{email_token.token}"
+
+        expect(response.status).to eq(404)
+      end
+
+      it 'fails when local logins is disabled' do
+        SiteSetting.enable_local_logins = false
+
+        get "/session/email-login/#{email_token.token}"
+
+        expect(response.status).to eq(500)
+      end
+
+      it "doesn't log in the user when not approved" do
+        SiteSetting.must_approve_users = true
+
+        get "/session/email-login/#{email_token.token}"
+
+        expect(response.status).to eq(200)
+
+        expect(CGI.unescapeHTML(response.body)).to include(
+          I18n.t("login.not_approved")
+        )
+      end
+
+      context "when admin IP address is not valid" do
+        before do
+          Fabricate(:screened_ip_address,
+            ip_address: "111.111.11.11",
+            action_type: ScreenedIpAddress.actions[:allow_admin]
+          )
+
+          SiteSetting.use_admin_ip_whitelist = true
+          user.update!(admin: true)
+        end
+
+        it 'returns the right response' do
+          get "/session/email-login/#{email_token.token}"
+
+          expect(response.status).to eq(200)
+
+          expect(CGI.unescapeHTML(response.body)).to include(
+            I18n.t("login.admin_not_allowed_from_ip_address", username: user.username)
+          )
+        end
+      end
+
+      context "when IP address is blocked" do
+        let(:permitted_ip_address) { '111.234.23.11' }
+
+        before do
+          Fabricate(:screened_ip_address,
+            ip_address: permitted_ip_address,
+            action_type: ScreenedIpAddress.actions[:block]
+          )
+        end
+
+        it 'returns the right response' do
+          ActionDispatch::Request.any_instance.stubs(:remote_ip).returns(permitted_ip_address)
+
+          get "/session/email-login/#{email_token.token}"
+
+          expect(response.status).to eq(200)
+
+          expect(CGI.unescapeHTML(response.body)).to include(
+            I18n.t("login.not_allowed_from_ip_address", username: user.username)
+          )
+        end
+      end
+
+      it "fails when user is suspended" do
+        user.update!(
+          suspended_till: 2.days.from_now,
+          suspended_at: Time.zone.now
+        )
+
+        get "/session/email-login/#{email_token.token}"
+
+        expect(response.status).to eq(200)
+
+        expect(CGI.unescapeHTML(response.body)).to include(I18n.t("login.suspended",
+          date: I18n.l(user.suspended_till, format: :date_only)
+        ))
+      end
+    end
+  end
+end