Merge commit '1960aac90b16fce1ec620ac990aa931efcf04700' into glitch-soc/merge-upstream

2025-12-15 16:59:41 +00:00 · 2025-03-22 15:41:48 +01:00
parent 62c27ef69b 1960aac90b
commit f1fa6b3cd0
25 changed files with 211 additions and 148 deletions
--- a/spec/system/admin/action_logs_spec.rb
+++ b/spec/system/admin/action_logs_spec.rb
@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Admin Action Logs' do
+  # Action logs typically cause issues when their targets are not in the database
+  let!(:account) { Fabricate(:account) }
+
+  before do
+    populate_action_logs
+    sign_in Fabricate(:admin_user)
+  end
+
+  describe 'Viewing action logs' do
+    it 'shows page with action logs listed' do
+      visit admin_action_logs_path
+
+      expect(page)
+        .to have_title(I18n.t('admin.action_logs.title'))
+        .and have_css('.log-entry')
+    end
+  end
+
+  private
+
+  def populate_action_logs
+    orphaned_log_types.map do |type|
+      Fabricate(:action_log, account: account, action: 'destroy', target_type: type, target_id: 1312)
+    end
+  end
+
+  def orphaned_log_types
+    %w(
+      Account
+      AccountWarning
+      Announcement
+      Appeal
+      CanonicalEmailBlock
+      CustomEmoji
+      DomainAllow
+      DomainBlock
+      EmailDomainBlock
+      Instance
+      IpBlock
+      Report
+      Status
+      UnavailableDomain
+      User
+      UserRole
+    )
+  end
+end
--- a/spec/system/admin/change_emails_spec.rb
+++ b/spec/system/admin/change_emails_spec.rb
@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Admin Change Emails' do
+  let(:admin) { Fabricate(:admin_user) }
+
+  before { sign_in admin }
+
+  describe 'Changing the email address for a user', :inline_jobs do
+    let(:user) { Fabricate :user }
+
+    it 'updates user details and sends email' do
+      visit admin_account_change_email_path(user.account.id)
+      expect(page)
+        .to have_title(I18n.t('admin.accounts.change_email.title', username: user.account.username))
+
+      fill_in 'user_unconfirmed_email', with: 'test@host.example'
+      emails = capture_emails { process_change_email }
+      expect(emails.first)
+        .to be_present
+        .and(deliver_to('test@host.example'))
+        .and(have_subject(/Confirm email/))
+      expect(page)
+        .to have_title(user.account.pretty_acct)
+    end
+
+    def process_change_email
+      expect { click_on I18n.t('admin.accounts.change_email.submit') }
+        .to not_change { user.reload.email }
+        .and(change { user.reload.unconfirmed_email }.to('test@host.example'))
+        .and(change { user.reload.confirmation_token }.from(nil).to(be_present))
+    end
+  end
+end
--- a/spec/system/admin/users/two_factor_authentications_spec.rb
+++ b/spec/system/admin/users/two_factor_authentications_spec.rb
@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+require 'webauthn/fake_client'
+
+RSpec.describe 'Admin Users TwoFactorAuthentications' do
+  let(:user) { Fabricate(:user) }
+
+  before { sign_in Fabricate(:admin_user) }
+
+  describe 'Disabling 2FA for users' do
+    before { stub_webauthn_credential }
+
+    let(:fake_client) { WebAuthn::FakeClient.new('http://test.host') }
+
+    context 'when user has OTP enabled' do
+      before { user.update(otp_required_for_login: true) }
+
+      it 'disables OTP and redirects to admin account page' do
+        visit admin_account_path(user.account.id)
+
+        expect { disable_two_factor }
+          .to change { user.reload.otp_enabled? }.to(false)
+        expect(page)
+          .to have_title(user.account.pretty_acct)
+      end
+    end
+
+    context 'when user has OTP and WebAuthn enabled' do
+      before { user.update(otp_required_for_login: true, webauthn_id: WebAuthn.generate_user_id) }
+
+      it 'disables OTP and webauthn and redirects to admin account page' do
+        visit admin_account_path(user.account.id)
+
+        expect { disable_two_factor }
+          .to change { user.reload.otp_enabled? }.to(false)
+          .and(change { user.reload.webauthn_enabled? }.to(false))
+        expect(page)
+          .to have_title(user.account.pretty_acct)
+      end
+    end
+
+    def disable_two_factor
+      click_on I18n.t('admin.accounts.disable_two_factor_authentication')
+    end
+
+    def stub_webauthn_credential
+      public_key_credential = WebAuthn::Credential.from_create(fake_client.create)
+      Fabricate(
+        :webauthn_credential,
+        external_id: public_key_credential.id,
+        nickname: 'Security Key',
+        public_key: public_key_credential.public_key,
+        user_id: user.id
+      )
+    end
+  end
+end