Merge branch 'master' into improve-registrant-area

test/fixtures/users.yml

@@ -1,6 +1,6 @@
 api_bestnames:
   username: test_bestnames
-  password: testtest
+  plain_text_password: testtest
   type: ApiUser
   registrar: bestnames
   active: true
@@ -9,7 +9,7 @@ api_bestnames:
 
 api_goodnames:
   username: test_goodnames
-  password: testtest
+  plain_text_password: testtest
   type: ApiUser
   registrar: goodnames
   active: true
@@ -18,6 +18,7 @@ api_goodnames:
 
 admin:
   username: test
+  encrypted_password: <%= Devise::Encryptor.digest(AdminUser, 'testtest') %>
   type: AdminUser
   country_code: US
   roles:

test/integration/epp/login/password_change_test.rb

@@ -0,0 +1,33 @@
+require 'test_helper'
+
+class EppLoginPasswordChangeTest < ActionDispatch::IntegrationTest
+  def test_password_change
+    request_xml = <<-XML
+      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
+        <command>
+          <login>
+            <clID>test_bestnames</clID>
+            <pw>testtest</pw>
+            <newPW>new-password</newPW>
+            <options>
+              <version>1.0</version>
+              <lang>en</lang>
+            </options>
+            <svcs>
+              <objURI>https://epp.tld.ee/schema/domain-eis-1.0.xsd</objURI>
+              <objURI>https://epp.tld.ee/schema/contact-ee-1.1.xsd</objURI>
+              <objURI>urn:ietf:params:xml:ns:host-1.0</objURI>
+              <objURI>urn:ietf:params:xml:ns:keyrelay-1.0</objURI>
+            </svcs>
+          </login>
+        </command>
+      </epp>
+    XML
+
+    post '/epp/session/login', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=new_session_id' }
+    assert_equal 'new-password', users(:api_bestnames).plain_text_password
+    assert_equal '1000', Nokogiri::XML(response.body).at_css('result')[:code]
+    assert_equal 1, Nokogiri::XML(response.body).css('result').size
+  end
+end

test/models/domain/force_delete_test.rb

@@ -0,0 +1,117 @@
+require 'test_helper'
+
+class DomainForceDeleteTest < ActiveSupport::TestCase
+  def setup
+    @domain = domains(:shop)
+  end
+
+  def test_schedule_force_delete
+    @original_redemption_grace_period = Setting.redemption_grace_period
+    Setting.redemption_grace_period = 30
+    travel_to Time.zone.parse('2010-07-05 00:00')
+
+    @domain.schedule_force_delete
+    @domain.reload
+
+    assert @domain.force_delete_scheduled?
+    assert_equal Time.zone.parse('2010-08-04 03:00'), @domain.force_delete_at
+
+    travel_back
+    Setting.redemption_grace_period = @original_redemption_grace_period
+  end
+
+  def test_scheduling_force_delete_adds_corresponding_statuses
+    statuses_to_be_added = [
+      DomainStatus::FORCE_DELETE,
+      DomainStatus::SERVER_RENEW_PROHIBITED,
+      DomainStatus::SERVER_TRANSFER_PROHIBITED,
+      DomainStatus::SERVER_UPDATE_PROHIBITED,
+      DomainStatus::PENDING_DELETE,
+    ]
+
+    @domain.schedule_force_delete
+    @domain.reload
+    assert (@domain.statuses & statuses_to_be_added) == statuses_to_be_added
+  end
+
+  def test_scheduling_force_delete_allows_domain_deletion
+    statuses_to_be_removed = [
+      DomainStatus::CLIENT_DELETE_PROHIBITED,
+      DomainStatus::SERVER_DELETE_PROHIBITED,
+    ]
+
+    @domain.statuses = statuses_to_be_removed + %w[other-status]
+    @domain.schedule_force_delete
+    @domain.reload
+    assert_empty @domain.statuses & statuses_to_be_removed
+  end
+
+  def test_scheduling_force_delete_stops_pending_actions
+    statuses_to_be_removed = [
+      DomainStatus::PENDING_UPDATE,
+      DomainStatus::PENDING_TRANSFER,
+      DomainStatus::PENDING_RENEW,
+      DomainStatus::PENDING_CREATE,
+    ]
+
+    @domain.statuses = statuses_to_be_removed + %w[other-status]
+    @domain.schedule_force_delete
+    @domain.reload
+    assert_empty @domain.statuses & statuses_to_be_removed, 'Pending actions should be stopped'
+  end
+
+  def test_scheduling_force_delete_preserves_current_statuses
+    @domain.statuses = %w[test1 test2]
+    @domain.schedule_force_delete
+    @domain.reload
+    assert_equal %w[test1 test2], @domain.statuses_before_force_delete
+  end
+
+  def test_scheduling_force_delete_bypasses_validation
+    @domain = domains(:invalid)
+    @domain.schedule_force_delete
+    assert @domain.force_delete_scheduled?
+  end
+
+  def test_force_delete_cannot_be_scheduled_when_a_domain_is_discarded
+    @domain.discard
+    assert_raises StandardError do
+      @domain.schedule_force_delete
+    end
+  end
+
+  def test_cancelling_force_delete_bypasses_validation
+    @domain = domains(:invalid)
+    @domain.schedule_force_delete
+    @domain.cancel_force_delete
+    assert_not @domain.force_delete_scheduled?
+  end
+
+  def test_cancelling_force_delete_removes_statuses_that_were_set_on_force_delete
+    statuses = [
+      DomainStatus::FORCE_DELETE,
+      DomainStatus::SERVER_RENEW_PROHIBITED,
+      DomainStatus::SERVER_TRANSFER_PROHIBITED,
+      DomainStatus::SERVER_UPDATE_PROHIBITED,
+      DomainStatus::PENDING_DELETE,
+      DomainStatus::SERVER_MANUAL_INZONE
+    ]
+    @domain.statuses = @domain.statuses + statuses
+    @domain.schedule_force_delete
+
+    @domain.cancel_force_delete
+    @domain.reload
+
+    assert_empty @domain.statuses & statuses
+  end
+
+  def test_cancelling_force_delete_restores_statuses_that_a_domain_had_before_force_delete
+    @domain.statuses_before_force_delete = ['test1', DomainStatus::DELETE_CANDIDATE]
+
+    @domain.cancel_force_delete
+    @domain.reload
+
+    assert_equal ['test1', DomainStatus::DELETE_CANDIDATE], @domain.statuses
+    assert_nil @domain.statuses_before_force_delete
+  end
+end

test/system/admin_area/api_users/new_test.rb

@@ -0,0 +1,25 @@
+require 'test_helper'
+
+class AdminAreaNewApiUserTest < ApplicationSystemTestCase
+  setup do
+    sign_in users(:admin)
+  end
+
+  def test_new_api_user_creation_with_required_params
+    visit admin_api_users_url
+    click_link_or_button 'New API user'
+
+    fill_in 'Username', with: 'newtest'
+    fill_in 'Password', with: 'testtest'
+    find('#api_user_registrar_id', visible: false).set(registrars(:bestnames).id)
+
+    assert_difference 'ApiUser.count' do
+      click_link_or_button 'Save'
+    end
+
+    assert_current_path admin_api_user_path(ApiUser.last)
+    assert_text 'Record created'
+    assert_text 'Username newtest'
+    assert_text 'Password testtest'
+  end
+end

test/system/admin_area/domains/force_delete_test.rb

@@ -44,8 +44,7 @@ class AdminAreaDomainForceDeleteTest < ApplicationSystemTestCase
   end
 
   def test_cancels_scheduled_domain_force_delete
-    @domain.update_attribute(:statuses, [DomainStatus::FORCE_DELETE])
-    assert @domain.force_delete_scheduled?
+    @domain.schedule_force_delete
 
     visit edit_admin_domain_url(@domain)
     click_link_or_button 'Cancel force delete'
@@ -55,4 +54,12 @@ class AdminAreaDomainForceDeleteTest < ApplicationSystemTestCase
     assert_current_path edit_admin_domain_path(@domain)
     assert_text 'Force delete procedure has been cancelled'
   end
-end
+
+  def test_force_delete_procedure_cannot_be_scheduled_on_a_discarded_domain
+    @domain.discard
+
+    visit edit_admin_domain_url(@domain)
+    assert_no_button 'Schedule force delete'
+    assert_no_link 'Schedule force delete'
+  end
+end

test/system/admin_area/protected_area_test.rb

@@ -0,0 +1,22 @@
+require 'test_helper'
+
+class AdminAreaProtectedAreaTest < ApplicationSystemTestCase
+  def test_anonymous_user_is_asked_to_authenticate_when_navigating_to_protected_area
+    visit admin_domains_url
+    assert_text 'You need to sign in before continuing'
+    assert_current_path new_admin_user_session_path
+  end
+
+  def test_authenticated_user_can_access_protected_area
+    sign_in users(:admin)
+    visit admin_domains_url
+    assert_current_path admin_domains_path
+  end
+
+  def test_authenticated_user_is_not_asked_to_authenticate_again
+    sign_in users(:admin)
+    visit new_admin_user_session_url
+    assert_text 'You are already signed in'
+    assert_current_path admin_domains_path
+  end
+end

test/system/admin_area/sign_in_test.rb

@@ -0,0 +1,44 @@
+require 'test_helper'
+
+class AdminAreaSignInTest < ApplicationSystemTestCase
+  setup do
+    @user = users(:admin)
+  end
+
+  def test_correct_username_and_password
+    visit new_admin_user_session_url
+    fill_in 'admin_user_username', with: @user.username
+    fill_in 'admin_user_password', with: 'testtest'
+    click_button 'Sign in'
+
+    assert_text 'Signed in successfully'
+    assert_current_path admin_domains_path
+  end
+
+  def test_wrong_password
+    visit new_admin_user_session_url
+    fill_in 'admin_user_username', with: @user.username
+    fill_in 'admin_user_password', with: 'wrong'
+    click_button 'Sign in'
+
+    assert_text 'Invalid Username or password'
+    assert_current_path new_admin_user_session_path
+  end
+
+  def test_retry_with_correct_username_and_password
+    visit new_admin_user_session_url
+    fill_in 'admin_user_username', with: @user.username
+    fill_in 'admin_user_password', with: 'wrong'
+    click_button 'Sign in'
+
+    assert_text 'Invalid Username or password'
+    assert_current_path new_admin_user_session_path
+
+    fill_in 'admin_user_username', with: @user.username
+    fill_in 'admin_user_password', with: 'testtest'
+    click_button 'Sign in'
+
+    assert_text 'Signed in successfully'
+    assert_current_path admin_domains_path
+  end
+end

test/system/admin_area/sign_out_test.rb

@@ -0,0 +1,15 @@
+require 'test_helper'
+
+class AdminAreaSignOutTest < ApplicationSystemTestCase
+  setup do
+    sign_in users(:admin)
+  end
+
+  def test_logout
+    visit admin_root_url
+    click_on 'Sign out'
+
+    assert_text 'Signed out successfully'
+    assert_current_path new_admin_user_session_path
+  end
+end

test/system/registrar_area/protected_area_test.rb

@@ -0,0 +1,25 @@
+require 'test_helper'
+
+class RegistrarAreaProtectedAreaTest < ApplicationSystemTestCase
+  def test_anonymous_user_is_asked_to_authenticate_when_navigating_to_protected_area
+    visit registrar_domains_url
+    assert_text 'You need to sign in before continuing'
+    assert_current_path new_registrar_user_session_path
+  end
+
+  def test_authenticated_user_can_access_protected_area
+    sign_in users(:api_bestnames)
+    visit registrar_domains_url
+
+    assert_no_text 'You need to sign in before continuing'
+    assert_current_path registrar_domains_path
+  end
+
+  def test_authenticated_user_is_not_asked_to_authenticate_again
+    sign_in users(:api_bestnames)
+    visit new_registrar_user_session_url
+
+    assert_text 'You are already signed in'
+    assert_current_path registrar_root_path
+  end
+end

test/system/registrar_area/sign_in/mobile_id_test.rb

@@ -1,6 +1,6 @@
 require 'test_helper'
 
-class RegistrarAreaSignInTest < JavaScriptApplicationSystemTestCase
+class RegistrarAreaMobileIDSignInTest < JavaScriptApplicationSystemTestCase
   def setup
     super
     WebMock.allow_net_connect!
@@ -10,7 +10,7 @@ class RegistrarAreaSignInTest < JavaScriptApplicationSystemTestCase
     @user.save
   end
 
-  def test_mobile_id_sign_in_page
+  def test_valid_phone_number
     mock_client = Minitest::Mock.new
     mock_client.expect(:authenticate,
                        OpenStruct.new(user_id_code: '1234', challenge_id: '1234'),
@@ -20,7 +20,7 @@ class RegistrarAreaSignInTest < JavaScriptApplicationSystemTestCase
     mock_client.expect(:session_code, 1234)
 
     Digidoc::Client.stub(:new, mock_client) do
-      visit registrar_login_path
+      visit new_registrar_user_session_path
 
       click_on 'login-with-mobile-id-btn'
 

test/system/registrar_area/sign_in/password_test.rb

@@ -0,0 +1,52 @@
+require 'test_helper'
+
+class RegistrarAreaPasswordSignInTest < ApplicationSystemTestCase
+  setup do
+    @user = users(:api_bestnames)
+  end
+
+  def test_correct_username_and_password
+    login_with_correct_credentials
+    assert_text 'Log out'
+    assert_current_path registrar_root_path
+  end
+
+  def test_after_successful_sign_in_super_user_sees_service_message_list
+    @user.update!(roles: [ApiUser::SUPER])
+    login_with_correct_credentials
+    assert_current_path registrar_root_path
+  end
+
+  def test_after_successful_sign_in_billing_user_sees_profile
+    @user.update!(roles: [ApiUser::BILLING])
+    login_with_correct_credentials
+    assert_current_path registrar_profile_path
+  end
+
+  def test_wrong_password
+    visit new_registrar_user_session_url
+    fill_in 'registrar_user_username', with: @user.username
+    fill_in 'registrar_user_password', with: 'wrong'
+    click_button 'Login'
+
+    assert_text 'No such user'
+    assert_current_path new_registrar_user_session_path
+  end
+
+  def test_inactive_user
+    @user.update!(active: false)
+    login_with_correct_credentials
+
+    assert_text 'User is not active'
+    assert_current_path new_registrar_user_session_path
+  end
+
+  private
+
+  def login_with_correct_credentials
+    visit new_registrar_user_session_url
+    fill_in 'registrar_user_username', with: @user.username
+    fill_in 'registrar_user_password', with: 'testtest'
+    click_button 'Login'
+  end
+end

test/system/registrar_area/sign_out_test.rb

@@ -0,0 +1,15 @@
+require 'test_helper'
+
+class RegistrarAreaSignOutTest < ApplicationSystemTestCase
+  setup do
+    sign_in users(:api_bestnames)
+  end
+
+  def test_logout
+    visit registrar_root_url
+    click_on 'Log out'
+
+    assert_text 'Signed out successfully'
+    assert_current_path new_registrar_user_session_path
+  end
+end