Require signed in user when updating registration

To prevent errors from happening

Require signed in user when updating registration
To prevent errors from happening
3ffc9384 · Alex Buijs · 28207308 · 3ffc9384 · 3ffc9384 · 3ffc9384
Commit 3ffc9384 authored Oct 15, 2020 by Alex Buijs
4 changed files
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -58,6 +58,8 @@ class RegistrationsController < Devise::RegistrationsController
  end

  def update_registration
+    return redirect_to new_user_registration_path unless current_user
+
    user_params = params.require(:user).permit(:role, :setup_for_company)
    result = ::Users::SignupService.new(current_user, user_params).execute


--- a/changelogs/unreleased/267498-failed-test-qa-specs-features-browser_ui-1_manage-login-register_s.yml
+++ b/changelogs/unreleased/267498-failed-test-qa-specs-features-browser_ui-1_manage-login-register_s.yml
+---
+title: Redirect when no user is signed in when updating registration
+merge_request: 45276
+author:
+type: fixed
--- a/ee/spec/controllers/registrations_controller_spec.rb
+++ b/ee/spec/controllers/registrations_controller_spec.rb
@@ -59,44 +59,50 @@ RSpec.describe RegistrationsController do
  end

  describe '#update_registration' do
-    before do
-      sign_in(user)
-    end
-
    subject(:update_registration) { patch :update_registration, params: { user: { role: 'software_developer', setup_for_company: 'false' } } }

-    describe 'redirection' do
-      it { is_expected.to redirect_to dashboard_projects_path }
+    context 'without a signed in user' do
+      it { is_expected.to redirect_to new_user_registration_path }
+    end

-      context 'when part of the onboarding issues experiment' do
-        before do
-          stub_experiment_for_user(onboarding_issues: true)
-        end
+    context 'with a signed in user' do
+      before do
+        sign_in(user)
+      end

-        it { is_expected.to redirect_to new_users_sign_up_group_path }
+      describe 'redirection' do
+        it { is_expected.to redirect_to dashboard_projects_path }

-        context 'when in subscription flow' do
+        context 'when part of the onboarding issues experiment' do
          before do
-            allow(controller.helpers).to receive(:in_subscription_flow?).and_return(true)
+            stub_experiment_for_user(onboarding_issues: true)
          end

-          it { is_expected.not_to redirect_to new_users_sign_up_group_path }
-        end
+          it { is_expected.to redirect_to new_users_sign_up_group_path }

-        context 'when in invitation flow' do
-          before do
-            allow(controller.helpers).to receive(:in_invitation_flow?).and_return(true)
+          context 'when in subscription flow' do
+            before do
+              allow(controller.helpers).to receive(:in_subscription_flow?).and_return(true)
+            end
+
+            it { is_expected.not_to redirect_to new_users_sign_up_group_path }
          end

-          it { is_expected.not_to redirect_to new_users_sign_up_group_path }
-        end
+          context 'when in invitation flow' do
+            before do
+              allow(controller.helpers).to receive(:in_invitation_flow?).and_return(true)
+            end

-        context 'when in trial flow' do
-          before do
-            allow(controller.helpers).to receive(:in_trial_flow?).and_return(true)
+            it { is_expected.not_to redirect_to new_users_sign_up_group_path }
          end

-          it { is_expected.not_to redirect_to new_users_sign_up_group_path }
+          context 'when in trial flow' do
+            before do
+              allow(controller.helpers).to receive(:in_trial_flow?).and_return(true)
+            end
+
+            it { is_expected.not_to redirect_to new_users_sign_up_group_path }
+          end
        end
      end
    end
@@ -113,6 +119,7 @@ RSpec.describe RegistrationsController do
      let(:in_trial_flow) { false }

      before do
+        sign_in(user)
        allow(::Gitlab).to receive(:com?).and_return(on_gitlab_com)
        stub_experiment(onboarding_issues: experiment_enabled)
        stub_experiment_for_user(onboarding_issues: experiment_enabled_for_user)

--- a/spec/controllers/registrations_controller_spec.rb
+++ b/spec/controllers/registrations_controller_spec.rb
@@ -477,10 +477,16 @@ RSpec.describe RegistrationsController do
      patch :update_registration, params: { user: { role: 'software_developer', setup_for_company: 'false' } }
    end

-    before do
-      sign_in(create(:user))
+    context 'without a signed in user' do
+      it { is_expected.to redirect_to new_user_registration_path }
    end

-    it { is_expected.to redirect_to(dashboard_projects_path)}
+    context 'with a signed in user' do
+      before do
+        sign_in(create(:user))
+      end
+
+      it { is_expected.to redirect_to(dashboard_projects_path)}
+    end
  end
 end