test: copy system tests from starter kit

.github/workflows/ci.yml

@@ -46,6 +46,7 @@ jobs:
       - name: Run tests
         env:
           RAILS_ENV: test
+          CI: true
           # REDIS_URL: redis://localhost:6379/0
         run: bin/rails test
 

Gemfile

@@ -21,13 +21,19 @@ group :development, :test do
 
   # Omakase Ruby styling [https://github.com/rails/rubocop-rails-omakase/]
   gem "rubocop-rails-omakase", require: false
-  gem "rails-controller-testing"
 
   # gem "standard", require: false
   # gem "erb_lint", require: false
   # gem "letter_opener_web", "~> 2.0"
   gem "factory_bot", "~> 6.4.3"
   # gem "rails-controller-testing"
-  gem "faker"
+end
+
+group :test do
+  # Use system testing [https://guides.rubyonrails.org/testing.html#system-testing]
+  gem "capybara"
+  gem "selenium-webdriver"
   gem "simplecov", require: false
+  gem "faker"
+  gem "rails-controller-testing"
 end

app/views/kiqr/sessions/_social_buttons.html.erb

@@ -0,0 +1,7 @@
+<section id="social-auth-buttons">
+  <% if Rails.env.development? || Rails.env.test? %>
+    <%= button_to '/auth/developer', data: { turbo: false } do %>
+      <%= t(".buttons.developer") %>
+    <% end %>
+  <% end %>
+</section>

app/views/kiqr/sessions/new.html.erb

@@ -3,8 +3,7 @@
 <h1><%= t(".title", app_name: Kiqr.config.app_name) %></h1>
 <h2><%= t(".description") %></h2>
 
-
-<%#= render "partials/social_accounts_login" %>
+<%= render partial: "social_buttons" %>
 
 <%= form_with model: resource, url: session_path(resource_name), local: true do |f| %>
   <div class="field">

test/application_system_test_case.rb

@@ -0,0 +1,5 @@
+require "test_helper"
+
+class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
+  driven_by :selenium, using: (ENV["CI"] ? :headless_chrome : :chrome), screen_size: [ 1400, 1400 ]
+end

test/factories/omniauth_identities.rb

@@ -0,0 +1,7 @@
+FactoryBot.define do
+  factory :omniauth_identity do
+    user { create(:user) }
+    provider { "developer" }
+    sequence(:provider_uid) { |n| "external-#{n}@example.com" }
+  end
+end

test/kiqr_test.rb

@@ -4,4 +4,18 @@ class KiqrTest < ActiveSupport::TestCase
   test "it has a version number" do
     assert Kiqr::VERSION
   end
+
+  test "should set default_url_options to localhost:3000 in test environment" do
+    assert_equal Kiqr.default_url_options, { host: "localhost", port: 3000, protocol: "http" }
+  end
+
+  test "it can override default_url_options with ENV['BASE_URL']" do
+    ENV["BASE_URL"] = "https://example.com"
+    assert_equal Kiqr.default_url_options, { host: "example.com", protocol: "https" }
+    ENV["BASE_URL"] = nil
+  end
+
+  test "ActionMailer's default_url_option is set by default_url_options" do
+    assert_equal Rails.configuration.action_mailer.default_url_options, Kiqr.default_url_options
+  end
 end

test/system/accounts/accounts_test.rb

@@ -0,0 +1,40 @@
+require "application_system_test_case"
+
+class EditAccountsTest < ApplicationSystemTestCase
+  test "can edit team account" do
+    user = create(:user)
+    team_account = create(:account, name: "Team account")
+    team_account.account_users << AccountUser.create(user: user, owner: true)
+
+    sign_in(user)
+    visit edit_account_path(account_id: team_account)
+
+    # Fill the team account form
+    fill_in "account[name]", with: "Foozoo free thinkers"
+
+    click_on "commit"
+    assert_text I18n.t("kiqr.flash_messages.account_updated")
+
+    team_account.reload
+    assert_equal "Foozoo free thinkers", team_account.name
+  end
+
+  test "can create team account" do
+    user = create(:user)
+
+    sign_in(user)
+    visit new_account_path
+    assert_selector("input[name='account[name]']")
+
+    # Fill the team account form
+    fill_in "account[name]", with: "Foobar code warriors"
+
+    click_on "commit"
+    assert_text I18n.t("kiqr.flash_messages.account_created")
+
+    account = user.reload.accounts.last
+    assert_equal "Foobar code warriors", account.name
+    assert account.account_users.find_by(user: user).owner?
+    assert_current_path dashboard_path(account_id: account)
+  end
+end

test/system/signin_test.rb

@@ -0,0 +1,63 @@
+require "application_system_test_case"
+
+class SigninTest < ApplicationSystemTestCase
+  test "signs in with a verified user" do
+    user = create(:user)
+
+    visit new_user_session_path
+    fill_in "user[email]", with: user.email
+    fill_in "user[password]", with: user.password
+    click_on "commit"
+
+    assert_current_path dashboard_path
+  end
+
+  test "select account after sign in if user has teams" do
+    user = create(:user)
+    account = create(:account, name: "Team account")
+    account.account_users << AccountUser.create(user:, owner: true)
+
+    visit new_user_session_path
+    fill_in "user[email]", with: user.email
+    fill_in "user[password]", with: user.password
+    click_on "commit"
+
+    assert_current_path select_account_path
+  end
+
+  test "signs in with otp code" do
+    user = create(:user, :otp_enabled)
+
+    visit new_user_session_path
+    fill_in "user[email]", with: user.email
+    fill_in "user[password]", with: user.password
+    click_on "commit"
+
+    fill_in "user[otp_attempt]", with: user.current_otp
+    click_on "commit"
+
+    assert_current_path dashboard_path
+  end
+
+  test "displays unconfirmed email message" do
+    unconfirmed_user = create(:user, :unconfirmed)
+
+    visit new_user_session_path
+    fill_in "user[email]", with: unconfirmed_user.email
+    fill_in "user[password]", with: unconfirmed_user.password
+    click_on "commit"
+
+    assert_text I18n.t("devise.failure.unconfirmed")
+  end
+
+  test "displays invalid password message" do
+    user = create(:user)
+
+    visit new_user_session_path
+    fill_in "user[email]", with: user.email
+    fill_in "user[password]", with: "invalid"
+    click_on "commit"
+
+    assert_text I18n.t("devise.failure.invalid", authentication_keys: "Email")
+  end
+end

test/system/users/cancellation_test.rb

@@ -0,0 +1,28 @@
+require "application_system_test_case"
+
+class EditAccountsTest < ApplicationSystemTestCase
+  test "can delete a fresh user" do
+    user = create(:user)
+    sign_in(user)
+    visit cancel_user_registration_path
+    # accept_confirm { click_on "commit" }
+
+    assert_text I18n.t("devise.registrations.destroyed")
+    assert_nil User.find_by_id(user.id)
+  end
+
+  test "don't show delete button if user is an owner of a team" do
+    user = create(:user)
+    team_account = create(:account, name: "Team account")
+    team_account.account_users << AccountUser.create(user: user, owner: true)
+
+    sign_in(user)
+    visit cancel_user_registration_path
+
+    assert_no_selector("button[name='commit']")
+  end
+
+  test "can't delete a user if theres an active subscription on their personal account" do
+    skip("https://github.com/kiqr/kiqr/issues/1")
+  end
+end

test/system/users/omniauth_authentication_test.rb

@@ -0,0 +1,39 @@
+require "application_system_test_case"
+
+class OmniauthAuthenticationTest < ApplicationSystemTestCase
+  test "creates account if an account with the email does not exist" do
+    visit new_user_session_path
+    click_on I18n.t("partials.social_accounts_login.buttons.developer")
+
+    assert_current_path "/auth/developer"
+
+    fill_in "name", with: "John Doe"
+    fill_in "email", with: "[email protected]"
+
+    click_on "Sign In"
+
+    assert User.find_by(email: "[email protected]").present?
+  end
+
+  test "shows message if account with the current email already exist" do
+    user = create(:user)
+    visit new_user_session_path
+    click_on I18n.t("partials.social_accounts_login.buttons.developer")
+    fill_in "name", with: "John Doe"
+    fill_in "email", with: user.email
+    click_on "Sign In"
+
+    assert_text I18n.t("kiqr.flash_messages.omniauth_email_taken", provider: "developer")
+  end
+
+  test "can login with an already existing connection" do
+    omniauth_identity = create(:omniauth_identity)
+    visit new_user_session_path
+    click_on I18n.t("partials.social_accounts_login.buttons.developer")
+    fill_in "name", with: "John Doe"
+    fill_in "email", with: omniauth_identity.provider_uid
+    click_on "Sign In"
+
+    assert_current_path dashboard_path
+  end
+end

test/system/users/onboarding_test.rb

@@ -0,0 +1,38 @@
+require "application_system_test_case"
+
+class OnboardingTest < ApplicationSystemTestCase
+  test "full onboarding process with personal account setup" do
+    visit new_user_registration_path
+
+    fill_in "user[email]", with: "[email protected]"
+    fill_in "user[password]", with: "th1s1sp@ssw0rd"
+    fill_in "user[password_confirmation]", with: "th1s1sp@ssw0rd"
+    click_on "commit"
+
+    # It should show a message that the user has signed up but is unconfirmed.
+    assert_text I18n.t("devise.registrations.signed_up_but_unconfirmed")
+
+    # This is a hack to confirm the email for the user
+    user = User.find_by(email: "[email protected]")
+    user.update(confirmed_at: Time.now)
+
+    # Login in with the newly created user
+    visit new_user_session_path
+
+    fill_in "user[email]", with: "[email protected]"
+    fill_in "user[password]", with: "th1s1sp@ssw0rd"
+    click_on "commit"
+
+    # Should be on the onboarding_path after first sign in
+    assert_current_path onboarding_path
+
+    # Fill the personal account setup form
+    fill_in "user[personal_account_attributes][name]", with: "Sven Bertilsson"
+
+    click_on "commit"
+
+    # Should be redirected to dashboard after successfully signing up.
+    assert_current_path dashboard_path
+    assert_equal "Sven Bertilsson", user.reload.personal_account.name
+  end
+end

test/system/users/settings_test.rb

@@ -0,0 +1,23 @@
+require "application_system_test_case"
+
+class SettingsTest < ApplicationSystemTestCase
+  test "can edit user and personal account" do
+    user = create(:user)
+
+    sign_in(user)
+    visit edit_settings_path
+
+    # Fill the personal account form
+    select "Swedish", from: "user[locale]"
+    fill_in "user[personal_account_attributes][name]", with: "New name"
+
+    click_on "commit"
+    assert_text I18n.t("kiqr.flash_messages.settings_updated")
+
+    user.reload
+
+    assert_current_path edit_settings_path
+    assert_equal "New name", user.personal_account.name
+    assert_equal "sv", user.locale
+  end
+end

test/system/users/two_factor_test.rb

@@ -0,0 +1,61 @@
+require "application_system_test_case"
+
+class TwoFactorTest < ApplicationSystemTestCase
+  def prepare_otp_setup(user)
+    sign_in user
+    visit edit_two_factor_path
+    assert_selector "a.button", text: I18n.t("kiqr.two_factor.show.enable.button")
+
+    pre_otp_secret = user.otp_secret
+
+    click_link I18n.t("kiqr.two_factor.show.enable.button")
+    assert_current_path setup_two_factor_path
+    assert_not user.otp_required_for_login?
+
+    # Check that a new secret was generated
+    assert_not_equal pre_otp_secret, user.reload.otp_secret
+  end
+
+  test "Can enable otp secret" do
+    user = create(:user)
+    prepare_otp_setup(user)
+
+    # Fill in code field with the correct code
+    fill_in "user[otp_attempt]", with: user.current_otp
+    click_button "commit"
+
+    assert_current_path edit_two_factor_path
+    assert user.reload.otp_required_for_login?
+    assert_text I18n.t("kiqr.two_factor.setup.success")
+  end
+
+  test "Show error message if otp code is wrong" do
+    user = create(:user)
+    prepare_otp_setup(user)
+
+    # Fill in code field with an invalid code
+    fill_in "user[otp_attempt]", with: "123456"
+    click_button "commit"
+
+    assert_current_path setup_two_factor_path
+    assert_not user.reload.otp_required_for_login?
+    assert_text I18n.t("kiqr.two_factor.setup.invalid_code")
+  end
+
+  test "refreshes qr code image on new setup" do
+    user = create(:user)
+    prepare_otp_setup(user)
+    first_image = find("#qr-code-wrapper svg")
+    prepare_otp_setup(user)
+    second_image = find("#qr-code-wrapper svg")
+
+    assert_not_equal first_image, second_image
+  end
+
+  test "shows instructions on how to disable two factor authentication" do
+    user = create(:user, :otp_enabled)
+    sign_in user
+    visit edit_two_factor_path
+    assert_selector "a.button", text: I18n.t("kiqr.two_factor.show.disable.button")
+  end
+end