diff --git a/Gemfile b/Gemfile index 7279ef129..238c4a279 100644 --- a/Gemfile +++ b/Gemfile @@ -18,12 +18,6 @@ gem "defra_ruby_template", "~> 5.0" gem "mongo_session_store" -# Use CanCanCan for user roles and permissions -gem "cancancan", "~> 3.5.0" - -# Use Devise for user authentication -gem "devise", "~> 4.9.2" - gem "matrix", "~> 0.4.2" gem "secure_headers", "~> 6.5.0" diff --git a/Gemfile.lock b/Gemfile.lock index 9423d06db..ea758e178 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -120,12 +120,10 @@ GEM async-pool (0.4.0) async (>= 1.25) base64 (0.2.0) - bcrypt (3.1.20) bindex (0.8.1) bson (4.15.0) builder (3.3.0) byebug (11.1.3) - cancancan (3.5.0) coderay (1.1.3) concurrent-ruby (1.3.4) console (1.23.2) @@ -163,12 +161,6 @@ GEM rest-client (~> 2.0) uk_postcode validates_email_format_of - devise (4.9.4) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 4.1.0) - responders - warden (~> 1.2.3) diff-lcs (1.5.0) docile (1.4.0) domain_name (0.6.20231109) @@ -274,7 +266,6 @@ GEM octokit (4.25.1) faraday (>= 1, < 3) sawyer (~> 0.9) - orm_adapter (0.5.0) os_map_ref (0.5.0) parallel (1.23.0) parser (3.2.2.4) @@ -335,9 +326,6 @@ GEM rake (13.2.1) rbtree3 (0.7.1) regexp_parser (2.8.2) - responders (3.1.1) - actionpack (>= 5.2) - railties (>= 5.2) rest-client (2.1.0) http-accept (>= 1.7.0, < 2.0) http-cookie (>= 1.0.2, < 2.0) @@ -443,8 +431,6 @@ GEM validates_email_format_of (1.7.2) i18n vcr (6.2.0) - warden (1.2.9) - rack (>= 2.0.9) web-console (4.2.1) actionview (>= 6.0.0) activemodel (>= 6.0.0) @@ -465,11 +451,9 @@ PLATFORMS ruby DEPENDENCIES - cancancan (~> 3.5.0) database_cleaner-mongoid (~> 2.0.1) defra_ruby_style (~> 0.3.0) defra_ruby_template (~> 5.0) - devise (~> 4.9.2) dotenv-rails (~> 2.8.1) factory_bot_rails (~> 6.2.0) faker (~> 3.2.0) diff --git a/README.md b/README.md index a83669c5e..43b209bca 100644 --- a/README.md +++ b/README.md @@ -22,13 +22,6 @@ Make sure you already have: - [Bundler](http://bundler.io/) – for installing Ruby gems - MongoDb 3.6 -The engine also expects these gems to be installed in the application in which it is mounted: - -- [Devise](https://github.com/plataformatec/devise/) >= 4.4.3 -- [CanCanCan](https://github.com/CanCanCommunity/cancancan) ~> 1.10 - -And for a User model to be in place. See the [dummy testing app](https://github.com/DEFRA/waste-carriers-engine/tree/master/spec/dummy) for an example of how this might be implemented. - ## Mounting the engine Add the engine to your Gemfile: diff --git a/app/controllers/waste_carriers_engine/application_controller.rb b/app/controllers/waste_carriers_engine/application_controller.rb index 04238ad84..dc609d6ba 100644 --- a/app/controllers/waste_carriers_engine/application_controller.rb +++ b/app/controllers/waste_carriers_engine/application_controller.rb @@ -23,6 +23,14 @@ class ApplicationController < ActionController::Base redirect_to page_path("system_error") end + def current_user + return unless defined?(super) + + # :nocov: + super + # :nocov: + end + protected def record_user_journey diff --git a/app/controllers/waste_carriers_engine/transient_registrations_controller.rb b/app/controllers/waste_carriers_engine/transient_registrations_controller.rb deleted file mode 100644 index cf2c9d4ef..000000000 --- a/app/controllers/waste_carriers_engine/transient_registrations_controller.rb +++ /dev/null @@ -1,18 +0,0 @@ -# frozen_string_literal: true - -module WasteCarriersEngine - class TransientRegistrationsController < ApplicationController - before_action :authenticate_user! - - def destroy - transient_registration = TransientRegistration.find_by(token: params[:token]) - redirect_path = Rails.application.routes.url_helpers.registration_path( - reg_identifier: transient_registration.reg_identifier - ) - - transient_registration.destroy! - - redirect_to redirect_path - end - end -end diff --git a/app/models/waste_carriers_engine/renewing_registration.rb b/app/models/waste_carriers_engine/renewing_registration.rb index 0fc7be8c7..1c7bb440e 100644 --- a/app/models/waste_carriers_engine/renewing_registration.rb +++ b/app/models/waste_carriers_engine/renewing_registration.rb @@ -71,7 +71,7 @@ def pending_payment? renewal_application_submitted? && super end - def prepare_for_payment(mode, user) + def prepare_for_payment(mode, user = nil) BuildRenewalFinanceDetailsService.run(transient_registration: self, payment_method: mode, user:) end diff --git a/app/services/waste_carriers_engine/base_registration_permission_checks_service.rb b/app/services/waste_carriers_engine/base_registration_permission_checks_service.rb index 02c196021..0067c6d8b 100644 --- a/app/services/waste_carriers_engine/base_registration_permission_checks_service.rb +++ b/app/services/waste_carriers_engine/base_registration_permission_checks_service.rb @@ -8,7 +8,7 @@ class BaseRegistrationPermissionChecksService < BaseService attr_reader :transient_registration, :user, :permission_check_result - def run(transient_registration:, user:) + def run(transient_registration:, user: nil) @transient_registration = transient_registration @user = user @permission_check_result = PermissionChecksResult.new diff --git a/app/services/waste_carriers_engine/flow_permission_checks_service.rb b/app/services/waste_carriers_engine/flow_permission_checks_service.rb index 9bcf3a7fc..e965f7846 100644 --- a/app/services/waste_carriers_engine/flow_permission_checks_service.rb +++ b/app/services/waste_carriers_engine/flow_permission_checks_service.rb @@ -9,7 +9,7 @@ class MissingFlowPermissionChecksService < StandardError; end attr_reader :transient_registration, :user - def run(transient_registration:, user:) + def run(transient_registration:, user: nil) @transient_registration = transient_registration @user = user diff --git a/app/services/waste_carriers_engine/govpay_payment_service.rb b/app/services/waste_carriers_engine/govpay_payment_service.rb index a45de3131..7826ff674 100644 --- a/app/services/waste_carriers_engine/govpay_payment_service.rb +++ b/app/services/waste_carriers_engine/govpay_payment_service.rb @@ -5,7 +5,7 @@ module WasteCarriersEngine class GovpayPaymentService - def initialize(transient_registration, order, current_user) + def initialize(transient_registration, order, current_user = nil) @transient_registration = transient_registration @order = order @current_user = current_user diff --git a/app/services/waste_carriers_engine/renewing_registration_permission_checks_service.rb b/app/services/waste_carriers_engine/renewing_registration_permission_checks_service.rb index de97231dd..a8e5ab639 100644 --- a/app/services/waste_carriers_engine/renewing_registration_permission_checks_service.rb +++ b/app/services/waste_carriers_engine/renewing_registration_permission_checks_service.rb @@ -10,6 +10,9 @@ def all_checks_pass? end def user_has_permission? + # user permission checks apply only to the back office + return true unless WasteCarriersEngine.configuration.host_is_back_office? + return true if transient_registration.from_magic_link return true if can?(:update, transient_registration) diff --git a/app/views/devise/mailer/email_changed.html.erb b/app/views/devise/mailer/email_changed.html.erb deleted file mode 100644 index 32f4ba803..000000000 --- a/app/views/devise/mailer/email_changed.html.erb +++ /dev/null @@ -1,7 +0,0 @@ -

Hello <%= @email %>!

- -<% if @resource.try(:unconfirmed_email?) %> -

We're contacting you to notify you that your email is being changed to <%= @resource.unconfirmed_email %>.

-<% else %> -

We're contacting you to notify you that your email has been changed to <%= @resource.email %>.

-<% end %> diff --git a/app/views/devise/mailer/password_change.html.erb b/app/views/devise/mailer/password_change.html.erb deleted file mode 100644 index b41daf476..000000000 --- a/app/views/devise/mailer/password_change.html.erb +++ /dev/null @@ -1,3 +0,0 @@ -

Hello <%= @resource.email %>!

- -

We're contacting you to notify you that your password has been changed.

diff --git a/app/views/devise/mailer/reset_password_instructions.html.erb b/app/views/devise/mailer/reset_password_instructions.html.erb deleted file mode 100644 index f2c36a706..000000000 --- a/app/views/devise/mailer/reset_password_instructions.html.erb +++ /dev/null @@ -1,8 +0,0 @@ -

Hello <%= @resource.email %>!

- -

Someone has requested a link to change your password. You can do this through the link below.

- -

<%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %>

- -

If you didn't request this, please ignore this email.

-

Your password will not change until you access the link above and create a new one.

diff --git a/app/views/devise/mailer/unlock_instructions.html.erb b/app/views/devise/mailer/unlock_instructions.html.erb deleted file mode 100644 index 41e148bf2..000000000 --- a/app/views/devise/mailer/unlock_instructions.html.erb +++ /dev/null @@ -1,7 +0,0 @@ -

Hello <%= @resource.email %>!

- -

Your account has been locked due to an excessive number of unsuccessful sign in attempts.

- -

Click the link below to unlock your account:

- -

<%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token) %>

diff --git a/app/views/devise/passwords/edit.html.erb b/app/views/devise/passwords/edit.html.erb deleted file mode 100644 index 359889bd0..000000000 --- a/app/views/devise/passwords/edit.html.erb +++ /dev/null @@ -1,45 +0,0 @@ -
-
-

- <%= t(".heading") %> -

- - <%= form_for resource, - as: resource_name, - url: password_path(resource_name), - html: { method: :put }, - builder: GOVUKDesignSystemFormBuilder::FormBuilder do |f| %> - - <%= render partial: "waste_carriers_engine/shared/error_summary", locals: { f: f } %> - - <%= f.hidden_field :reset_password_token %> - - <%= f.govuk_password_field :password, - width: "one-half", - label: { text: t(".password.label") }, - autocomplete: "off" do %> - - <%= t(".password.hint.text") %> -
    -
  • <%= t(".password.hint.list_item_1") %>
    • -
  • <%= t(".password.hint.list_item_2") %>
    • -
  • <%= t(".password.hint.list_item_3") %>
    • -
  • <%= t(".password.hint.list_item_4") %>
    • -
  • <%= t(".password.hint.list_item_5") %>
    • -
  • <%= t(".password.hint.list_item_6") %>
    • -
- - <% end %> - - <%= f.govuk_password_field :password_confirmation, - width: "one-half", - label: { text: t(".password_confirmation.label") }, - autocomplete: "off" %> - - <%= f.govuk_submit t(".submit") %> - - <% end %> - - <%= render "devise/shared/links" %> -
-
diff --git a/app/views/devise/passwords/new.html.erb b/app/views/devise/passwords/new.html.erb deleted file mode 100644 index 4cbac5791..000000000 --- a/app/views/devise/passwords/new.html.erb +++ /dev/null @@ -1,22 +0,0 @@ -<%= render("waste_carriers_engine/shared/back", back_path: new_user_session_path) %> - -
-
-

<%= t(".heading") %>

- -

<%= t(".paragraph_1") %>

- - <%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f| %> -
-
- <%= f.label :email, class: "govuk-label"%> - <%= f.email_field :email, class: "govuk-input" %> -
-
- -

<%= t(".hint_1") %>.

- - <%= f.submit t(".submit"), class: "govuk-button" %> - <% end %> -
-
diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb deleted file mode 100644 index dd3ae9a76..000000000 --- a/app/views/devise/sessions/new.html.erb +++ /dev/null @@ -1,32 +0,0 @@ -
-
-

<%= t(".heading") %>

- - <% - if flash[:alert].present? - resource.errors.add(:email, flash[:alert]) - end - %> - - <% if notice %> - - <% end %> - - <%= form_for( - resource, - as: resource_name, - url: session_path(resource_name), - builder: GOVUKDesignSystemFormBuilder::FormBuilder) do |f| %> - <%= render partial: "waste_carriers_engine/shared/error_summary", locals: { f: f } %> - - <%= f.govuk_text_field :email, autocomplete: "off", autofocus: true, width: "one-half" %> - <%= f.govuk_password_field :password, width: "one-half", autocomplete: "off" %> - - <%= f.submit t(".submit"), class: "govuk-button" %> - <% end %> - - <%= render "devise/shared/links" %> -
-
diff --git a/app/views/devise/shared/_links.html.erb b/app/views/devise/shared/_links.html.erb deleted file mode 100644 index 8aac15d84..000000000 --- a/app/views/devise/shared/_links.html.erb +++ /dev/null @@ -1,35 +0,0 @@ -
- -<% if controller_name != 'sessions' %> -

<%= link_to "Log in", new_session_path(resource_name) %>

-<% end %> - -<% if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %> -
- - <%= t(".password_reset_summary") %> - -
- <%= t(".password_reset_paragraph_1") %> <%= link_to t(".password_reset_link_text"), new_password_path(resource_name) %>. -
-
- -
- - <%= t(".unknown_email_summary") %> - -
- <%= t(".unknown_email_paragraph_1") %> -
-
-<% end %> - -<% if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %> -
- - <%= t(".locked_summary") %> -
- <%= t(".locked_paragraph_1") %> <%= link_to t(".locked_link_text"), new_unlock_path(resource_name) %>. -
-
-<% end %> diff --git a/app/views/devise/unlocks/new.html.erb b/app/views/devise/unlocks/new.html.erb deleted file mode 100644 index 42a2cee4a..000000000 --- a/app/views/devise/unlocks/new.html.erb +++ /dev/null @@ -1,22 +0,0 @@ -<%= render("waste_carriers_engine/shared/back", back_path: new_user_session_path) %> -
-
-

<%= t(".heading") %>

- -

<%= t(".paragraph_1") %>

- -

<%= t(".paragraph_2") %>

- - <%= form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f| %> -
-
- <%= f.label :email, class: "govuk-label"%> - <%= f.email_field :email, class: "govuk-input" %> -
-
-
- <%= f.submit t(".submit"), class: "govuk-button" %> -
- <% end %> -
-
diff --git a/config/locales/activemodel.en.yml b/config/locales/activemodel.en.yml new file mode 100644 index 000000000..d7078818a --- /dev/null +++ b/config/locales/activemodel.en.yml @@ -0,0 +1,15 @@ +# Additional translations at https://github.com/plataformatec/devise/wiki/I18n + +en: + activemodel: + errors: + models: + waste_carriers_engine/renewal_lookup_validatable: + already_confirmed: "Email was already confirmed, please try signing in" + confirmation_period_expired: "Email needs to be confirmed within %{period}, please request a new one" + expired: "Password reset token has expired, please request a new one" + not_found: "Password reset token not found" + not_locked: "Account was not locked" + not_saved: + one: "1 error prohibited this %{resource} from being saved:" + other: "%{count} errors prohibited this %{resource} from being saved:" diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml deleted file mode 100644 index 21578a571..000000000 --- a/config/locales/devise.en.yml +++ /dev/null @@ -1,102 +0,0 @@ -# Additional translations at https://github.com/plataformatec/devise/wiki/I18n - -en: - devise: - confirmations: - confirmed: "Your email address has been successfully confirmed." - send_instructions: "You will receive an email with instructions for how to confirm your email address in a few minutes." - send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes." - failure: - already_authenticated: "You are already signed in." - inactive: "Your account is not activated yet." - invalid: "Invalid %{authentication_keys} or password." - locked: "Your account is locked." - last_attempt: "You have one more attempt before your account is locked." - not_found_in_database: "Invalid %{authentication_keys} or password." - timeout: "Your session expired. Please sign in again to continue." - unauthenticated: "You need to sign in before continuing." - unconfirmed: "You have to confirm your email address before continuing." - mailer: - confirmation_instructions: - subject: "Confirmation instructions" - reset_password_instructions: - subject: "Reset password instructions" - unlock_instructions: - subject: "Unlock instructions" - email_changed: - subject: "Email Changed" - password_change: - subject: "Password Changed" - omniauth_callbacks: - failure: "Could not authenticate you from %{kind} because \"%{reason}\"." - success: "Successfully authenticated from %{kind} account." - passwords: - new: - heading: "Reset your password" - paragraph_1: "Enter the email address associated with your account." - hint_1: "If you don’t know the email address belonging to your account, contact our helpline on 03708 506506." - submit: "Reset password" - edit: - heading: Change your password - password: - label: "New password" - hint: - text: "It must:" - list_item_1: "have at least 14 characters" - list_item_2: "include some numbers" - list_item_3: "have a mix of lower and upper case letters" - list_item_4: "not use single dictionary words" - list_item_5: "not use simple substitutions, for example the letter 'O' for zero, the letter 'I' for one" - list_item_6: "not use obvious sequences or repeated characters; for example, '111' or 'abc'" - password_confirmation: - label: "New password confirmation" - submit: "Change my password" - no_token: "You cannot access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided." - send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes." - send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes." - updated: "Your password has been changed successfully. You are now signed in." - updated_not_active: "Your password has been changed successfully." - registrations: - destroyed: "Bye! Your account has been successfully cancelled. We hope to see you again soon." - signed_up: "Welcome! You have signed up successfully." - signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated." - signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked." - signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account." - update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirm link to confirm your new email address." - updated: "Your account has been updated successfully." - sessions: - new: - heading: "Sign in" - submit: "Sign in" - signed_in: "Signed in successfully." - signed_out: "Signed out successfully." - already_signed_out: "Signed out successfully." - shared: - links: - password_reset_summary: I've forgotten my password - password_reset_paragraph_1: You can - password_reset_link_text: reset your password - unknown_email_summary: I do not know the email address for my account - unknown_email_paragraph_1: If you don’t know the email address belonging to your account, contact our helpline on 03708 506506. - locked_summary: My account is locked - locked_paragraph_1: If you or someone else tries to sign in too many times using incorrect details, the account may be temporarily locked. - locked_link_text: Unlock your account - unlocks: - new: - heading: "Locked account" - paragraph_1: "This account may be temporarily locked for your security." - paragraph_2: "Tell us which email address was used to register and we’ll send unlock instructions." - submit: "Send unlock instructions" - send_instructions: "You will receive an email with instructions for how to unlock your account in a few minutes." - send_paranoid_instructions: "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes." - unlocked: "Your account has been unlocked successfully. Please sign in to continue." - errors: - messages: - already_confirmed: "Email was already confirmed, please try signing in" - confirmation_period_expired: "Email needs to be confirmed within %{period}, please request a new one" - expired: "Password reset token has expired, please request a new one" - not_found: "Password reset token not found" - not_locked: "Account was not locked" - not_saved: - one: "1 error prohibited this %{resource} from being saved:" - other: "%{count} errors prohibited this %{resource} from being saved:" diff --git a/config/routes.rb b/config/routes.rb index 16b0d1a86..0bb4b364b 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -7,10 +7,6 @@ path: "start", path_names: { new: "" } - get "transient-registration/:token/destroy", - to: "transient_registrations#destroy", - as: "delete_transient_registration" - scope "/:token" do # New registration flow resources :renew_registration_forms, diff --git a/spec/dummy/app/models/user.rb b/spec/dummy/app/models/user.rb deleted file mode 100644 index 2c9673353..000000000 --- a/spec/dummy/app/models/user.rb +++ /dev/null @@ -1,52 +0,0 @@ -# frozen_string_literal: true - -class User - include Mongoid::Document - - # Use the User database - store_in client: "users", collection: "users" - - devise :database_authenticatable, - :lockable, - :recoverable, - :trackable, - :validatable - - ## Confirmable - # Any user confirmation happens in the frontend app - however we need this flag to seed confirmed users - field :confirmed_at, type: DateTime - - ## Database authenticatable - field :email, type: String, default: "" - field :encrypted_password, type: String, default: "" - - ## Recoverable - field :reset_password_token, type: String - field :reset_password_sent_at, type: Time - - ## Trackable - field :sign_in_count, type: Integer, default: 0 - field :current_sign_in_at, type: Time - field :last_sign_in_at, type: Time - field :current_sign_in_ip, type: String - field :last_sign_in_ip, type: String - - # Lockable - field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts - field :unlock_token, type: String # Only if unlock strategy is :email or :both - field :locked_at, type: Time - - validates :password, presence: true, length: { in: 8..128 } - validate :password_must_have_lowercase_uppercase_and_numeric - - private - - def password_must_have_lowercase_uppercase_and_numeric - has_lowercase = (password =~ /[a-z]/) - has_uppercase = (password =~ /[A-Z]/) - has_numeric = (password =~ /[0-9]/) - return true if has_lowercase && has_uppercase && has_numeric - - errors.add(:password, I18n.t("errors.messages.weakPassword")) - end -end diff --git a/spec/dummy/config/initializers/devise.rb b/spec/dummy/config/initializers/devise.rb deleted file mode 100644 index 581225ee9..000000000 --- a/spec/dummy/config/initializers/devise.rb +++ /dev/null @@ -1,271 +0,0 @@ -# Use this hook to configure devise mailer, warden hooks and so forth. -# Many of these configuration options can be set straight in your model. -Devise.setup do |config| - # The secret key used by Devise. Devise uses this key to generate - # random tokens. Changing this key will render invalid all existing - # confirmation, reset password and unlock tokens in the database. - # Devise will use the `secret_key_base` as its `secret_key` - # by default. You can change it below and use your own secret key. - # config.secret_key = 'a04ec6d98a19eda57e8f7088e424cb94702810715afc2bf80028cdc42bf359862dc15470ec8cb71d44e476c2df15262e724595935d01aa8493c878e3b903f7bd' - - # ==> Mailer Configuration - # Configure the e-mail address which will be shown in Devise::Mailer, - # note that it will be overwritten if you use your own mailer class - # with default "from" parameter. - config.mailer_sender = '"Waste Carriers Service" ' - - # ==> ORM configuration - # Load and configure the ORM. Supports :active_record (default) and - # :mongoid (bson_ext recommended) by default. Other ORMs may be - # available as additional gems. - require 'devise/orm/mongoid' - - # ==> Configuration for any authentication mechanism - # Configure which keys are used when authenticating a user. The default is - # just :email. You can configure it to use [:username, :subdomain], so for - # authenticating a user, both parameters are required. Remember that those - # parameters are used only when authenticating and not when retrieving from - # session. If you need permissions, you should implement that in a before filter. - # You can also supply a hash where the value is a boolean determining whether - # or not authentication should be aborted when the value is not present. - # config.authentication_keys = [:email] - - # Configure parameters from the request object used for authentication. Each entry - # given should be a request method and it will automatically be passed to the - # find_for_authentication method and considered in your model lookup. For instance, - # if you set :request_keys to [:subdomain], :subdomain will be used on authentication. - # The same considerations mentioned for authentication_keys also apply to request_keys. - # config.request_keys = [] - - # Configure which authentication keys should be case-insensitive. - # These keys will be downcased upon creating or modifying a user and when used - # to authenticate or find a user. Default is :email. - config.case_insensitive_keys = [:email] - - # Configure which authentication keys should have whitespace stripped. - # These keys will have whitespace before and after removed upon creating or - # modifying a user and when used to authenticate or find a user. Default is :email. - config.strip_whitespace_keys = [:email] - - # Tell if authentication through request.params is enabled. True by default. - # It can be set to an array that will enable params authentication only for the - # given strategies, for example, `config.params_authenticatable = [:database]` will - # enable it only for database (email + password) authentication. - # config.params_authenticatable = true - - # Tell if authentication through HTTP Auth is enabled. False by default. - # It can be set to an array that will enable http authentication only for the - # given strategies, for example, `config.http_authenticatable = [:database]` will - # enable it only for database authentication. The supported strategies are: - # :database = Support basic authentication with authentication key + password - # config.http_authenticatable = false - - # If 401 status code should be returned for AJAX requests. True by default. - # config.http_authenticatable_on_xhr = true - - # The realm used in Http Basic Authentication. 'Application' by default. - # config.http_authentication_realm = 'Application' - - # It will change confirmation, password recovery and other workflows - # to behave the same regardless if the e-mail provided was right or wrong. - # Does not affect registerable. - config.paranoid = true - - # By default Devise will store the user in session. You can skip storage for - # particular strategies by setting this option. - # Notice that if you are skipping storage for all authentication paths, you - # may want to disable generating routes to Devise's sessions controller by - # passing skip: :sessions to `devise_for` in your config/routes.rb - config.skip_session_storage = [:http_auth] - - # By default, Devise cleans up the CSRF token on authentication to - # avoid CSRF token fixation attacks. This means that, when using AJAX - # requests for sign in and sign up, you need to get a new CSRF token - # from the server. You can disable this option at your own risk. - # config.clean_up_csrf_token_on_authentication = true - - # When false, Devise will not attempt to reload routes on eager load. - # This can reduce the time taken to boot the app but if your application - # requires the Devise mappings to be loaded during boot time the application - # won't boot properly. - # config.reload_routes = true - - # ==> Configuration for :database_authenticatable - # For bcrypt, this is the cost for hashing the password and defaults to 11. If - # using other algorithms, it sets how many times you want the password to be hashed. - # - # Limiting the stretches to just one in testing will increase the performance of - # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use - # a value less than 10 in other environments. Note that, for bcrypt (the default - # algorithm), the cost increases exponentially with the number of stretches (e.g. - # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation). - config.stretches = Rails.env.test? ? 1 : 10 - - # Set up a pepper to generate the hashed password. - # config.pepper = '88542cafd6aa8411a0e900eb961ba8a865d3745108d873ddecc3056d32f79299606810915d7dc71bd96422892a1d4ca6612acf2e1129eabbf45988255edb0f47' - - # Send a notification to the original email when the user's email is changed. - # config.send_email_changed_notification = false - - # Send a notification email when the user's password is changed. - # config.send_password_change_notification = false - - # ==> Configuration for :confirmable - # A period that the user is allowed to access the website even without - # confirming their account. For instance, if set to 2.days, the user will be - # able to access the website for two days without confirming their account, - # access will be blocked just in the third day. Default is 0.days, meaning - # the user cannot access the website without confirming their account. - # config.allow_unconfirmed_access_for = 2.days - - # A period that the user is allowed to confirm their account before their - # token becomes invalid. For example, if set to 3.days, the user can confirm - # their account within 3 days after the mail was sent, but on the fourth day - # their account can't be confirmed with the token any more. - # Default is nil, meaning there is no restriction on how long a user can take - # before confirming their account. - config.confirm_within = 24.hours - - # If true, requires any email changes to be confirmed (exactly the same way as - # initial account confirmation) to be applied. Requires additional unconfirmed_email - # db field (see migrations). Until confirmed, new email is stored in - # unconfirmed_email column, and copied to email column on successful confirmation. - config.reconfirmable = true - - # Defines which key will be used when confirming an account - # config.confirmation_keys = [:email] - - # ==> Configuration for :rememberable - # The time the user will be remembered without asking for credentials again. - # config.remember_for = 2.weeks - - # Invalidates all the remember me tokens when the user signs out. - config.expire_all_remember_me_on_sign_out = true - - # If true, extends the user's remember period when remembered via cookie. - # config.extend_remember_period = false - - # Options to be passed to the created cookie. For instance, you can set - # secure: true in order to force SSL only cookies. - # config.rememberable_options = {} - - # ==> Configuration for :validatable - # Range for password length. - config.password_length = 8..128 - - # Email regex used to validate email formats. It simply asserts that - # one (and only one) @ exists in the given string. This is mainly - # to give user feedback and not to assert the e-mail validity. - # config.email_regexp = /\A[^@\s]+@[^@\s]+\z/ - - # ==> Configuration for :timeoutable - # The time you want to timeout the user session without activity. After this - # time the user will be asked for credentials again. Default is 30 minutes. - # config.timeout_in = 30.minutes - - # ==> Configuration for :lockable - # Defines which strategy will be used to lock an account. - # :failed_attempts = Locks an account after a number of failed attempts to sign in. - # :none = No lock strategy. You should handle locking by yourself. - config.lock_strategy = :failed_attempts - - # Defines which key will be used when locking and unlocking an account - config.unlock_keys = [:email] - - # Defines which strategy will be used to unlock an account. - # :email = Sends an unlock link to the user email - # :time = Re-enables login after a certain amount of time (see :unlock_in below) - # :both = Enables both strategies - # :none = No unlock strategy. You should handle unlocking by yourself. - config.unlock_strategy = :both - - # Number of authentication tries before locking an account if lock_strategy - # is failed attempts. - config.maximum_attempts = 10 - - # Time interval to unlock the account if :time is enabled as unlock_strategy. - config.unlock_in = 30.minutes - - # Warn on the last attempt before the account is locked. - # config.last_attempt_warning = true - - # ==> Configuration for :recoverable - # - # Defines which key will be used when recovering the password for an account - # config.reset_password_keys = [:email] - - # Time interval you can reset your password with a reset password key. - # Don't put a too small interval or your users won't have the time to - # change their passwords. - config.reset_password_within = 6.hours - - # When set to false, does not sign a user in automatically after their password is - # reset. Defaults to true, so a user is signed in automatically after a reset. - # config.sign_in_after_reset_password = true - - # ==> Configuration for :encryptable - # Allow you to use another hashing or encryption algorithm besides bcrypt (default). - # You can use :sha1, :sha512 or algorithms from others authentication tools as - # :clearance_sha1, :authlogic_sha512 (then you should set stretches above to 20 - # for default behavior) and :restful_authentication_sha1 (then you should set - # stretches to 10, and copy REST_AUTH_SITE_KEY to pepper). - # - # Require the `devise-encryptable` gem when using anything other than bcrypt - # config.encryptor = :sha512 - - # ==> Scopes configuration - # Turn scoped views on. Before rendering "sessions/new", it will first check for - # "users/sessions/new". It's turned off by default because it's slower if you - # are using only default views. - # config.scoped_views = false - - # Configure the default scope given to Warden. By default it's the first - # devise role declared in your routes (usually :user). - # config.default_scope = :user - - # Set this configuration to false if you want /users/sign_out to sign out - # only the current scope. By default, Devise signs out all scopes. - # config.sign_out_all_scopes = true - - # ==> Navigation configuration - # Lists the formats that should be treated as navigational. Formats like - # :html, should redirect to the sign in page when the user does not have - # access, but formats like :xml or :json, should return 401. - # - # If you have any extra navigational formats, like :iphone or :mobile, you - # should add them to the navigational formats lists. - # - # The "*/*" below is required to match Internet Explorer requests. - # config.navigational_formats = ['*/*', :html] - - # The default HTTP method used to sign out a resource. Default is :delete. - config.sign_out_via = :get - - # ==> OmniAuth - # Add a new OmniAuth provider. Check the wiki for more information on setting - # up on your models and hooks. - # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo' - - # ==> Warden configuration - # If you want to use other strategies, that are not supported by Devise, or - # change the failure app, you can configure them inside the config.warden block. - # - # config.warden do |manager| - # manager.intercept_401 = false - # manager.default_strategies(scope: :user).unshift :some_external_strategy - # end - - # ==> Mountable engine configurations - # When using Devise inside an engine, let's call it `MyEngine`, and this engine - # is mountable, there are some extra configurations to be taken into account. - # The following options are available, assuming the engine is mounted as: - # - # mount MyEngine, at: '/my_engine' - # - # The router that invoked `devise_for`, in the example above, would be: - # config.router_name = :my_engine - # - # When using OmniAuth, Devise cannot automatically set OmniAuth path, - # so you need to do it manually. For the users scope, it would be: - # config.omniauth_path_prefix = '/my_engine/users/auth' -end diff --git a/spec/dummy/config/routes.rb b/spec/dummy/config/routes.rb index 962b39bbc..11a2c4ee0 100644 --- a/spec/dummy/config/routes.rb +++ b/spec/dummy/config/routes.rb @@ -1,11 +1,6 @@ Rails.application.routes.draw do mount WasteCarriersEngine::Engine => "/" - devise_for :users - devise_scope :user do - get "/users/sign_out" => "devise/sessions#destroy" - end - root "waste_carriers_engine/registrations#index" resources :registrations, diff --git a/spec/factories/renewing_registration.rb b/spec/factories/renewing_registration.rb index 86f1926d8..192416a51 100644 --- a/spec/factories/renewing_registration.rb +++ b/spec/factories/renewing_registration.rb @@ -56,7 +56,7 @@ trait :has_finance_details do after(:build, :create) do |renewing_registration| - renewing_registration.prepare_for_payment(:govpay, build(:user)) + renewing_registration.prepare_for_payment(:govpay) end end diff --git a/spec/factories/user.rb b/spec/factories/user.rb deleted file mode 100644 index 1bd8fab55..000000000 --- a/spec/factories/user.rb +++ /dev/null @@ -1,11 +0,0 @@ -# frozen_string_literal: true - -FactoryBot.define do - factory :user do - sequence :email do |n| - "user#{n}@example.com" - end - - password { "Secret123" } - end -end diff --git a/spec/models/waste_carriers_engine/conviction_sign_off_spec.rb b/spec/models/waste_carriers_engine/conviction_sign_off_spec.rb deleted file mode 100644 index 9fc899629..000000000 --- a/spec/models/waste_carriers_engine/conviction_sign_off_spec.rb +++ /dev/null @@ -1,139 +0,0 @@ -# frozen_string_literal: true - -require "rails_helper" - -module WasteCarriersEngine - RSpec.describe ConvictionSignOff do - let(:transient_registration) { build(:renewing_registration, :requires_conviction_check, :has_required_data) } - let(:conviction_sign_off) { transient_registration.conviction_sign_offs.first } - let(:user) { build(:user) } - - describe "#workflow_state" do - context "when a conviction_sign_off is created" do - it "has the workflow_state 'possible_match'" do - expect(conviction_sign_off.workflow_state).to eq("possible_match") - end - end - - context "when the conviction_sign_off workflow_state is 'possible_match'" do - let(:conviction_sign_off) { build(:conviction_sign_off, :possible_match) } - - it "can begin checks" do - expect(conviction_sign_off).to allow_event :begin_checks - end - - it "can be approved" do - expect(conviction_sign_off).to allow_event :approve - end - - it "cannot be rejected" do - expect(conviction_sign_off).not_to allow_event :reject - end - end - - context "when the conviction_sign_off workflow_state is 'checks_in_progress'" do - let(:conviction_sign_off) { build(:conviction_sign_off, :checks_in_progress) } - - it "cannot begin checks" do - expect(conviction_sign_off).not_to allow_event :begin_checks - end - - it "can be approved" do - expect(conviction_sign_off).to allow_event :approve - end - - it "can be rejected" do - expect(conviction_sign_off).to allow_event :reject - end - end - - context "when the conviction_sign_off workflow_state is 'approved'" do - let(:conviction_sign_off) { build(:conviction_sign_off, :approved) } - - it "cannot begin checks" do - expect(conviction_sign_off).not_to allow_event :begin_checks - end - - it "cannot be approved" do - expect(conviction_sign_off).not_to allow_event :approve - end - - it "cannot be rejected" do - expect(conviction_sign_off).not_to allow_event :reject - end - end - - context "when the conviction_sign_off workflow_state is 'rejected'" do - let(:conviction_sign_off) { build(:conviction_sign_off, :rejected) } - - it "cannot begin checks" do - expect(conviction_sign_off).not_to allow_event :begin_checks - end - - it "cannot be approved" do - expect(conviction_sign_off).not_to allow_event :approve - end - - it "cannot be rejected" do - expect(conviction_sign_off).not_to allow_event :reject - end - end - - context "when the approve event happens" do - before do - conviction_sign_off.approve(user) - end - - it "updates confirmed" do - expect(conviction_sign_off.confirmed).to eq("yes") - end - - it "updates confirmed_at" do - expect(conviction_sign_off.confirmed_at).to be_a(DateTime) - end - - it "updates confirmed_by" do - expect(conviction_sign_off.confirmed_by).to eq(user.email) - end - end - - context "when the reject event happens" do - before do - conviction_sign_off.workflow_state = "checks_in_progress" - end - - it "does not update confirmed" do - expect(conviction_sign_off.confirmed).to eq("no") - end - - it "updates confirmed_at" do - conviction_sign_off.reject(user) - expect(conviction_sign_off.confirmed_at).to be_a(DateTime) - end - - it "updates confirmed_by" do - conviction_sign_off.reject(user) - expect(conviction_sign_off.confirmed_by).to eq(user.email) - end - - context "when the metaData status is pending" do - before { transient_registration.metaData.status = :PENDING } - - it "updates the metaData status to refused" do - conviction_sign_off.reject(user) - expect(transient_registration.metaData.status).to eq("REFUSED") - end - end - - context "when the metaData status is not pending" do - before { transient_registration.metaData.status = :ACTIVE } - - it "updates the metaData status to revoked" do - conviction_sign_off.reject(user) - expect(transient_registration.metaData.status).to eq("REVOKED") - end - end - end - end - end -end diff --git a/spec/models/waste_carriers_engine/finance_details_spec.rb b/spec/models/waste_carriers_engine/finance_details_spec.rb index 0e72b517e..47ca40640 100644 --- a/spec/models/waste_carriers_engine/finance_details_spec.rb +++ b/spec/models/waste_carriers_engine/finance_details_spec.rb @@ -11,10 +11,9 @@ module WasteCarriersEngine end let(:transient_registration) { build(:renewing_registration, :has_required_data, temp_cards: 0) } - let(:current_user) { build(:user) } describe "new_finance_details" do - let(:finance_details) { transient_registration.prepare_for_payment(:govpay, current_user) } + let(:finance_details) { transient_registration.prepare_for_payment(:govpay) } it "includes 1 order" do expect(finance_details.orders.length).to eq(1) @@ -134,7 +133,7 @@ module WasteCarriersEngine end context "when there is an order" do - let(:finance_details) { transient_registration.prepare_for_payment(:govpay, current_user) } + let(:finance_details) { transient_registration.prepare_for_payment(:govpay) } it "has the correct balance" do finance_details.update_balance diff --git a/spec/models/waste_carriers_engine/new_registration_spec.rb b/spec/models/waste_carriers_engine/new_registration_spec.rb index d2727383b..8fc1e829f 100644 --- a/spec/models/waste_carriers_engine/new_registration_spec.rb +++ b/spec/models/waste_carriers_engine/new_registration_spec.rb @@ -6,10 +6,6 @@ module WasteCarriersEngine RSpec.describe NewRegistration do subject(:new_registration) { build(:new_registration) } - describe "scopes" do - it_behaves_like "TransientRegistration named scopes" - end - describe "#tier_known?" do subject(:new_registration) { build(:new_registration, temp_check_your_tier: temp_check_your_tier) } diff --git a/spec/models/waste_carriers_engine/order_spec.rb b/spec/models/waste_carriers_engine/order_spec.rb index eb981a8f4..d05ceca69 100644 --- a/spec/models/waste_carriers_engine/order_spec.rb +++ b/spec/models/waste_carriers_engine/order_spec.rb @@ -11,10 +11,9 @@ module WasteCarriersEngine end let(:transient_registration) { create(:renewing_registration, :has_required_data, temp_cards: 0) } - let(:current_user) { build(:user) } describe "update_after_online_payment" do - let(:finance_details) { transient_registration.prepare_for_payment(:govpay, current_user) } + let(:finance_details) { transient_registration.prepare_for_payment(:govpay) } let(:order) { finance_details.orders.first } it "updates the date_last_updated" do diff --git a/spec/models/waste_carriers_engine/payment_spec.rb b/spec/models/waste_carriers_engine/payment_spec.rb index a992d764f..a9c0cbdc7 100644 --- a/spec/models/waste_carriers_engine/payment_spec.rb +++ b/spec/models/waste_carriers_engine/payment_spec.rb @@ -5,7 +5,6 @@ module WasteCarriersEngine RSpec.describe Payment do let(:transient_registration) { build(:renewing_registration, :has_required_data) } - let(:current_user) { build(:user) } it_behaves_like "Can have payment type", resource: described_class.new @@ -90,12 +89,12 @@ module WasteCarriersEngine describe "new_from_online_payment" do before do Timecop.freeze(Time.new(2018, 1, 1)) do - transient_registration.prepare_for_payment(:govpay, current_user) + transient_registration.prepare_for_payment(:govpay) end end let(:order) { transient_registration.finance_details.orders.first } - let(:payment) { described_class.new_from_online_payment(order, current_user.email) } + let(:payment) { described_class.new_from_online_payment(order, transient_registration.contact_email) } it "sets the correct order_key" do expect(payment.order_key).to eq("1514764800") @@ -118,7 +117,7 @@ module WasteCarriersEngine end it "has the correct updated_by_user" do - expect(payment.updated_by_user).to eq(current_user.email) + expect(payment.updated_by_user).to eq(transient_registration.contact_email) end it "sets the correct comment" do @@ -129,7 +128,7 @@ module WasteCarriersEngine describe "new_from_non_online_payment" do before do Timecop.freeze(Time.new(2018, 1, 1)) do - transient_registration.prepare_for_payment(:govpay, current_user) + transient_registration.prepare_for_payment(:govpay) end end @@ -143,7 +142,7 @@ module WasteCarriersEngine date_received_year: 2018, payment_type: "BANKTRANSFER", registration_reference: "foo", - updated_by_user: current_user.email + updated_by_user: transient_registration.contact_email } end @@ -205,11 +204,11 @@ module WasteCarriersEngine describe "update_after_online_payment" do let(:order) { transient_registration.finance_details.orders.first } - let(:payment) { described_class.new_from_online_payment(order, current_user.email) } + let(:payment) { described_class.new_from_online_payment(order, transient_registration.contact_email) } before do Timecop.freeze(Time.new(2018, 3, 4)) do - transient_registration.prepare_for_payment(:govpay, current_user) + transient_registration.prepare_for_payment(:govpay) payment.update_after_online_payment({ govpay_status: Payment::STATUS_CREATED }) end end diff --git a/spec/models/waste_carriers_engine/registration_spec.rb b/spec/models/waste_carriers_engine/registration_spec.rb index f9ffd0c1c..ebab9904c 100644 --- a/spec/models/waste_carriers_engine/registration_spec.rb +++ b/spec/models/waste_carriers_engine/registration_spec.rb @@ -849,22 +849,19 @@ module WasteCarriersEngine end describe "#increment_certificate_version" do - let(:user) { create(:user) } - context "when version is already present" do let(:meta_data) { build(:metaData, certificateVersion: 1, certificateVersionHistory: [{ foo: :bar }]) } let(:registration) { create(:registration, :has_required_data, metaData: meta_data) } it "increments verson number by 1" do - registration.increment_certificate_version(user) + registration.increment_certificate_version expect(registration.metaData.certificate_version).to eq(2) end it "updates certificate_version_history" do - registration.increment_certificate_version(user) + registration.increment_certificate_version expect(registration.metaData.certificate_version_history.length).to eq 2 expect(registration.metaData.certificate_version_history.last[:version]).to eq(2) - expect(registration.metaData.certificate_version_history.last[:generated_by]).to eq(user.email) expect(registration.metaData.certificate_version_history.last[:generated_at]).to be_present end end @@ -879,15 +876,14 @@ module WasteCarriersEngine end it "keeps the version at 1" do - registration.increment_certificate_version(user) + registration.increment_certificate_version expect(registration.metaData.certificate_version).to eq(1) end it "updates certificate_version_history" do - registration.increment_certificate_version(user) + registration.increment_certificate_version expect(registration.metaData.certificate_version_history.length).to eq 1 expect(registration.metaData.certificate_version_history.last[:version]).to eq(1) - expect(registration.metaData.certificate_version_history.last[:generated_by]).to eq(user.email) expect(registration.metaData.certificate_version_history.last[:generated_at]).to be_present end end diff --git a/spec/models/waste_carriers_engine/renewing_registration_spec.rb b/spec/models/waste_carriers_engine/renewing_registration_spec.rb index fc19a0f00..04ee50288 100644 --- a/spec/models/waste_carriers_engine/renewing_registration_spec.rb +++ b/spec/models/waste_carriers_engine/renewing_registration_spec.rb @@ -8,10 +8,6 @@ module WasteCarriersEngine it_behaves_like "Can check if registration type changed" - describe "scopes" do - it_behaves_like "TransientRegistration named scopes" - end - describe "workflow_state" do context "when a RenewingRegistration is created" do diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb index 2b889fa7a..346bf7505 100644 --- a/spec/rails_helper.rb +++ b/spec/rails_helper.rb @@ -47,9 +47,6 @@ # arbitrary gems may also be filtered via: # config.filter_gems_from_backtrace("gem name") - config.include Devise::Test::IntegrationHelpers, type: :request - config.include Devise::Test::ControllerHelpers, type: :controller - config.before :each, type: :request do config.include WasteCarriersEngine::Engine.routes.url_helpers end diff --git a/spec/requests/waste_carriers_engine/confirm_bank_transfer_forms_spec.rb b/spec/requests/waste_carriers_engine/confirm_bank_transfer_forms_spec.rb index a65e813a3..a3d1226f8 100644 --- a/spec/requests/waste_carriers_engine/confirm_bank_transfer_forms_spec.rb +++ b/spec/requests/waste_carriers_engine/confirm_bank_transfer_forms_spec.rb @@ -25,7 +25,7 @@ module WasteCarriersEngine context "when the transient_registration is a new registration" do let(:transient_registration) do create(:new_registration, - contact_email: user.email, + contact_email: "bar.baz@example.com", workflow_state: "confirm_bank_transfer_form", temp_cards: 2) end @@ -39,7 +39,7 @@ module WasteCarriersEngine context "when a govpay order already exists" do before do - transient_registration.prepare_for_payment(:govpay, user) + transient_registration.prepare_for_payment(:govpay) transient_registration.finance_details.orders.first.world_pay_status = Payment::STATUS_CANCELLED end diff --git a/spec/requests/waste_carriers_engine/govpay_forms_spec.rb b/spec/requests/waste_carriers_engine/govpay_forms_spec.rb index 94b083b8f..6ba64afd3 100644 --- a/spec/requests/waste_carriers_engine/govpay_forms_spec.rb +++ b/spec/requests/waste_carriers_engine/govpay_forms_spec.rb @@ -15,268 +15,260 @@ module WasteCarriersEngine allow(Airbrake).to receive(:notify) end - context "when a valid user is signed in" do - let(:user) { create(:user) } - - before do - sign_in(user) + context "when a valid transient registration exists" do + let(:transient_registration) do + create(:renewing_registration, + :has_required_data, + :has_addresses, + :has_conviction_search_result, + :has_key_people, + workflow_state: "govpay_form", + workflow_history: ["payment_summary_form"]) end + let(:order) { transient_registration.finance_details.orders.first } + let(:token) { transient_registration[:token] } + + describe "#new" do - context "when a valid transient registration exists" do - let(:transient_registration) do - create(:renewing_registration, - :has_required_data, - :has_addresses, - :has_conviction_search_result, - :has_key_people, - workflow_state: "govpay_form", - workflow_history: ["payment_summary_form"]) + before do + stub_request(:any, /.*#{govpay_host}.*/).to_return( + status: 200, + body: File.read("./spec/fixtures/files/govpay/get_payment_response_created.json") + ) end - let(:order) { transient_registration.finance_details.orders.first } - let(:token) { transient_registration[:token] } - describe "#new" do + it "creates a new finance_details" do + get new_govpay_form_path(token) + expect(transient_registration.reload.finance_details).to be_present + end - before do - stub_request(:any, /.*#{govpay_host}.*/).to_return( - status: 200, - body: File.read("./spec/fixtures/files/govpay/get_payment_response_created.json") - ) + it "redirects to govpay" do + get new_govpay_form_path(token) + expect(response.location).to include("https://www.payments.service.gov.uk") + end + + it "populates govpay_id on the order" do + get new_govpay_form_path(token) + expect(transient_registration.reload.finance_details.orders[0].govpay_id).to be_present + end + + context "when the transient_registration is a new registration" do + let(:transient_registration) do + create(:new_registration, + :has_addresses, + contact_email: "bar.baz@example.com", + workflow_state: "govpay_form", + temp_cards: 2) end it "creates a new finance_details" do get new_govpay_form_path(token) expect(transient_registration.reload.finance_details).to be_present end + end - it "redirects to govpay" do - get new_govpay_form_path(token) - expect(response.location).to include("https://www.payments.service.gov.uk") - end + context "when there is an error setting up the govpay url" do + let(:govpay_service) { instance_double(GovpayPaymentService) } - it "populates govpay_id on the order" do - get new_govpay_form_path(token) - expect(transient_registration.reload.finance_details.orders[0].govpay_id).to be_present + before do + allow(GovpayPaymentService).to receive(:new).and_return(govpay_service) + allow(govpay_service).to receive(:prepare_for_payment).and_return(:error) end - context "when the transient_registration is a new registration" do - let(:transient_registration) do - create(:new_registration, - :has_addresses, - contact_email: user.email, - workflow_state: "govpay_form", - temp_cards: 2) - end - - it "creates a new finance_details" do - get new_govpay_form_path(token) - expect(transient_registration.reload.finance_details).to be_present - end + it "redirects to payment_summary_form" do + get new_govpay_form_path(token) + expect(response).to redirect_to(new_payment_summary_form_path(token)) end + end + end - context "when there is an error setting up the govpay url" do - let(:govpay_service) { instance_double(GovpayPaymentService) } + describe "#payment_callback" do + let(:govpay_host) { "https://publicapi.payments.service.gov.uk" } + let(:payment_service) { instance_double(GovpayPaymentService) } + let(:payment_details_service) { instance_double(GovpayPaymentDetailsService) } - before do - allow(GovpayPaymentService).to receive(:new).and_return(govpay_service) - allow(govpay_service).to receive(:prepare_for_payment).and_return(:error) - end + before do + allow(Rails.configuration).to receive(:govpay_url).and_return(govpay_host) + allow(GovpayPaymentService).to receive(:new).and_return(payment_service) + allow(payment_service).to receive(:prepare_for_payment) + allow(GovpayPaymentDetailsService).to receive(:new).and_return(payment_details_service) + allow(payment_details_service).to receive(:govpay_payment_status).and_return(govpay_status) - it "redirects to payment_summary_form" do - get new_govpay_form_path(token) - expect(response).to redirect_to(new_payment_summary_form_path(token)) - end - end + transient_registration.prepare_for_payment(:govpay) end - describe "#payment_callback" do - let(:govpay_host) { "https://publicapi.payments.service.gov.uk" } - let(:payment_service) { instance_double(GovpayPaymentService) } - let(:payment_details_service) { instance_double(GovpayPaymentDetailsService) } + context "when govpay status is success" do + let(:govpay_status) { Payment::STATUS_SUCCESS } - before do - allow(Rails.configuration).to receive(:govpay_url).and_return(govpay_host) - allow(GovpayPaymentService).to receive(:new).and_return(payment_service) - allow(payment_service).to receive(:prepare_for_payment) - allow(GovpayPaymentDetailsService).to receive(:new).and_return(payment_details_service) - allow(payment_details_service).to receive(:govpay_payment_status).and_return(govpay_status) + context "when the payment_uuid is valid and the balance is paid" do - transient_registration.prepare_for_payment(:govpay, user) - end - - context "when govpay status is success" do - let(:govpay_status) { Payment::STATUS_SUCCESS } + it "adds a new payment to the registration" do + expect { get payment_callback_govpay_forms_path(token, order.payment_uuid) } + .to change { transient_registration.reload.finance_details.payments.count }.from(0).to(1) + end - context "when the payment_uuid is valid and the balance is paid" do + it "redirects to renewal_complete_form" do + get payment_callback_govpay_forms_path(token, order.payment_uuid) - it "adds a new payment to the registration" do - expect { get payment_callback_govpay_forms_path(token, order.payment_uuid) } - .to change { transient_registration.reload.finance_details.payments.count }.from(0).to(1) - end + expect(response).to redirect_to(new_renewal_complete_form_path(token)) + end - it "redirects to renewal_complete_form" do + it "is idempotent" do + expect do get payment_callback_govpay_forms_path(token, order.payment_uuid) - - expect(response).to redirect_to(new_renewal_complete_form_path(token)) - end - - it "is idempotent" do - expect do - get payment_callback_govpay_forms_path(token, order.payment_uuid) - get payment_callback_govpay_forms_path(token, order.payment_uuid) - transient_registration.reload - end.to change { transient_registration.finance_details.payments.count }.from(0).to(1) - end - - it "does not log an error" do get payment_callback_govpay_forms_path(token, order.payment_uuid) + transient_registration.reload + end.to change { transient_registration.finance_details.payments.count }.from(0).to(1) + end - expect(Airbrake).not_to have_received(:notify) - end + it "does not log an error" do + get payment_callback_govpay_forms_path(token, order.payment_uuid) - context "when it has been flagged for conviction checks" do - before { transient_registration.conviction_sign_offs = [build(:conviction_sign_off)] } + expect(Airbrake).not_to have_received(:notify) + end - it "redirects to renewal_received_pending_conviction_form" do - get payment_callback_govpay_forms_path(token, order.payment_uuid) + context "when it has been flagged for conviction checks" do + before { transient_registration.conviction_sign_offs = [build(:conviction_sign_off)] } - expect(response).to redirect_to(new_renewal_received_pending_conviction_form_path(token)) - end + it "redirects to renewal_received_pending_conviction_form" do + get payment_callback_govpay_forms_path(token, order.payment_uuid) + + expect(response).to redirect_to(new_renewal_received_pending_conviction_form_path(token)) end end + end - context "when the payment uuid is invalid" do - before do - stub_request(:any, %r{.*#{govpay_host}/payments}).to_return( - status: 200, - body: File.read("./spec/fixtures/files/govpay/get_payment_response_not_found.json") - ) + context "when the payment uuid is invalid" do + before do + stub_request(:any, %r{.*#{govpay_host}/payments}).to_return( + status: 200, + body: File.read("./spec/fixtures/files/govpay/get_payment_response_not_found.json") + ) - get payment_callback_govpay_forms_path(token, "invalid_uuid") - end + get payment_callback_govpay_forms_path(token, "invalid_uuid") + end - it "does not create a payment" do - expect(transient_registration.reload.finance_details.payments.first).to be_nil - end + it "does not create a payment" do + expect(transient_registration.reload.finance_details.payments.first).to be_nil + end - it "redirects to payment_summary_form" do - expect(response).to redirect_to(new_payment_summary_form_path(token)) - end + it "redirects to payment_summary_form" do + expect(response).to redirect_to(new_payment_summary_form_path(token)) + end - it "notifies Airbrake" do - expect(Airbrake) - .to have_received(:notify) - .with("Invalid Govpay response: Cannot find matching order", { payment_uuid: "invalid_uuid" }) - end + it "notifies Airbrake" do + expect(Airbrake) + .to have_received(:notify) + .with("Invalid Govpay response: Cannot find matching order", { payment_uuid: "invalid_uuid" }) end end + end - context "with pending govpay statuses" do - - RSpec.shared_examples "payment is pending" do + context "with pending govpay statuses" do - context "when the payment uuid is valid" do - before do - govpay_id = SecureRandom.hex(22) - order.update!(govpay_id: govpay_id) - payment = build(:payment, amount: order.total_amount, govpay_payment_status: Payment::STATUS_CREATED, govpay_id: govpay_id) - transient_registration.finance_details.payments = [payment] - transient_registration.finance_details.save - end + RSpec.shared_examples "payment is pending" do - it "redirects to renewal_received_pending_govpay_payment_form" do - get payment_callback_govpay_forms_path(token, order.payment_uuid) - expect(response).to redirect_to(new_renewal_received_pending_govpay_payment_form_path(token)) - end + context "when the payment uuid is valid" do + before do + govpay_id = SecureRandom.hex(22) + order.update!(govpay_id: govpay_id) + payment = build(:payment, amount: order.total_amount, govpay_payment_status: Payment::STATUS_CREATED, govpay_id: govpay_id) + transient_registration.finance_details.payments = [payment] + transient_registration.finance_details.save end - context "when the payment uuid is invalid" do - it "redirects to payment_summary_form" do - get payment_callback_govpay_forms_path(token, "invalid_payment_uuid") - expect(response).to redirect_to(new_payment_summary_form_path(token)) - end + it "redirects to renewal_received_pending_govpay_payment_form" do + get payment_callback_govpay_forms_path(token, order.payment_uuid) + expect(response).to redirect_to(new_renewal_received_pending_govpay_payment_form_path(token)) end end - context "when govpay status is created" do - let(:govpay_status) { Payment::STATUS_CREATED } - - it_behaves_like "payment is pending" + context "when the payment uuid is invalid" do + it "redirects to payment_summary_form" do + get payment_callback_govpay_forms_path(token, "invalid_payment_uuid") + expect(response).to redirect_to(new_payment_summary_form_path(token)) + end end + end - context "when govpay status is submitted" do - let(:govpay_status) { Payment::STATUS_SUBMITTED } + context "when govpay status is created" do + let(:govpay_status) { Payment::STATUS_CREATED } - it_behaves_like "payment is pending" - end + it_behaves_like "payment is pending" end - context "with unsuccessful govpay statuses" do + context "when govpay status is submitted" do + let(:govpay_status) { Payment::STATUS_SUBMITTED } - RSpec.shared_examples "payment is unsuccessful but no error" do + it_behaves_like "payment is pending" + end + end - it "redirects to payment_summary_form" do - get payment_callback_govpay_forms_path(token, order.payment_uuid) + context "with unsuccessful govpay statuses" do - expect(response).to redirect_to(new_payment_summary_form_path(token)) - end + RSpec.shared_examples "payment is unsuccessful but no error" do - it "does not log an error" do - get payment_callback_govpay_forms_path(token, order.payment_uuid) + it "redirects to payment_summary_form" do + get payment_callback_govpay_forms_path(token, order.payment_uuid) - expect(Airbrake).not_to have_received(:notify) - end + expect(response).to redirect_to(new_payment_summary_form_path(token)) end - RSpec.shared_examples "payment is unsuccessful with an error" do + it "does not log an error" do + get payment_callback_govpay_forms_path(token, order.payment_uuid) - it "redirects to payment_summary_form" do - get payment_callback_govpay_forms_path(token, order.payment_uuid) + expect(Airbrake).not_to have_received(:notify) + end + end - expect(response).to redirect_to(new_payment_summary_form_path(token)) - end + RSpec.shared_examples "payment is unsuccessful with an error" do - it "logs an error" do - get payment_callback_govpay_forms_path(token, order.payment_uuid) + it "redirects to payment_summary_form" do + get payment_callback_govpay_forms_path(token, order.payment_uuid) - expect(Airbrake).to have_received(:notify).at_least(:once) - end + expect(response).to redirect_to(new_payment_summary_form_path(token)) end - context "with cancelled status" do - let(:govpay_status) { Payment::STATUS_CANCELLED } + it "logs an error" do + get payment_callback_govpay_forms_path(token, order.payment_uuid) - it_behaves_like "payment is unsuccessful but no error" + expect(Airbrake).to have_received(:notify).at_least(:once) end + end - context "with failure status" do - let(:govpay_status) { Payment::STATUS_FAILED } + context "with cancelled status" do + let(:govpay_status) { Payment::STATUS_CANCELLED } - it_behaves_like "payment is unsuccessful but no error" - end + it_behaves_like "payment is unsuccessful but no error" + end - context "with an error status" do - let(:govpay_status) { "not_found" } + context "with failure status" do + let(:govpay_status) { Payment::STATUS_FAILED } - it_behaves_like "payment is unsuccessful with an error" - end + it_behaves_like "payment is unsuccessful but no error" end - context "with an invalid success status" do - before { allow(GovpayValidatorService).to receive(:valid_govpay_status?).and_return(false) } - - let(:govpay_status) { Payment::STATUS_SUCCESS } + context "with an error status" do + let(:govpay_status) { "not_found" } it_behaves_like "payment is unsuccessful with an error" end + end - context "with an invalid failure status" do - before { allow(GovpayValidatorService).to receive(:valid_govpay_status?).and_return(false) } + context "with an invalid success status" do + before { allow(GovpayValidatorService).to receive(:valid_govpay_status?).and_return(false) } - let(:govpay_status) { Payment::STATUS_CANCELLED } + let(:govpay_status) { Payment::STATUS_SUCCESS } - it_behaves_like "payment is unsuccessful with an error" - end + it_behaves_like "payment is unsuccessful with an error" + end + + context "with an invalid failure status" do + before { allow(GovpayValidatorService).to receive(:valid_govpay_status?).and_return(false) } + + let(:govpay_status) { Payment::STATUS_CANCELLED } + + it_behaves_like "payment is unsuccessful with an error" end end end diff --git a/spec/requests/waste_carriers_engine/transient_registrations_spec.rb b/spec/requests/waste_carriers_engine/transient_registrations_spec.rb deleted file mode 100644 index 5a9bef8b6..000000000 --- a/spec/requests/waste_carriers_engine/transient_registrations_spec.rb +++ /dev/null @@ -1,103 +0,0 @@ -# frozen_string_literal: true - -require "rails_helper" - -module WasteCarriersEngine - RSpec.describe "TransientRegistration" do - describe "GET delete_transient_registration_path" do - context "when a valid user is signed in" do - let(:user) { create(:user) } - - before do - sign_in(user) - end - - context "when a valid transient registration exists" do - it "deletes the transient registration, returns a 302 status and redirects to the registration page" do - transient_registration = create(:renewing_registration, :has_required_data) - expected_count = TransientRegistration.count - 1 - redirect_path = Rails.application.routes.url_helpers.registration_path( - reg_identifier: transient_registration.reg_identifier - ) - - get delete_transient_registration_path(transient_registration[:token]) - - expect(response).to have_http_status(:found) - expect(response).to redirect_to(redirect_path) - expect(TransientRegistration.count).to eq(expected_count) - end - end - end - - context "when a valid user is not signed in" do - it "returns a 302 status and redirects to the login page" do - get delete_transient_registration_path("foo") - - expect(response).to have_http_status(:found) - expect(response).to redirect_to("/users/sign_in") - end - end - end - - describe "GET go_back_forms_path" do - context "when a valid transient registration exists" do - let(:tier) { WasteCarriersEngine::Registration::UPPER_TIER } - let(:workflow_state) { "company_name_form" } - let(:workflow_history) { %w[some_form check_registered_company_name_form] } - let(:transient_registration) do - create(:renewing_registration, - :has_required_data, - workflow_state: workflow_state, - workflow_history: workflow_history) - end - - it "returns a 302 response" do - get go_back_forms_path(transient_registration[:token]) - - expect(response).to have_http_status(:found) - end - - it "redirects to the previous form in the workflow_history" do - get go_back_forms_path(transient_registration[:token]) - - expect(response).to redirect_to(new_check_registered_company_name_form_path(transient_registration[:token])) - end - - context "when the transient registration has a partially invalid workflow history" do - let(:workflow_history) { %w[check_registered_company_name_form not_a_valid_state] } - - it "redirects to the form for the most recent valid state" do - get go_back_forms_path(transient_registration[:token]) - - expect(response).to redirect_to(new_check_registered_company_name_form_path(transient_registration[:token])) - end - end - - context "when the transient registration has a fully invalid workflow history" do - let(:workflow_history) do - [ - "", - "not_a_valid_state" - ] - end - - it "redirects to the default form" do - get go_back_forms_path(transient_registration[:token]) - - expect(response).to redirect_to(new_start_form_path(token: transient_registration[:token])) - end - end - - context "when the transient registration has no workflow history" do - let(:workflow_history) { [] } - - it "redirects to the default form" do - get go_back_forms_path(transient_registration[:token]) - - expect(response).to redirect_to(new_start_form_path(token: transient_registration[:token])) - end - end - end - end - end -end diff --git a/spec/services/waste_carriers_engine/analytics/user_journey_service_spec.rb b/spec/services/waste_carriers_engine/analytics/user_journey_service_spec.rb index 5eacb5e77..ae750bb9f 100644 --- a/spec/services/waste_carriers_engine/analytics/user_journey_service_spec.rb +++ b/spec/services/waste_carriers_engine/analytics/user_journey_service_spec.rb @@ -148,16 +148,6 @@ module Analytics it { expect(UserJourney.last.started_route).to eq "ASSISTED_DIGITAL" } it { expect(UserJourney.last.page_views.last.route).to eq "ASSISTED_DIGITAL" } end - - context "with a logged-in user" do - let(:current_user) { create(:user) } - - it "stores the current user's email address on the user journey" do - described_class.run(transient_registration:, current_user:) - - expect(UserJourney.last.user).to eq current_user.email - end - end end end end diff --git a/spec/services/waste_carriers_engine/blank_permission_check_service_spec.rb b/spec/services/waste_carriers_engine/blank_permission_check_service_spec.rb index 777afd02f..761e214f1 100644 --- a/spec/services/waste_carriers_engine/blank_permission_check_service_spec.rb +++ b/spec/services/waste_carriers_engine/blank_permission_check_service_spec.rb @@ -5,9 +5,8 @@ module WasteCarriersEngine RSpec.describe BlankPermissionCheckService do let(:transient_registration) { instance_double(TransientRegistration) } - let(:user) { instance_double(User) } let(:result) { instance_double(PermissionChecksResult) } - let(:params) { { transient_registration: transient_registration, user: user } } + let(:params) { { transient_registration: transient_registration } } describe ".run" do it "returns a valid result" do diff --git a/spec/services/waste_carriers_engine/build_new_registration_finance_details_service_spec.rb b/spec/services/waste_carriers_engine/build_new_registration_finance_details_service_spec.rb index a4c9c3556..82e63dca5 100644 --- a/spec/services/waste_carriers_engine/build_new_registration_finance_details_service_spec.rb +++ b/spec/services/waste_carriers_engine/build_new_registration_finance_details_service_spec.rb @@ -5,7 +5,7 @@ module WasteCarriersEngine RSpec.describe BuildNewRegistrationFinanceDetailsService do describe ".run" do - subject(:run_service) { described_class.run(transient_registration:, payment_method:, user: current_user) } + subject(:run_service) { described_class.run(transient_registration:, payment_method:) } let(:payment_method) { :govpay } let(:transient_registration) do @@ -19,7 +19,6 @@ module WasteCarriersEngine end let(:finance_details) { transient_registration.finance_details } let(:order) { finance_details.orders.last } - let(:current_user) { build(:user) } it_behaves_like "build finance details" diff --git a/spec/services/waste_carriers_engine/build_order_copy_cards_finance_details_service_spec.rb b/spec/services/waste_carriers_engine/build_order_copy_cards_finance_details_service_spec.rb index bfbf023a0..7773152bf 100644 --- a/spec/services/waste_carriers_engine/build_order_copy_cards_finance_details_service_spec.rb +++ b/spec/services/waste_carriers_engine/build_order_copy_cards_finance_details_service_spec.rb @@ -5,7 +5,7 @@ module WasteCarriersEngine RSpec.describe BuildOrderCopyCardsFinanceDetailsService do describe ".run" do - subject(:run_service) { described_class.run(transient_registration:, payment_method:, cards_count:, user: current_user) } + subject(:run_service) { described_class.run(transient_registration:, payment_method:, cards_count:) } let(:payment_method) { :govpay } let(:transient_registration) do @@ -18,7 +18,6 @@ module WasteCarriersEngine end let(:finance_details) { transient_registration.finance_details } let(:order) { finance_details.orders.last } - let(:current_user) { build(:user) } let(:cards_count) { 2 } before { allow(Rails.configuration).to receive(:card_charge).and_return(1_000) } diff --git a/spec/services/waste_carriers_engine/build_renewal_finance_details_service_spec.rb b/spec/services/waste_carriers_engine/build_renewal_finance_details_service_spec.rb index 0de8a558e..3ff553f3a 100644 --- a/spec/services/waste_carriers_engine/build_renewal_finance_details_service_spec.rb +++ b/spec/services/waste_carriers_engine/build_renewal_finance_details_service_spec.rb @@ -5,7 +5,7 @@ module WasteCarriersEngine RSpec.describe BuildRenewalFinanceDetailsService do describe ".run" do - subject(:run_service) { described_class.run(transient_registration:, payment_method:, user: current_user) } + subject(:run_service) { described_class.run(transient_registration:, payment_method:) } let(:payment_method) { :govpay } let(:transient_registration) do @@ -19,7 +19,6 @@ module WasteCarriersEngine end let(:finance_details) { transient_registration.finance_details } let(:order) { finance_details.orders.last } - let(:current_user) { build(:user) } let(:temp_cards) { nil } before do diff --git a/spec/services/waste_carriers_engine/certificate_generator_service_spec.rb b/spec/services/waste_carriers_engine/certificate_generator_service_spec.rb index e65aa9d6a..1ccef6a88 100644 --- a/spec/services/waste_carriers_engine/certificate_generator_service_spec.rb +++ b/spec/services/waste_carriers_engine/certificate_generator_service_spec.rb @@ -6,9 +6,8 @@ module WasteCarriersEngine RSpec.describe CertificateGeneratorService do describe "run" do let(:registration) { build(:registration, :has_required_data) } - let(:requester) { build(:user) } let(:view) { ActionController::Base.new.view_context } - let(:run_service) { described_class.run(registration: registration, requester: requester, view: view) } + let(:run_service) { described_class.run(registration: registration, view: view) } it "does not change the registration's certificate version" do expect { run_service }.not_to change { registration.metaData.certificate_version } diff --git a/spec/services/waste_carriers_engine/flow_permission_checks_service_spec.rb b/spec/services/waste_carriers_engine/flow_permission_checks_service_spec.rb index b297d733c..ea5a2e223 100644 --- a/spec/services/waste_carriers_engine/flow_permission_checks_service_spec.rb +++ b/spec/services/waste_carriers_engine/flow_permission_checks_service_spec.rb @@ -5,8 +5,7 @@ module WasteCarriersEngine RSpec.describe FlowPermissionChecksService do describe ".run" do - let(:user) { instance_double(User) } - let(:params) { { transient_registration: transient_registration, user: user } } + let(:params) { { transient_registration: transient_registration, user: nil } } let(:result) { instance_double(PermissionChecksResult) } before do diff --git a/spec/services/waste_carriers_engine/govpay_callback_service_spec.rb b/spec/services/waste_carriers_engine/govpay_callback_service_spec.rb index 02c89cd03..bf3432a54 100644 --- a/spec/services/waste_carriers_engine/govpay_callback_service_spec.rb +++ b/spec/services/waste_carriers_engine/govpay_callback_service_spec.rb @@ -17,7 +17,6 @@ module WasteCarriersEngine :has_finance_details, temp_cards: 0) end - let(:current_user) { build(:user) } let(:order) { transient_registration.finance_details.orders.first } let(:govpay_validator_service) { instance_double(GovpayValidatorService) } @@ -26,7 +25,7 @@ module WasteCarriersEngine allow(GovpayValidatorService).to receive(:new).and_return(govpay_validator_service) allow(Rails.configuration).to receive(:govpay_url).and_return(govpay_host) allow(Rails.configuration).to receive(:renewal_charge).and_return(10_500) - transient_registration.prepare_for_payment(:govpay, current_user) + transient_registration.prepare_for_payment(:govpay) order.govpay_id = "a_govpay_id" order.save! allow(govpay_payment_details_service).to receive(:govpay_payment_status).and_return(Payment::STATUS_CREATED) @@ -76,7 +75,7 @@ module WasteCarriersEngine end context "when a new order is initiated before the first one is completed" do - before { transient_registration.prepare_for_payment("card", nil) } + before { transient_registration.prepare_for_payment("card") } it { expect(govpay_callback_service.process_payment).to be true } end diff --git a/spec/services/waste_carriers_engine/govpay_payment_details_service_spec.rb b/spec/services/waste_carriers_engine/govpay_payment_details_service_spec.rb index c303fd58e..9b308e81e 100644 --- a/spec/services/waste_carriers_engine/govpay_payment_details_service_spec.rb +++ b/spec/services/waste_carriers_engine/govpay_payment_details_service_spec.rb @@ -17,14 +17,13 @@ module WasteCarriersEngine let(:payment_uuid) { valid_payment_uuid } let(:order) { transient_registration.finance_details.orders.first } let(:is_moto) { false } - let(:current_user) { build(:user) } let(:govpay_front_office_api_token) { Rails.configuration.govpay_front_office_api_token } let(:govpay_back_office_api_token) { Rails.configuration.govpay_back_office_api_token } before do allow(Rails.configuration).to receive(:renewal_charge).and_return(10_500) - transient_registration.prepare_for_payment(:govpay, current_user) + transient_registration.prepare_for_payment(:govpay) end subject(:service) { described_class.new(payment_uuid: payment_uuid, is_moto: is_moto) } diff --git a/spec/services/waste_carriers_engine/govpay_payment_service_spec.rb b/spec/services/waste_carriers_engine/govpay_payment_service_spec.rb index 600ef7684..a5c0bf64f 100644 --- a/spec/services/waste_carriers_engine/govpay_payment_service_spec.rb +++ b/spec/services/waste_carriers_engine/govpay_payment_service_spec.rb @@ -13,15 +13,14 @@ module WasteCarriersEngine :has_finance_details, temp_cards: 0) end - let(:current_user) { build(:user) } let(:order) { transient_registration.finance_details.orders.first } - let(:govpay_service) { described_class.new(transient_registration, order, current_user) } + let(:govpay_service) { described_class.new(transient_registration, order) } before do allow(Rails.configuration).to receive(:govpay_url).and_return(govpay_host) allow(Rails.configuration).to receive(:renewal_charge).and_return(10_500) - transient_registration.prepare_for_payment(:govpay, current_user) + transient_registration.prepare_for_payment(:govpay) stub_request(:any, /.*#{govpay_host}.*/).to_return( status: 200, diff --git a/spec/services/waste_carriers_engine/renewing_registration_permission_checks_service_spec.rb b/spec/services/waste_carriers_engine/renewing_registration_permission_checks_service_spec.rb index 6a44b6abd..df0aa1891 100644 --- a/spec/services/waste_carriers_engine/renewing_registration_permission_checks_service_spec.rb +++ b/spec/services/waste_carriers_engine/renewing_registration_permission_checks_service_spec.rb @@ -12,9 +12,8 @@ module WasteCarriersEngine describe ".run" do let(:transient_registration) { instance_double(RenewingRegistration, from_magic_link: false) } - let(:user) { instance_double(User) } let(:result) { instance_double(PermissionChecksResult) } - let(:params) { { transient_registration: transient_registration, user: user } } + let(:params) { { transient_registration: transient_registration } } before do allow(result).to receive(:invalid!) @@ -40,52 +39,25 @@ module WasteCarriersEngine before do allow(transient_registration).to receive(:registration).and_return(registration) - - allow(Ability).to receive(:new).with(user).and_return(ability) - allow(ability).to receive(:can?).with(:update, transient_registration).and_return(can) + allow(transient_registration).to receive(:registration).and_return(registration) + allow(transient_registration).to receive(:can_be_renewed?).and_return(renewable) end - context "when the user does not have the correct permissions" do - let(:can) { false } + context "when the transient_registration cannot be renewed" do + let(:renewable) { false } - it "returns a missing permissions result" do + it "returns an unrenewable result" do expect(described_class.run(params)).to eq(result) - expect(result).to have_received(:needs_permissions!) + expect(result).to have_received(:unrenewable!) end end - context "when the user has the correct permissions" do - let(:can) { true } - let(:registration) { instance_double(Registration) } - - before do - allow(transient_registration).to receive(:registration).and_return(registration) - allow(transient_registration).to receive(:can_be_renewed?).and_return(renewable) - end - - context "when the transient_registration cannot be renewed" do - let(:renewable) { false } - - it "returns an unrenewable result" do - expect(described_class.run(params)).to eq(result) - - expect(result).to have_received(:unrenewable!) - end - end - - context "when the transient_registration is renewable" do - let(:renewable) { true } - - context "when the transient registration is accessed through a magic link" do - let(:transient_registration) { instance_double(RenewingRegistration, from_magic_link: true) } + context "when the transient_registration is renewable" do + let(:renewable) { true } - it "returns a pass result" do - expect(described_class.run(params)).to eq(result) - - expect(result).to have_received(:pass!) - end - end + context "when the transient registration is accessed through a magic link" do + let(:transient_registration) { instance_double(RenewingRegistration, from_magic_link: true) } it "returns a pass result" do expect(described_class.run(params)).to eq(result) @@ -93,26 +65,12 @@ module WasteCarriersEngine expect(result).to have_received(:pass!) end end - end - end - - describe "temporary additional debugging" do - let(:valid) { true } - let(:registration) { create(:registration, :has_required_data) } - let(:transient_registration) do - create(:renewing_registration, reg_identifier: registration.reg_identifier, from_magic_link: false) - end - let(:user) { nil } - - before do - allow(Airbrake).to receive(:notify) - allow(FeatureToggle).to receive(:active?).with(:additional_debug_logging).and_return true - end - it "logs an error" do - described_class.run(params) + it "returns a pass result" do + expect(described_class.run(params)).to eq(result) - expect(Airbrake).to have_received(:notify) + expect(result).to have_received(:pass!) + end end end end diff --git a/spec/support/shared_examples/build_finance_details.rb b/spec/support/shared_examples/build_finance_details.rb index 9898cb34c..30111833a 100644 --- a/spec/support/shared_examples/build_finance_details.rb +++ b/spec/support/shared_examples/build_finance_details.rb @@ -26,7 +26,7 @@ module WasteCarriersEngine it "has the correct updated_by_user" do run_service - expect(order.updated_by_user).to eq(current_user.email) + expect(order.updated_by_user).to eq(transient_registration.contact_email) end it "updates the date_created" do diff --git a/spec/support/shared_examples/post_renewal_form.rb b/spec/support/shared_examples/post_renewal_form.rb index 679ee3b2b..08ff3d53f 100644 --- a/spec/support/shared_examples/post_renewal_form.rb +++ b/spec/support/shared_examples/post_renewal_form.rb @@ -13,10 +13,6 @@ let(:expected_value) { options[:expected_value] } let(:user) { create(:user) } - before do - sign_in(user) - end - context "when no transient registration is found" do it "does not create a transient registration and redirects to the invalid page" do count = WasteCarriersEngine::TransientRegistration.count diff --git a/spec/support/shared_examples/post_without_params_form.rb b/spec/support/shared_examples/post_without_params_form.rb index f1d510e94..3c011c7bc 100644 --- a/spec/support/shared_examples/post_without_params_form.rb +++ b/spec/support/shared_examples/post_without_params_form.rb @@ -7,11 +7,7 @@ # a set of valid params, a set of invalid params, and an attribute to test persistence # Default to :reg_identifier for forms which don't submit new data RSpec.shared_examples "POST without params form" do |form| - let(:user) { create(:user) } - - before do - sign_in(user) - end + let(:user) { build(:user) } context "when the token is invalid" do it "redirects to the invalid page" do diff --git a/spec/support/shared_examples/transient_registration_named_scopes.rb b/spec/support/shared_examples/transient_registration_named_scopes.rb deleted file mode 100644 index be9891abc..000000000 --- a/spec/support/shared_examples/transient_registration_named_scopes.rb +++ /dev/null @@ -1,154 +0,0 @@ -# frozen_string_literal: true - -RSpec.shared_examples "TransientRegistration named scopes" do - let(:in_progress_renewal) do - create(:renewing_registration, :has_required_data) - end - - let(:submitted_renewal) do - create(:renewing_registration, - :has_required_data, - workflow_state: :renewal_received_pending_conviction_form) - end - - let(:pending_payment_renewal) do - create(:renewing_registration, - :has_required_data, - :has_unpaid_balance, - workflow_state: :renewal_received_pending_payment_form) - end - - let(:pending_approval_renewal) do - create(:renewing_registration, - :has_required_data, - :requires_conviction_check, - workflow_state: :renewal_received_pending_conviction_form) - end - - describe "#in_progress" do - let(:scope) { WasteCarriersEngine::TransientRegistration.in_progress } - - it "returns in progress renewals when they exist" do - expect(scope).to include(in_progress_renewal) - end - - it "does not return submitted renewals" do - expect(scope).not_to include(submitted_renewal) - end - end - - describe "#submitted" do - let(:scope) { WasteCarriersEngine::TransientRegistration.submitted } - - it "returns submitted renewals" do - expect(scope).to include(submitted_renewal) - end - - it "does not return in progress renewals" do - expect(scope).not_to include(in_progress_renewal) - end - end - - describe "#pending_payment" do - let(:scope) { WasteCarriersEngine::TransientRegistration.pending_payment } - - it "returns renewals pending payment" do - expect(scope).to include(pending_payment_renewal) - end - - it "does not return others" do - expect(scope).not_to include(in_progress_renewal) - end - end - - describe "#pending_approval" do - let(:scope) { WasteCarriersEngine::TransientRegistration.pending_approval } - - it "returns renewals pending conviction approval" do - expect(scope).to include(pending_approval_renewal) - end - - it "does not return others" do - expect(scope).not_to include(in_progress_renewal) - end - end - - describe "conviction check scopes" do - let(:convictions_renewal) do - create( - :renewing_registration, - :has_required_data, - :requires_conviction_check, - workflow_state: :renewal_received_form - ) - end - - let(:convictions_possible_match_renewal) do - convictions_renewal - end - - let(:convictions_checks_in_progress_renewal) do - convictions_renewal.conviction_sign_offs.first.begin_checks! - convictions_renewal - end - - let(:convictions_approved_renewal) do - convictions_renewal.conviction_sign_offs.first.approve!(build(:user)) - convictions_renewal - end - - let(:convictions_rejected_renewal) do - convictions_renewal.conviction_sign_offs.first.begin_checks! - convictions_renewal.conviction_sign_offs.first.reject!(build(:user)) - convictions_renewal - end - - describe "#convictions_possible_match" do - let(:scope) { WasteCarriersEngine::TransientRegistration.convictions_possible_match } - - it "returns renewals where a conviction_sign_off is in the possible_match state" do - expect(scope).to include(convictions_possible_match_renewal) - end - - it "does not return others" do - expect(scope).not_to include(convictions_checks_in_progress_renewal) - end - end - - describe "#convictions_checks_in_progress" do - let(:scope) { WasteCarriersEngine::TransientRegistration.convictions_checks_in_progress } - - it "returns renewals where a conviction_sign_off is in the checks_in_progress state" do - expect(scope).to include(convictions_checks_in_progress_renewal) - end - - it "does not return others" do - expect(scope).not_to include(convictions_possible_match_renewal) - end - end - - describe "#convictions_approved" do - let(:scope) { WasteCarriersEngine::TransientRegistration.convictions_approved } - - it "returns renewals where a conviction_sign_off is in the approved state" do - expect(scope).to include(convictions_approved_renewal) - end - - it "does not return others" do - expect(scope).not_to include(convictions_possible_match_renewal) - end - end - - describe "#convictions_rejected" do - let(:scope) { WasteCarriersEngine::TransientRegistration.convictions_rejected } - - it "returns renewals where a conviction_sign_off is in the rejected state" do - expect(scope).to include(convictions_rejected_renewal) - end - - it "does not return others" do - expect(scope).not_to include(convictions_possible_match_renewal) - end - end - end -end