Refactor settings controllers (#14767)
- Disallow suspended accounts from revoking sessions and apps - Allow suspended accounts to access exports
This commit is contained in:
parent
e6b272e5c9
commit
4e4b3a0c8e
@ -5,7 +5,6 @@ module ExportControllerConcern
|
|||||||
|
|
||||||
included do
|
included do
|
||||||
before_action :authenticate_user!
|
before_action :authenticate_user!
|
||||||
before_action :require_not_suspended!
|
|
||||||
before_action :load_export
|
before_action :load_export
|
||||||
|
|
||||||
skip_before_action :require_functional!
|
skip_before_action :require_functional!
|
||||||
@ -30,8 +29,4 @@ module ExportControllerConcern
|
|||||||
def export_filename
|
def export_filename
|
||||||
"#{controller_name}.csv"
|
"#{controller_name}.csv"
|
||||||
end
|
end
|
||||||
|
|
||||||
def require_not_suspended!
|
|
||||||
forbidden if current_account.suspended?
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
@ -5,6 +5,7 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio
|
|||||||
|
|
||||||
before_action :store_current_location
|
before_action :store_current_location
|
||||||
before_action :authenticate_resource_owner!
|
before_action :authenticate_resource_owner!
|
||||||
|
before_action :require_not_suspended!, only: :destroy
|
||||||
before_action :set_body_classes
|
before_action :set_body_classes
|
||||||
|
|
||||||
skip_before_action :require_functional!
|
skip_before_action :require_functional!
|
||||||
@ -25,4 +26,8 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio
|
|||||||
def store_current_location
|
def store_current_location
|
||||||
store_location_for(:user, request.url)
|
store_location_for(:user, request.url)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def require_not_suspended!
|
||||||
|
forbidden if current_account.suspended?
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
@ -1,9 +1,9 @@
|
|||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class Settings::AliasesController < Settings::BaseController
|
class Settings::AliasesController < Settings::BaseController
|
||||||
layout 'admin'
|
skip_before_action :require_functional!
|
||||||
|
|
||||||
before_action :authenticate_user!
|
before_action :require_not_suspended!
|
||||||
before_action :set_aliases, except: :destroy
|
before_action :set_aliases, except: :destroy
|
||||||
before_action :set_alias, only: :destroy
|
before_action :set_alias, only: :destroy
|
||||||
|
|
||||||
|
@ -1,9 +1,6 @@
|
|||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class Settings::ApplicationsController < Settings::BaseController
|
class Settings::ApplicationsController < Settings::BaseController
|
||||||
layout 'admin'
|
|
||||||
|
|
||||||
before_action :authenticate_user!
|
|
||||||
before_action :set_application, only: [:show, :update, :destroy, :regenerate]
|
before_action :set_application, only: [:show, :update, :destroy, :regenerate]
|
||||||
before_action :prepare_scopes, only: [:create, :update]
|
before_action :prepare_scopes, only: [:create, :update]
|
||||||
|
|
||||||
|
@ -1,6 +1,9 @@
|
|||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class Settings::BaseController < ApplicationController
|
class Settings::BaseController < ApplicationController
|
||||||
|
layout 'admin'
|
||||||
|
|
||||||
|
before_action :authenticate_user!
|
||||||
before_action :set_body_classes
|
before_action :set_body_classes
|
||||||
before_action :set_cache_headers
|
before_action :set_cache_headers
|
||||||
|
|
||||||
@ -13,4 +16,8 @@ class Settings::BaseController < ApplicationController
|
|||||||
def set_cache_headers
|
def set_cache_headers
|
||||||
response.headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
|
response.headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def require_not_suspended!
|
||||||
|
forbidden if current_account.suspended?
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
@ -1,14 +1,11 @@
|
|||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class Settings::DeletesController < Settings::BaseController
|
class Settings::DeletesController < Settings::BaseController
|
||||||
layout 'admin'
|
|
||||||
|
|
||||||
before_action :check_enabled_deletion
|
|
||||||
before_action :authenticate_user!
|
|
||||||
before_action :require_not_suspended!
|
|
||||||
|
|
||||||
skip_before_action :require_functional!
|
skip_before_action :require_functional!
|
||||||
|
|
||||||
|
before_action :require_not_suspended!
|
||||||
|
before_action :check_enabled_deletion
|
||||||
|
|
||||||
def show
|
def show
|
||||||
@confirmation = Form::DeleteConfirmation.new
|
@confirmation = Form::DeleteConfirmation.new
|
||||||
end
|
end
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
module Settings
|
module Settings
|
||||||
module Exports
|
module Exports
|
||||||
class BlockedAccountsController < ApplicationController
|
class BlockedAccountsController < BaseController
|
||||||
include ExportControllerConcern
|
include ExportControllerConcern
|
||||||
|
|
||||||
def index
|
def index
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
module Settings
|
module Settings
|
||||||
module Exports
|
module Exports
|
||||||
class BlockedDomainsController < ApplicationController
|
class BlockedDomainsController < BaseController
|
||||||
include ExportControllerConcern
|
include ExportControllerConcern
|
||||||
|
|
||||||
def index
|
def index
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
module Settings
|
module Settings
|
||||||
module Exports
|
module Exports
|
||||||
class FollowingAccountsController < ApplicationController
|
class FollowingAccountsController < BaseController
|
||||||
include ExportControllerConcern
|
include ExportControllerConcern
|
||||||
|
|
||||||
def index
|
def index
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
module Settings
|
module Settings
|
||||||
module Exports
|
module Exports
|
||||||
class ListsController < ApplicationController
|
class ListsController < BaseController
|
||||||
include ExportControllerConcern
|
include ExportControllerConcern
|
||||||
|
|
||||||
def index
|
def index
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
module Settings
|
module Settings
|
||||||
module Exports
|
module Exports
|
||||||
class MutedAccountsController < ApplicationController
|
class MutedAccountsController < BaseController
|
||||||
include ExportControllerConcern
|
include ExportControllerConcern
|
||||||
|
|
||||||
def index
|
def index
|
||||||
|
@ -3,11 +3,6 @@
|
|||||||
class Settings::ExportsController < Settings::BaseController
|
class Settings::ExportsController < Settings::BaseController
|
||||||
include Authorization
|
include Authorization
|
||||||
|
|
||||||
layout 'admin'
|
|
||||||
|
|
||||||
before_action :authenticate_user!
|
|
||||||
before_action :require_not_suspended!
|
|
||||||
|
|
||||||
skip_before_action :require_functional!
|
skip_before_action :require_functional!
|
||||||
|
|
||||||
def show
|
def show
|
||||||
@ -16,8 +11,6 @@ class Settings::ExportsController < Settings::BaseController
|
|||||||
end
|
end
|
||||||
|
|
||||||
def create
|
def create
|
||||||
raise Mastodon::NotPermittedError unless user_signed_in?
|
|
||||||
|
|
||||||
backup = nil
|
backup = nil
|
||||||
|
|
||||||
RedisLock.acquire(lock_options) do |lock|
|
RedisLock.acquire(lock_options) do |lock|
|
||||||
@ -37,8 +30,4 @@ class Settings::ExportsController < Settings::BaseController
|
|||||||
def lock_options
|
def lock_options
|
||||||
{ redis: Redis.current, key: "backup:#{current_user.id}" }
|
{ redis: Redis.current, key: "backup:#{current_user.id}" }
|
||||||
end
|
end
|
||||||
|
|
||||||
def require_not_suspended!
|
|
||||||
forbidden if current_account.suspended?
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
@ -1,9 +1,6 @@
|
|||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class Settings::FeaturedTagsController < Settings::BaseController
|
class Settings::FeaturedTagsController < Settings::BaseController
|
||||||
layout 'admin'
|
|
||||||
|
|
||||||
before_action :authenticate_user!
|
|
||||||
before_action :set_featured_tags, only: :index
|
before_action :set_featured_tags, only: :index
|
||||||
before_action :set_featured_tag, except: [:index, :create]
|
before_action :set_featured_tag, except: [:index, :create]
|
||||||
before_action :set_recently_used_tags, only: :index
|
before_action :set_recently_used_tags, only: :index
|
||||||
|
@ -1,9 +1,6 @@
|
|||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class Settings::IdentityProofsController < Settings::BaseController
|
class Settings::IdentityProofsController < Settings::BaseController
|
||||||
layout 'admin'
|
|
||||||
|
|
||||||
before_action :authenticate_user!
|
|
||||||
before_action :check_required_params, only: :new
|
before_action :check_required_params, only: :new
|
||||||
|
|
||||||
def index
|
def index
|
||||||
|
@ -1,9 +1,6 @@
|
|||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class Settings::ImportsController < Settings::BaseController
|
class Settings::ImportsController < Settings::BaseController
|
||||||
layout 'admin'
|
|
||||||
|
|
||||||
before_action :authenticate_user!
|
|
||||||
before_action :set_account
|
before_action :set_account
|
||||||
|
|
||||||
def show
|
def show
|
||||||
|
@ -1,13 +1,10 @@
|
|||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class Settings::Migration::RedirectsController < Settings::BaseController
|
class Settings::Migration::RedirectsController < Settings::BaseController
|
||||||
layout 'admin'
|
|
||||||
|
|
||||||
before_action :authenticate_user!
|
|
||||||
before_action :require_not_suspended!
|
|
||||||
|
|
||||||
skip_before_action :require_functional!
|
skip_before_action :require_functional!
|
||||||
|
|
||||||
|
before_action :require_not_suspended!
|
||||||
|
|
||||||
def new
|
def new
|
||||||
@redirect = Form::Redirect.new
|
@redirect = Form::Redirect.new
|
||||||
end
|
end
|
||||||
@ -38,8 +35,4 @@ class Settings::Migration::RedirectsController < Settings::BaseController
|
|||||||
def resource_params
|
def resource_params
|
||||||
params.require(:form_redirect).permit(:acct, :current_password, :current_username)
|
params.require(:form_redirect).permit(:acct, :current_password, :current_username)
|
||||||
end
|
end
|
||||||
|
|
||||||
def require_not_suspended!
|
|
||||||
forbidden if current_account.suspended?
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
@ -1,15 +1,12 @@
|
|||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class Settings::MigrationsController < Settings::BaseController
|
class Settings::MigrationsController < Settings::BaseController
|
||||||
layout 'admin'
|
skip_before_action :require_functional!
|
||||||
|
|
||||||
before_action :authenticate_user!
|
|
||||||
before_action :require_not_suspended!
|
before_action :require_not_suspended!
|
||||||
before_action :set_migrations
|
before_action :set_migrations
|
||||||
before_action :set_cooldown
|
before_action :set_cooldown
|
||||||
|
|
||||||
skip_before_action :require_functional!
|
|
||||||
|
|
||||||
def show
|
def show
|
||||||
@migration = current_account.migrations.build
|
@migration = current_account.migrations.build
|
||||||
end
|
end
|
||||||
@ -44,8 +41,4 @@ class Settings::MigrationsController < Settings::BaseController
|
|||||||
def on_cooldown?
|
def on_cooldown?
|
||||||
@cooldown.present?
|
@cooldown.present?
|
||||||
end
|
end
|
||||||
|
|
||||||
def require_not_suspended!
|
|
||||||
forbidden if current_account.suspended?
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
@ -2,7 +2,6 @@
|
|||||||
|
|
||||||
module Settings
|
module Settings
|
||||||
class PicturesController < BaseController
|
class PicturesController < BaseController
|
||||||
before_action :authenticate_user!
|
|
||||||
before_action :set_account
|
before_action :set_account
|
||||||
before_action :set_picture
|
before_action :set_picture
|
||||||
|
|
||||||
|
@ -1,10 +1,6 @@
|
|||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class Settings::PreferencesController < Settings::BaseController
|
class Settings::PreferencesController < Settings::BaseController
|
||||||
layout 'admin'
|
|
||||||
|
|
||||||
before_action :authenticate_user!
|
|
||||||
|
|
||||||
def show; end
|
def show; end
|
||||||
|
|
||||||
def update
|
def update
|
||||||
|
@ -1,9 +1,6 @@
|
|||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class Settings::ProfilesController < Settings::BaseController
|
class Settings::ProfilesController < Settings::BaseController
|
||||||
layout 'admin'
|
|
||||||
|
|
||||||
before_action :authenticate_user!
|
|
||||||
before_action :set_account
|
before_action :set_account
|
||||||
|
|
||||||
def show
|
def show
|
||||||
|
@ -1,11 +1,11 @@
|
|||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class Settings::SessionsController < Settings::BaseController
|
class Settings::SessionsController < Settings::BaseController
|
||||||
before_action :authenticate_user!
|
|
||||||
before_action :set_session, only: :destroy
|
|
||||||
|
|
||||||
skip_before_action :require_functional!
|
skip_before_action :require_functional!
|
||||||
|
|
||||||
|
before_action :require_not_suspended!
|
||||||
|
before_action :set_session, only: :destroy
|
||||||
|
|
||||||
def destroy
|
def destroy
|
||||||
@session.destroy!
|
@session.destroy!
|
||||||
flash[:notice] = I18n.t('sessions.revoke_success')
|
flash[:notice] = I18n.t('sessions.revoke_success')
|
||||||
|
@ -5,14 +5,11 @@ module Settings
|
|||||||
class ConfirmationsController < BaseController
|
class ConfirmationsController < BaseController
|
||||||
include ChallengableConcern
|
include ChallengableConcern
|
||||||
|
|
||||||
layout 'admin'
|
skip_before_action :require_functional!
|
||||||
|
|
||||||
before_action :authenticate_user!
|
|
||||||
before_action :require_challenge!
|
before_action :require_challenge!
|
||||||
before_action :ensure_otp_secret
|
before_action :ensure_otp_secret
|
||||||
|
|
||||||
skip_before_action :require_functional!
|
|
||||||
|
|
||||||
def new
|
def new
|
||||||
prepare_two_factor_form
|
prepare_two_factor_form
|
||||||
end
|
end
|
||||||
|
@ -5,14 +5,11 @@ module Settings
|
|||||||
class OtpAuthenticationController < BaseController
|
class OtpAuthenticationController < BaseController
|
||||||
include ChallengableConcern
|
include ChallengableConcern
|
||||||
|
|
||||||
layout 'admin'
|
skip_before_action :require_functional!
|
||||||
|
|
||||||
before_action :authenticate_user!
|
|
||||||
before_action :verify_otp_not_enabled, only: [:show]
|
before_action :verify_otp_not_enabled, only: [:show]
|
||||||
before_action :require_challenge!, only: [:create]
|
before_action :require_challenge!, only: [:create]
|
||||||
|
|
||||||
skip_before_action :require_functional!
|
|
||||||
|
|
||||||
def show
|
def show
|
||||||
@confirmation = Form::TwoFactorConfirmation.new
|
@confirmation = Form::TwoFactorConfirmation.new
|
||||||
end
|
end
|
||||||
|
@ -5,13 +5,10 @@ module Settings
|
|||||||
class RecoveryCodesController < BaseController
|
class RecoveryCodesController < BaseController
|
||||||
include ChallengableConcern
|
include ChallengableConcern
|
||||||
|
|
||||||
layout 'admin'
|
|
||||||
|
|
||||||
before_action :authenticate_user!
|
|
||||||
before_action :require_challenge!, on: :create
|
|
||||||
|
|
||||||
skip_before_action :require_functional!
|
skip_before_action :require_functional!
|
||||||
|
|
||||||
|
before_action :require_challenge!, on: :create
|
||||||
|
|
||||||
def create
|
def create
|
||||||
@recovery_codes = current_user.generate_otp_backup_codes!
|
@recovery_codes = current_user.generate_otp_backup_codes!
|
||||||
current_user.save!
|
current_user.save!
|
||||||
|
@ -3,9 +3,8 @@
|
|||||||
module Settings
|
module Settings
|
||||||
module TwoFactorAuthentication
|
module TwoFactorAuthentication
|
||||||
class WebauthnCredentialsController < BaseController
|
class WebauthnCredentialsController < BaseController
|
||||||
layout 'admin'
|
skip_before_action :require_functional!
|
||||||
|
|
||||||
before_action :authenticate_user!
|
|
||||||
before_action :require_otp_enabled
|
before_action :require_otp_enabled
|
||||||
before_action :require_webauthn_enabled, only: [:index, :destroy]
|
before_action :require_webauthn_enabled, only: [:index, :destroy]
|
||||||
|
|
||||||
|
@ -4,14 +4,11 @@ module Settings
|
|||||||
class TwoFactorAuthenticationMethodsController < BaseController
|
class TwoFactorAuthenticationMethodsController < BaseController
|
||||||
include ChallengableConcern
|
include ChallengableConcern
|
||||||
|
|
||||||
layout 'admin'
|
skip_before_action :require_functional!
|
||||||
|
|
||||||
before_action :authenticate_user!
|
|
||||||
before_action :require_challenge!, only: :disable
|
before_action :require_challenge!, only: :disable
|
||||||
before_action :require_otp_enabled
|
before_action :require_otp_enabled
|
||||||
|
|
||||||
skip_before_action :require_functional!
|
|
||||||
|
|
||||||
def index; end
|
def index; end
|
||||||
|
|
||||||
def disable
|
def disable
|
||||||
|
@ -27,5 +27,5 @@
|
|||||||
- else
|
- else
|
||||||
%time.time-ago{ datetime: session.updated_at.iso8601, title: l(session.updated_at) }= l(session.updated_at)
|
%time.time-ago{ datetime: session.updated_at.iso8601, title: l(session.updated_at) }= l(session.updated_at)
|
||||||
%td
|
%td
|
||||||
- if current_session.session_id != session.session_id
|
- if current_session.session_id != session.session_id && !current_account.suspended?
|
||||||
= table_link_to 'times', t('sessions.revoke'), settings_session_path(session), method: :delete
|
= table_link_to 'times', t('sessions.revoke'), settings_session_path(session), method: :delete
|
||||||
|
@ -30,6 +30,7 @@
|
|||||||
|
|
||||||
= render 'sessions'
|
= render 'sessions'
|
||||||
|
|
||||||
|
- unless current_account.suspended?
|
||||||
%hr.spacer/
|
%hr.spacer/
|
||||||
|
|
||||||
%h3= t('auth.migrate_account')
|
%h3= t('auth.migrate_account')
|
||||||
@ -40,7 +41,7 @@
|
|||||||
%h3= t('migrations.incoming_migrations')
|
%h3= t('migrations.incoming_migrations')
|
||||||
%p.muted-hint= t('migrations.incoming_migrations_html', path: settings_aliases_path)
|
%p.muted-hint= t('migrations.incoming_migrations_html', path: settings_aliases_path)
|
||||||
|
|
||||||
- if open_deletion? && !current_account.suspended?
|
- if open_deletion?
|
||||||
%hr.spacer/
|
%hr.spacer/
|
||||||
|
|
||||||
%h3= t('auth.delete_account')
|
%h3= t('auth.delete_account')
|
||||||
|
@ -20,5 +20,5 @@
|
|||||||
%th!= application.scopes.map { |scope| t(scope, scope: [:doorkeeper, :scopes]) }.join(', ')
|
%th!= application.scopes.map { |scope| t(scope, scope: [:doorkeeper, :scopes]) }.join(', ')
|
||||||
%td= l application.created_at
|
%td= l application.created_at
|
||||||
%td
|
%td
|
||||||
- unless application.superapp?
|
- unless application.superapp? || current_account.suspended?
|
||||||
= table_link_to 'times', t('doorkeeper.authorized_applications.buttons.revoke'), oauth_authorized_application_path(application), method: :delete, data: { confirm: t('doorkeeper.authorized_applications.confirmations.revoke') }
|
= table_link_to 'times', t('doorkeeper.authorized_applications.buttons.revoke'), oauth_authorized_application_path(application), method: :delete, data: { confirm: t('doorkeeper.authorized_applications.confirmations.revoke') }
|
||||||
|
@ -21,7 +21,7 @@ SimpleNavigation::Configuration.run do |navigation|
|
|||||||
|
|
||||||
n.item :security, safe_join([fa_icon('lock fw'), t('settings.account')]), edit_user_registration_url do |s|
|
n.item :security, safe_join([fa_icon('lock fw'), t('settings.account')]), edit_user_registration_url do |s|
|
||||||
s.item :password, safe_join([fa_icon('lock fw'), t('settings.account_settings')]), edit_user_registration_url, highlights_on: %r{/auth/edit|/settings/delete|/settings/migration|/settings/aliases}
|
s.item :password, safe_join([fa_icon('lock fw'), t('settings.account_settings')]), edit_user_registration_url, highlights_on: %r{/auth/edit|/settings/delete|/settings/migration|/settings/aliases}
|
||||||
s.item :two_factor_authentication, safe_join([fa_icon('mobile fw'), t('settings.two_factor_authentication')]), settings_two_factor_authentication_methods_url, highlights_on: %r{/settings/two_factor_authentication|/settings/security_keys}
|
s.item :two_factor_authentication, safe_join([fa_icon('mobile fw'), t('settings.two_factor_authentication')]), settings_two_factor_authentication_methods_url, highlights_on: %r{/settings/two_factor_authentication|/settings/otp_authentication|/settings/security_keys}
|
||||||
s.item :authorized_apps, safe_join([fa_icon('list fw'), t('settings.authorized_apps')]), oauth_authorized_applications_url
|
s.item :authorized_apps, safe_join([fa_icon('list fw'), t('settings.authorized_apps')]), oauth_authorized_applications_url
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -77,16 +77,8 @@ describe Settings::DeletesController do
|
|||||||
expect(response).to redirect_to settings_delete_path
|
expect(response).to redirect_to settings_delete_path
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
|
||||||
|
|
||||||
context 'when not signed in' do
|
context 'when account deletions are disabled' do
|
||||||
it 'redirects' do
|
|
||||||
delete :destroy
|
|
||||||
expect(response).to redirect_to '/auth/sign_in'
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
context do
|
|
||||||
around do |example|
|
around do |example|
|
||||||
open_deletion = Setting.open_deletion
|
open_deletion = Setting.open_deletion
|
||||||
example.run
|
example.run
|
||||||
@ -100,4 +92,12 @@ describe Settings::DeletesController do
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'when not signed in' do
|
||||||
|
it 'redirects' do
|
||||||
|
delete :destroy
|
||||||
|
expect(response).to redirect_to '/auth/sign_in'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user