Merge pull request #12949 from rust-lang/more-user-related-tests

Add more tests around user account behavior

Author: carols10cents

src/tests/routes/users/read.rs

@@ -4,6 +4,7 @@ use crates_io::models::NewUser;
 use crates_io::schema::users;
 use crates_io::views::EncodablePublicUser;
 use diesel_async::RunQueryDsl;
+use insta::assert_snapshot;
 use serde::Deserialize;
 
 #[derive(Deserialize)]
@@ -19,9 +20,14 @@ async fn show() {
     let json: UserShowPublicResponse = anon.get("/api/v1/users/foo").await.good();
     assert_eq!(json.user.login, "foo");
 
+    // Lookup by username is case insensitive; returned data uses capitalization in database
     let json: UserShowPublicResponse = anon.get("/api/v1/users/bAr").await.good();
     assert_eq!(json.user.login, "Bar");
     assert_eq!(json.user.url, "https://github.com/Bar");
+
+    // Username not in database results in 404
+    let response = anon.get::<()>("/api/v1/users/not_a_user").await;
+    assert_snapshot!(response.status(), @"404 Not Found");
 }
 
 #[tokio::test(flavor = "multi_thread")]
@@ -64,3 +70,24 @@ async fn show_latest_user_case_insensitively() {
         json.user.name.unwrap()
     );
 }
+
+#[tokio::test(flavor = "multi_thread")]
+async fn user_without_github_account() {
+    let (app, anon) = TestApp::init().empty().await;
+    let mut conn = app.db_conn().await;
+
+    let new_user = NewUser::builder()
+        // The gh_id column will eventually be removed; there are currently records in production
+        // that have `-1` for their `gh_id` because the associated GitHub accounts have been deleted
+        .gh_id(-1)
+        .gh_login("foobar")
+        .name("I deleted my github account")
+        .gh_encrypted_token(&[])
+        .build();
+    new_user.insert(&mut conn).await.unwrap();
+    // This user doesn't have a linked record in `oauth_github`
+
+    // The crates.io username still exists
+    let json: UserShowPublicResponse = anon.get("/api/v1/users/fOObAr").await.good();
+    assert_eq!("I deleted my github account", json.user.name.unwrap());
+}

src/tests/user.rs

@@ -326,5 +326,35 @@ async fn also_write_to_oauth_github() -> anyhow::Result<()> {
     let decrypted_token = encryption.decrypt(&oauth_github.encrypted_token)?;
     assert_eq!(decrypted_token.secret(), "a different token");
 
+    // Now that the user has renamed their account on GitHub, someone else can claim it and log in
+    // to crates.io with it (with a different GitHub ID)
+    let new_gh_id = gh_id + 1;
+    let gh_user = GitHubUser {
+        id: new_gh_id,
+        login: "arbitrary_username".to_string(),
+        name: None,
+        email: Some(email.to_string()),
+        avatar_url: None,
+    };
+    let encrypted_token = encryption.encrypt("a different random token")?;
+    let u = session::save_user_to_database(&gh_user, &encrypted_token, emails, &mut conn).await?;
+
+    assert_eq!(u.gh_login, "arbitrary_username");
+    assert_eq!(u.gh_id, new_gh_id);
+
+    let oauth_github_records: Vec<OauthGithub> = oauth_github::table.load(&mut conn).await.unwrap();
+    assert_eq!(oauth_github_records.len(), 2);
+    let additional_user_oauth_github = oauth_github_records
+        .iter()
+        .find(|gh| *gh.id() == new_gh_id as i64)
+        .unwrap();
+
+    assert_eq!(additional_user_oauth_github.user_id, u.id);
+    assert_eq!(additional_user_oauth_github.account_id, new_gh_id as i64);
+    assert_eq!(additional_user_oauth_github.login, u.gh_login);
+    assert!(additional_user_oauth_github.avatar.is_none());
+    let decrypted_token = encryption.decrypt(&additional_user_oauth_github.encrypted_token)?;
+    assert_eq!(decrypted_token.secret(), "a different random token");
+
     Ok(())
 }