FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099)

Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2025-05-29 21:19:32 +08:00 · 2018-07-23 16:51:57 +01:00
parent 32062864d3
commit eda1462b3b
40 changed files with 836 additions and 240 deletions
--- a/spec/requests/users_controller_spec.rb
+++ b/spec/requests/users_controller_spec.rb
@ -1965,7 +1965,7 @@ describe UsersController do
        json = JSON.parse(response.body)
        expect(json["email"]).to eq(user.email)
        expect(json["secondary_emails"]).to eq(user.secondary_emails)
-        expect(json["associated_accounts"]).to be_present
+        expect(json["associated_accounts"]).to eq([])
      end

      it "works on inactive users" do
@ -1978,7 +1978,7 @@ describe UsersController do
        json = JSON.parse(response.body)
        expect(json["email"]).to eq(inactive_user.email)
        expect(json["secondary_emails"]).to eq(inactive_user.secondary_emails)
-        expect(json["associated_accounts"]).to be_present
+        expect(json["associated_accounts"]).to eq([])
      end
    end
  end
@ -3068,4 +3068,46 @@ describe UsersController do
      end
    end
  end
+
+  describe '#revoke_account' do
+    let(:other_user) { Fabricate(:user) }
+    it 'errors for unauthorised users' do
+      post "/u/#{user.username}/preferences/revoke-account.json", params: {
+        provider_name: 'facebook'
+      }
+      expect(response.status).to eq(403)
+
+      sign_in(other_user)
+
+      post "/u/#{user.username}/preferences/revoke-account.json", params: {
+        provider_name: 'facebook'
+      }
+      expect(response.status).to eq(403)
+    end
+
+    context 'while logged in' do
+      before do
+        sign_in(user)
+      end
+
+      it 'returns an error when there is no matching account' do
+        post "/u/#{user.username}/preferences/revoke-account.json", params: {
+          provider_name: 'facebook'
+        }
+        expect(response.status).to eq(404)
+      end
+
+      it 'works' do
+        FacebookUserInfo.create!(user_id: user.id, facebook_user_id: 12345, email: 'someuser@somedomain.tld')
+        stub = stub_request(:delete, 'https://graph.facebook.com/12345/permissions?access_token=123%7Cabcde').to_return(body: "true")
+
+        post "/u/#{user.username}/preferences/revoke-account.json", params: {
+          provider_name: 'facebook'
+        }
+        expect(response.status).to eq(200)
+      end
+
+    end
+
+  end
 end