plausible/analytics
1
1
Fork 0
mirror of https://github.com/plausible/analytics.git synced 2024-12-27 03:21:37 +03:00
Code Issues Packages Projects Releases Wiki Activity
16ce0f1ea8
analytics/test/plausible_web/controllers/auth_controller_test.exs

764 lines
23 KiB
Elixir
Raw Normal View History

Initial commit
2019-09-02 14:29:19 +03:00
defmodule PlausibleWeb.AuthControllerTest do
Run tests in async mode where applicable (#2542) * Set pg pool size for MIX_ENV=test * Include slow tests in CI run * Exclude slow tests by default * Mark tests slow/async where applicable * Restructure captcha mocks * Revert async where env is relied upon * Add --max-failures=1 to CI run * Set warnings as errors * Disable async where various mocks are used * Revert "Disable async where various mocks are used" This reverts commit 2446b72a2924d7c14d2f1c9c6ae66daff5dfa5a6. * Disable async for test using vcr
2022-12-26 16:20:29 +03:00
use PlausibleWeb.ConnCase, async: true
Initial commit
2019-09-02 14:29:19 +03:00
use Bamboo.Test
Onboarding UX improvements (#441) * WIP * Actually activate the user * Send email verification codes * Send activation code with email * Only show onboarding steps during first site creation * Add worker to config * Consistent form styles * Send welcome email when user activates account * Add changelog entry * Use https in new site form * Correct spelling in email
2020-12-15 12:30:45 +03:00
use Plausible.Repo
Initial commit
2019-09-02 14:29:19 +03:00
Include tests for Captcha success/failure scenarios (#2344) * Include tests for Captcha success/failure scenarios * DRY
2022-10-17 14:16:59 +03:00
import Mox
Implement better user password validation (#3344) * Add zxcvbn dependency * Change password length range requirement from 6-64 to 12-128 * Reimplement register form in LV * Implement server-side check for password strength * Add rudimentary strength meter * Make password input with strength a separate component and improve it * Fix existing tests to provide strong enough password * Apply formatting * Replace existing registration form with new one * Hide built-in label in `.input` component when none provided * Crop password to first 32 chars for analysis by zxcvbn * Add tests for new form components * Integrate hCaptcha into LV * Fix existing AuthController tests * Add tests for Live.RegisterForm * Hide strength meter when password input is empty * Randomize client IP in headers during tests to avoid hitting rate limit * Apply auxilliary formatting fixes to AuthController * Integrate registration from invitation into LV registration logic * Fix existing password set and reset forms * Make `password_length_hint` component more customizable * Optimize `Auth.User.set_password/2` * Remove unnecessary attribute from registration form * Move password set and reset forms to LV * Add tests for SetPasswordForm LV component * Add tests for password checks in `Auth.User` * Document code a bit * Implement simpler approach to hCaptcha integration * Update CHANGELOG.md * Improve consistency of color scheme * Introduce debounce across all text inputs in registration and password forms * Fix email input background in register form * Ensure only single error is rendered for empty password confirmation case * Remove `/password` form entirely in favor of preferred password reset * Remove unnecessary `router` option from `live_render` calls * Make expensive assigns in LV with `assign_new` (h/t @aerosol) * Accept passwords longer than 32 bytes uniformly as very strong * Avoid displaying blank error side by side with weak password error * Make register actions handle errors gracefully * Render only a single piece of feedback to reduce noise * Make register and password reset forms pw manager friendly (h/t @cnkk) * Move registration forms to live routes * Delete no longer used deadviews * Adjust registration form in accordance to changes in #3290 * Reintroduce dogfood page path for invitation form from #3290 * Use alternative approach to submitting plausible metrics from LV form * Rename metrics events and extend tests to account for them
2023-09-25 11:27:29 +03:00
alias Plausible.Auth.User
Include tests for Captcha success/failure scenarios (#2344) * Include tests for Captcha success/failure scenarios * DRY
2022-10-17 14:16:59 +03:00
setup :verify_on_exit!
Initial commit
2019-09-02 14:29:19 +03:00
describe "GET /register" do
test "shows the register form", %{conn: conn} do
conn = get(conn, "/register")
Email flows (#46) * Update activation email * Update trial upgrade emails * Remove feedback emails * Remove feedback email test * Update welcome email (and send it earlier) * Site setup emails * Add create site emails for trialers * Add check stats email * Remove dead code * Adjust site setup emails for users who are not on trial * BCC myself on all new emails * Use old phrasing in the welcome email
2020-03-23 12:34:25 +03:00
assert html_response(conn, 200) =~ "Enter your details"
Initial commit
2019-09-02 14:29:19 +03:00
end
Onboarding UX improvements (#441) * WIP * Actually activate the user * Send email verification codes * Send activation code with email * Only show onboarding steps during first site creation * Add worker to config * Consistent form styles * Send welcome email when user activates account * Add changelog entry * Use https in new site form * Correct spelling in email
2020-12-15 12:30:45 +03:00
end
Initial commit
2019-09-02 14:29:19 +03:00
Onboarding UX improvements (#441) * WIP * Actually activate the user * Send email verification codes * Send activation code with email * Only show onboarding steps during first site creation * Add worker to config * Consistent form styles * Send welcome email when user activates account * Add changelog entry * Use https in new site form * Correct spelling in email
2020-12-15 12:30:45 +03:00
describe "POST /register" do
Run tests in async mode where applicable (#2542) * Set pg pool size for MIX_ENV=test * Include slow tests in CI run * Exclude slow tests by default * Mark tests slow/async where applicable * Restructure captcha mocks * Revert async where env is relied upon * Add --max-failures=1 to CI run * Set warnings as errors * Disable async where various mocks are used * Revert "Disable async where various mocks are used" This reverts commit 2446b72a2924d7c14d2f1c9c6ae66daff5dfa5a6. * Disable async for test using vcr
2022-12-26 16:20:29 +03:00
test "registering sends an activation link", %{conn: conn} do
Implement better user password validation (#3344) * Add zxcvbn dependency * Change password length range requirement from 6-64 to 12-128 * Reimplement register form in LV * Implement server-side check for password strength * Add rudimentary strength meter * Make password input with strength a separate component and improve it * Fix existing tests to provide strong enough password * Apply formatting * Replace existing registration form with new one * Hide built-in label in `.input` component when none provided * Crop password to first 32 chars for analysis by zxcvbn * Add tests for new form components * Integrate hCaptcha into LV * Fix existing AuthController tests * Add tests for Live.RegisterForm * Hide strength meter when password input is empty * Randomize client IP in headers during tests to avoid hitting rate limit * Apply auxilliary formatting fixes to AuthController * Integrate registration from invitation into LV registration logic * Fix existing password set and reset forms * Make `password_length_hint` component more customizable * Optimize `Auth.User.set_password/2` * Remove unnecessary attribute from registration form * Move password set and reset forms to LV * Add tests for SetPasswordForm LV component * Add tests for password checks in `Auth.User` * Document code a bit * Implement simpler approach to hCaptcha integration * Update CHANGELOG.md * Improve consistency of color scheme * Introduce debounce across all text inputs in registration and password forms * Fix email input background in register form * Ensure only single error is rendered for empty password confirmation case * Remove `/password` form entirely in favor of preferred password reset * Remove unnecessary `router` option from `live_render` calls * Make expensive assigns in LV with `assign_new` (h/t @aerosol) * Accept passwords longer than 32 bytes uniformly as very strong * Avoid displaying blank error side by side with weak password error * Make register actions handle errors gracefully * Render only a single piece of feedback to reduce noise * Make register and password reset forms pw manager friendly (h/t @cnkk) * Move registration forms to live routes * Delete no longer used deadviews * Adjust registration form in accordance to changes in #3290 * Reintroduce dogfood page path for invitation form from #3290 * Use alternative approach to submitting plausible metrics from LV form * Rename metrics events and extend tests to account for them
2023-09-25 11:27:29 +03:00
Repo.insert!(
User.new(%{
name: "Jane Doe",
email: "user@example.com",
password: "very-secret-and-very-long-123",
password_confirmation: "very-secret-and-very-long-123"
})
)
Formatting only changes - No code change (#75) * first commit with test and compile job Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding 'prepare' stage Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * updated ci script to include "test" compile phase Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding environment variables for connecting to postgresql Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * updated ci config for postgres Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * using non-alpine version of elixir Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * re-using the 'compile' artifacts and added explict env variables for testing Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * removing redundant deps fetching from common code Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * formatting using mix.format -- beware no-code changes! Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * added release config Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding consistent env variable for Database Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * more cleaning up of environment variables Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Adding releases config for enabling releases Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * cleaning up env configs Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Cleaned up config and prepared config for releases Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * updated CI script with new config for test Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Added Dockerfile for creating production docker image Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Adding "docker" build job yay! Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * using non-slim version of debian and installing webpack Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Adding overlays for migrations on releases Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * restricting the docker built to master branch only Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * typo fix Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding "Hosting.md" to explain hosting instructions Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * removed the default comments Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Added documentation related to env variables * updated documentation and fixed typo Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * updated documentation * Bumping up elixir version as `overlays` are only supported in latest version read release notes: https://github.com/elixir-lang/elixir/releases/tag/v1.10.0 Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Adding tarball assembly during release Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * updated HOSTING.md Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Added support for db migration Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * minor corrections Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * initializing admin user Admin user has been added in the "migration" phase. A default user is automatically created in the process. One can provide the related env variables, else a new one will be automatically created for you. Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Initial base domain update - phase#1 These changes are only meant for correct operating it under self-hosting. There are many other cosmetic changes, that require updates to email, site and other places where the original website and author is used. Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Using dedicated config variable `base_domain` instead Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding base_domain to releases config Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * removing the dedicated config "base_domain", relying on endpoint host Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Removed the usage of "Mix" in code! It is bad practice to use "mix" module inside the code as in actual release this module is unavailable. Replacing this with a config environment variable Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Added support for SMTP via Bamboo Smtp Adapter Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Capturing SMTP errors via Sentry Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Minor updates Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Adding junit formatter -- useful for generating test reports Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding documentation for default user * Resolve "Gitlab Adoption: Add supported services in "Security & Compliance"" * bumping up the debian version to fix issues fixing some vulnerabilities identified by the scanning tools * More updates for self-hosting Changes in most of the places to suit self-hosting. Although, there are some which have been left-off. Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * quick-dirty-fix! * bumping up the db connect timeout Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * bumping up the db connect timeout Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * bumping up the db connect timeout Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * bumping up timeout - skipping MRs :-/ * removing restrictions on watching for changes this stuff isn't working * Update HOSTING.md * renamed the module name * reverting formatting-whitespace changes Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * reverting the name to release Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding docker-compose.yml and related instructions Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * using `plausible_url` instead of assuming `https` this is because, it is much to test in local dev machines and in most cases there's already a layer above which is capable for `https` termination and http -> https upgrade Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * WIP: merging changes from upstream Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * wip: more changes * Pushing in changes from upstream Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * changes to ci for testing Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * cleaning up and finishing clickhouse integration Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * updating readme with hosting details * removing deleted files from upstream * minor config adjustments Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * formatting changes Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
2020-06-08 10:35:13 +03:00
post(conn, "/register",
user: %{
Onboarding UX improvements (#441) * WIP * Actually activate the user * Send email verification codes * Send activation code with email * Only show onboarding steps during first site creation * Add worker to config * Consistent form styles * Send welcome email when user activates account * Add changelog entry * Use https in new site form * Correct spelling in email
2020-12-15 12:30:45 +03:00
email: "user@example.com",
Implement better user password validation (#3344) * Add zxcvbn dependency * Change password length range requirement from 6-64 to 12-128 * Reimplement register form in LV * Implement server-side check for password strength * Add rudimentary strength meter * Make password input with strength a separate component and improve it * Fix existing tests to provide strong enough password * Apply formatting * Replace existing registration form with new one * Hide built-in label in `.input` component when none provided * Crop password to first 32 chars for analysis by zxcvbn * Add tests for new form components * Integrate hCaptcha into LV * Fix existing AuthController tests * Add tests for Live.RegisterForm * Hide strength meter when password input is empty * Randomize client IP in headers during tests to avoid hitting rate limit * Apply auxilliary formatting fixes to AuthController * Integrate registration from invitation into LV registration logic * Fix existing password set and reset forms * Make `password_length_hint` component more customizable * Optimize `Auth.User.set_password/2` * Remove unnecessary attribute from registration form * Move password set and reset forms to LV * Add tests for SetPasswordForm LV component * Add tests for password checks in `Auth.User` * Document code a bit * Implement simpler approach to hCaptcha integration * Update CHANGELOG.md * Improve consistency of color scheme * Introduce debounce across all text inputs in registration and password forms * Fix email input background in register form * Ensure only single error is rendered for empty password confirmation case * Remove `/password` form entirely in favor of preferred password reset * Remove unnecessary `router` option from `live_render` calls * Make expensive assigns in LV with `assign_new` (h/t @aerosol) * Accept passwords longer than 32 bytes uniformly as very strong * Avoid displaying blank error side by side with weak password error * Make register actions handle errors gracefully * Render only a single piece of feedback to reduce noise * Make register and password reset forms pw manager friendly (h/t @cnkk) * Move registration forms to live routes * Delete no longer used deadviews * Adjust registration form in accordance to changes in #3290 * Reintroduce dogfood page path for invitation form from #3290 * Use alternative approach to submitting plausible metrics from LV form * Rename metrics events and extend tests to account for them
2023-09-25 11:27:29 +03:00
password: "very-secret-and-very-long-123"
Onboarding UX improvements (#441) * WIP * Actually activate the user * Send email verification codes * Send activation code with email * Only show onboarding steps during first site creation * Add worker to config * Consistent form styles * Send welcome email when user activates account * Add changelog entry * Use https in new site form * Correct spelling in email
2020-12-15 12:30:45 +03:00
}
)
assert_delivered_email_matches(%{to: [{_, user_email}], subject: subject})
assert user_email == "user@example.com"
assert subject =~ "is your Plausible email verification code"
end
Use more path helpers
2021-10-26 11:59:14 +03:00
test "user is redirected to activate page after registration", %{conn: conn} do
Implement better user password validation (#3344) * Add zxcvbn dependency * Change password length range requirement from 6-64 to 12-128 * Reimplement register form in LV * Implement server-side check for password strength * Add rudimentary strength meter * Make password input with strength a separate component and improve it * Fix existing tests to provide strong enough password * Apply formatting * Replace existing registration form with new one * Hide built-in label in `.input` component when none provided * Crop password to first 32 chars for analysis by zxcvbn * Add tests for new form components * Integrate hCaptcha into LV * Fix existing AuthController tests * Add tests for Live.RegisterForm * Hide strength meter when password input is empty * Randomize client IP in headers during tests to avoid hitting rate limit * Apply auxilliary formatting fixes to AuthController * Integrate registration from invitation into LV registration logic * Fix existing password set and reset forms * Make `password_length_hint` component more customizable * Optimize `Auth.User.set_password/2` * Remove unnecessary attribute from registration form * Move password set and reset forms to LV * Add tests for SetPasswordForm LV component * Add tests for password checks in `Auth.User` * Document code a bit * Implement simpler approach to hCaptcha integration * Update CHANGELOG.md * Improve consistency of color scheme * Introduce debounce across all text inputs in registration and password forms * Fix email input background in register form * Ensure only single error is rendered for empty password confirmation case * Remove `/password` form entirely in favor of preferred password reset * Remove unnecessary `router` option from `live_render` calls * Make expensive assigns in LV with `assign_new` (h/t @aerosol) * Accept passwords longer than 32 bytes uniformly as very strong * Avoid displaying blank error side by side with weak password error * Make register actions handle errors gracefully * Render only a single piece of feedback to reduce noise * Make register and password reset forms pw manager friendly (h/t @cnkk) * Move registration forms to live routes * Delete no longer used deadviews * Adjust registration form in accordance to changes in #3290 * Reintroduce dogfood page path for invitation form from #3290 * Use alternative approach to submitting plausible metrics from LV form * Rename metrics events and extend tests to account for them
2023-09-25 11:27:29 +03:00
Repo.insert!(
User.new(%{
name: "Jane Doe",
email: "user@example.com",
password: "very-secret-and-very-long-123",
password_confirmation: "very-secret-and-very-long-123"
})
)
Use more path helpers
2021-10-26 11:59:14 +03:00
conn =
post(conn, "/register",
user: %{
email: "user@example.com",
Implement better user password validation (#3344) * Add zxcvbn dependency * Change password length range requirement from 6-64 to 12-128 * Reimplement register form in LV * Implement server-side check for password strength * Add rudimentary strength meter * Make password input with strength a separate component and improve it * Fix existing tests to provide strong enough password * Apply formatting * Replace existing registration form with new one * Hide built-in label in `.input` component when none provided * Crop password to first 32 chars for analysis by zxcvbn * Add tests for new form components * Integrate hCaptcha into LV * Fix existing AuthController tests * Add tests for Live.RegisterForm * Hide strength meter when password input is empty * Randomize client IP in headers during tests to avoid hitting rate limit * Apply auxilliary formatting fixes to AuthController * Integrate registration from invitation into LV registration logic * Fix existing password set and reset forms * Make `password_length_hint` component more customizable * Optimize `Auth.User.set_password/2` * Remove unnecessary attribute from registration form * Move password set and reset forms to LV * Add tests for SetPasswordForm LV component * Add tests for password checks in `Auth.User` * Document code a bit * Implement simpler approach to hCaptcha integration * Update CHANGELOG.md * Improve consistency of color scheme * Introduce debounce across all text inputs in registration and password forms * Fix email input background in register form * Ensure only single error is rendered for empty password confirmation case * Remove `/password` form entirely in favor of preferred password reset * Remove unnecessary `router` option from `live_render` calls * Make expensive assigns in LV with `assign_new` (h/t @aerosol) * Accept passwords longer than 32 bytes uniformly as very strong * Avoid displaying blank error side by side with weak password error * Make register actions handle errors gracefully * Render only a single piece of feedback to reduce noise * Make register and password reset forms pw manager friendly (h/t @cnkk) * Move registration forms to live routes * Delete no longer used deadviews * Adjust registration form in accordance to changes in #3290 * Reintroduce dogfood page path for invitation form from #3290 * Use alternative approach to submitting plausible metrics from LV form * Rename metrics events and extend tests to account for them
2023-09-25 11:27:29 +03:00
password: "very-secret-and-very-long-123"
Use more path helpers
2021-10-26 11:59:14 +03:00
}
)
assert redirected_to(conn, 302) == "/activate"
end
Implement better user password validation (#3344) * Add zxcvbn dependency * Change password length range requirement from 6-64 to 12-128 * Reimplement register form in LV * Implement server-side check for password strength * Add rudimentary strength meter * Make password input with strength a separate component and improve it * Fix existing tests to provide strong enough password * Apply formatting * Replace existing registration form with new one * Hide built-in label in `.input` component when none provided * Crop password to first 32 chars for analysis by zxcvbn * Add tests for new form components * Integrate hCaptcha into LV * Fix existing AuthController tests * Add tests for Live.RegisterForm * Hide strength meter when password input is empty * Randomize client IP in headers during tests to avoid hitting rate limit * Apply auxilliary formatting fixes to AuthController * Integrate registration from invitation into LV registration logic * Fix existing password set and reset forms * Make `password_length_hint` component more customizable * Optimize `Auth.User.set_password/2` * Remove unnecessary attribute from registration form * Move password set and reset forms to LV * Add tests for SetPasswordForm LV component * Add tests for password checks in `Auth.User` * Document code a bit * Implement simpler approach to hCaptcha integration * Update CHANGELOG.md * Improve consistency of color scheme * Introduce debounce across all text inputs in registration and password forms * Fix email input background in register form * Ensure only single error is rendered for empty password confirmation case * Remove `/password` form entirely in favor of preferred password reset * Remove unnecessary `router` option from `live_render` calls * Make expensive assigns in LV with `assign_new` (h/t @aerosol) * Accept passwords longer than 32 bytes uniformly as very strong * Avoid displaying blank error side by side with weak password error * Make register actions handle errors gracefully * Render only a single piece of feedback to reduce noise * Make register and password reset forms pw manager friendly (h/t @cnkk) * Move registration forms to live routes * Delete no longer used deadviews * Adjust registration form in accordance to changes in #3290 * Reintroduce dogfood page path for invitation form from #3290 * Use alternative approach to submitting plausible metrics from LV form * Rename metrics events and extend tests to account for them
2023-09-25 11:27:29 +03:00
test "logs the user in", %{conn: conn} do
Repo.insert!(
User.new(%{
Onboarding UX improvements (#441) * WIP * Actually activate the user * Send email verification codes * Send activation code with email * Only show onboarding steps during first site creation * Add worker to config * Consistent form styles * Send welcome email when user activates account * Add changelog entry * Use https in new site form * Correct spelling in email
2020-12-15 12:30:45 +03:00
name: "Jane Doe",
email: "user@example.com",
Implement better user password validation (#3344) * Add zxcvbn dependency * Change password length range requirement from 6-64 to 12-128 * Reimplement register form in LV * Implement server-side check for password strength * Add rudimentary strength meter * Make password input with strength a separate component and improve it * Fix existing tests to provide strong enough password * Apply formatting * Replace existing registration form with new one * Hide built-in label in `.input` component when none provided * Crop password to first 32 chars for analysis by zxcvbn * Add tests for new form components * Integrate hCaptcha into LV * Fix existing AuthController tests * Add tests for Live.RegisterForm * Hide strength meter when password input is empty * Randomize client IP in headers during tests to avoid hitting rate limit * Apply auxilliary formatting fixes to AuthController * Integrate registration from invitation into LV registration logic * Fix existing password set and reset forms * Make `password_length_hint` component more customizable * Optimize `Auth.User.set_password/2` * Remove unnecessary attribute from registration form * Move password set and reset forms to LV * Add tests for SetPasswordForm LV component * Add tests for password checks in `Auth.User` * Document code a bit * Implement simpler approach to hCaptcha integration * Update CHANGELOG.md * Improve consistency of color scheme * Introduce debounce across all text inputs in registration and password forms * Fix email input background in register form * Ensure only single error is rendered for empty password confirmation case * Remove `/password` form entirely in favor of preferred password reset * Remove unnecessary `router` option from `live_render` calls * Make expensive assigns in LV with `assign_new` (h/t @aerosol) * Accept passwords longer than 32 bytes uniformly as very strong * Avoid displaying blank error side by side with weak password error * Make register actions handle errors gracefully * Render only a single piece of feedback to reduce noise * Make register and password reset forms pw manager friendly (h/t @cnkk) * Move registration forms to live routes * Delete no longer used deadviews * Adjust registration form in accordance to changes in #3290 * Reintroduce dogfood page path for invitation form from #3290 * Use alternative approach to submitting plausible metrics from LV form * Rename metrics events and extend tests to account for them
2023-09-25 11:27:29 +03:00
password: "very-secret-and-very-long-123",
password_confirmation: "very-secret-and-very-long-123"
})
Formatting only changes - No code change (#75) * first commit with test and compile job Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding 'prepare' stage Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * updated ci script to include "test" compile phase Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding environment variables for connecting to postgresql Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * updated ci config for postgres Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * using non-alpine version of elixir Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * re-using the 'compile' artifacts and added explict env variables for testing Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * removing redundant deps fetching from common code Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * formatting using mix.format -- beware no-code changes! Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * added release config Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding consistent env variable for Database Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * more cleaning up of environment variables Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Adding releases config for enabling releases Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * cleaning up env configs Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Cleaned up config and prepared config for releases Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * updated CI script with new config for test Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Added Dockerfile for creating production docker image Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Adding "docker" build job yay! Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * using non-slim version of debian and installing webpack Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Adding overlays for migrations on releases Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * restricting the docker built to master branch only Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * typo fix Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding "Hosting.md" to explain hosting instructions Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * removed the default comments Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Added documentation related to env variables * updated documentation and fixed typo Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * updated documentation * Bumping up elixir version as `overlays` are only supported in latest version read release notes: https://github.com/elixir-lang/elixir/releases/tag/v1.10.0 Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Adding tarball assembly during release Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * updated HOSTING.md Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Added support for db migration Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * minor corrections Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * initializing admin user Admin user has been added in the "migration" phase. A default user is automatically created in the process. One can provide the related env variables, else a new one will be automatically created for you. Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Initial base domain update - phase#1 These changes are only meant for correct operating it under self-hosting. There are many other cosmetic changes, that require updates to email, site and other places where the original website and author is used. Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Using dedicated config variable `base_domain` instead Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding base_domain to releases config Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * removing the dedicated config "base_domain", relying on endpoint host Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Removed the usage of "Mix" in code! It is bad practice to use "mix" module inside the code as in actual release this module is unavailable. Replacing this with a config environment variable Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Added support for SMTP via Bamboo Smtp Adapter Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Capturing SMTP errors via Sentry Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Minor updates Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Adding junit formatter -- useful for generating test reports Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding documentation for default user * Resolve "Gitlab Adoption: Add supported services in "Security & Compliance"" * bumping up the debian version to fix issues fixing some vulnerabilities identified by the scanning tools * More updates for self-hosting Changes in most of the places to suit self-hosting. Although, there are some which have been left-off. Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * quick-dirty-fix! * bumping up the db connect timeout Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * bumping up the db connect timeout Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * bumping up the db connect timeout Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * bumping up timeout - skipping MRs :-/ * removing restrictions on watching for changes this stuff isn't working * Update HOSTING.md * renamed the module name * reverting formatting-whitespace changes Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * reverting the name to release Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding docker-compose.yml and related instructions Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * using `plausible_url` instead of assuming `https` this is because, it is much to test in local dev machines and in most cases there's already a layer above which is capable for `https` termination and http -> https upgrade Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * WIP: merging changes from upstream Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * wip: more changes * Pushing in changes from upstream Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * changes to ci for testing Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * cleaning up and finishing clickhouse integration Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * updating readme with hosting details * removing deleted files from upstream * minor config adjustments Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * formatting changes Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
2020-06-08 10:35:13 +03:00
)
Initial commit
2019-09-02 14:29:19 +03:00
Onboarding UX improvements (#441) * WIP * Actually activate the user * Send email verification codes * Send activation code with email * Only show onboarding steps during first site creation * Add worker to config * Consistent form styles * Send welcome email when user activates account * Add changelog entry * Use https in new site form * Correct spelling in email
2020-12-15 12:30:45 +03:00
conn =
post(conn, "/register",
user: %{
email: "user@example.com",
Implement better user password validation (#3344) * Add zxcvbn dependency * Change password length range requirement from 6-64 to 12-128 * Reimplement register form in LV * Implement server-side check for password strength * Add rudimentary strength meter * Make password input with strength a separate component and improve it * Fix existing tests to provide strong enough password * Apply formatting * Replace existing registration form with new one * Hide built-in label in `.input` component when none provided * Crop password to first 32 chars for analysis by zxcvbn * Add tests for new form components * Integrate hCaptcha into LV * Fix existing AuthController tests * Add tests for Live.RegisterForm * Hide strength meter when password input is empty * Randomize client IP in headers during tests to avoid hitting rate limit * Apply auxilliary formatting fixes to AuthController * Integrate registration from invitation into LV registration logic * Fix existing password set and reset forms * Make `password_length_hint` component more customizable * Optimize `Auth.User.set_password/2` * Remove unnecessary attribute from registration form * Move password set and reset forms to LV * Add tests for SetPasswordForm LV component * Add tests for password checks in `Auth.User` * Document code a bit * Implement simpler approach to hCaptcha integration * Update CHANGELOG.md * Improve consistency of color scheme * Introduce debounce across all text inputs in registration and password forms * Fix email input background in register form * Ensure only single error is rendered for empty password confirmation case * Remove `/password` form entirely in favor of preferred password reset * Remove unnecessary `router` option from `live_render` calls * Make expensive assigns in LV with `assign_new` (h/t @aerosol) * Accept passwords longer than 32 bytes uniformly as very strong * Avoid displaying blank error side by side with weak password error * Make register actions handle errors gracefully * Render only a single piece of feedback to reduce noise * Make register and password reset forms pw manager friendly (h/t @cnkk) * Move registration forms to live routes * Delete no longer used deadviews * Adjust registration form in accordance to changes in #3290 * Reintroduce dogfood page path for invitation form from #3290 * Use alternative approach to submitting plausible metrics from LV form * Rename metrics events and extend tests to account for them
2023-09-25 11:27:29 +03:00
password: "very-secret-and-very-long-123"
Onboarding UX improvements (#441) * WIP * Actually activate the user * Send email verification codes * Send activation code with email * Only show onboarding steps during first site creation * Add worker to config * Consistent form styles * Send welcome email when user activates account * Add changelog entry * Use https in new site form * Correct spelling in email
2020-12-15 12:30:45 +03:00
}
)
assert get_session(conn, :current_user_id)
Initial commit
2019-09-02 14:29:19 +03:00
end
Remove trial banner for admins & viewers (#1308) * Start trial only when the user creates a site * End trial when ownership is transfered
2021-09-08 15:15:37 +03:00
end
describe "GET /register/invitations/:invitation_id" do
test "shows the register form", %{conn: conn} do
inviter = insert(:user)
site = insert(:site, members: [inviter])
invitation =
insert(:invitation,
site_id: site.id,
inviter: inviter,
email: "user@email.co",
role: :admin
)
conn = get(conn, "/register/invitation/#{invitation.invitation_id}")
assert html_response(conn, 200) =~ "Enter your details"
end
end
describe "POST /register/invitation/:invitation_id" do
setup do
inviter = insert(:user)
site = insert(:site, members: [inviter])
invitation =
insert(:invitation,
site_id: site.id,
inviter: inviter,
email: "user@email.co",
role: :admin
)
Implement better user password validation (#3344) * Add zxcvbn dependency * Change password length range requirement from 6-64 to 12-128 * Reimplement register form in LV * Implement server-side check for password strength * Add rudimentary strength meter * Make password input with strength a separate component and improve it * Fix existing tests to provide strong enough password * Apply formatting * Replace existing registration form with new one * Hide built-in label in `.input` component when none provided * Crop password to first 32 chars for analysis by zxcvbn * Add tests for new form components * Integrate hCaptcha into LV * Fix existing AuthController tests * Add tests for Live.RegisterForm * Hide strength meter when password input is empty * Randomize client IP in headers during tests to avoid hitting rate limit * Apply auxilliary formatting fixes to AuthController * Integrate registration from invitation into LV registration logic * Fix existing password set and reset forms * Make `password_length_hint` component more customizable * Optimize `Auth.User.set_password/2` * Remove unnecessary attribute from registration form * Move password set and reset forms to LV * Add tests for SetPasswordForm LV component * Add tests for password checks in `Auth.User` * Document code a bit * Implement simpler approach to hCaptcha integration * Update CHANGELOG.md * Improve consistency of color scheme * Introduce debounce across all text inputs in registration and password forms * Fix email input background in register form * Ensure only single error is rendered for empty password confirmation case * Remove `/password` form entirely in favor of preferred password reset * Remove unnecessary `router` option from `live_render` calls * Make expensive assigns in LV with `assign_new` (h/t @aerosol) * Accept passwords longer than 32 bytes uniformly as very strong * Avoid displaying blank error side by side with weak password error * Make register actions handle errors gracefully * Render only a single piece of feedback to reduce noise * Make register and password reset forms pw manager friendly (h/t @cnkk) * Move registration forms to live routes * Delete no longer used deadviews * Adjust registration form in accordance to changes in #3290 * Reintroduce dogfood page path for invitation form from #3290 * Use alternative approach to submitting plausible metrics from LV form * Rename metrics events and extend tests to account for them
2023-09-25 11:27:29 +03:00
Repo.insert!(
User.new(%{
name: "Jane Doe",
email: "user@example.com",
password: "very-secret-and-very-long-123",
password_confirmation: "very-secret-and-very-long-123"
})
)
Remove trial banner for admins & viewers (#1308) * Start trial only when the user creates a site * End trial when ownership is transfered
2021-09-08 15:15:37 +03:00
{:ok, %{site: site, invitation: invitation}}
end
test "registering sends an activation link", %{conn: conn, invitation: invitation} do
post(conn, "/register/invitation/#{invitation.invitation_id}",
user: %{
name: "Jane Doe",
email: "user@example.com",
Implement better user password validation (#3344) * Add zxcvbn dependency * Change password length range requirement from 6-64 to 12-128 * Reimplement register form in LV * Implement server-side check for password strength * Add rudimentary strength meter * Make password input with strength a separate component and improve it * Fix existing tests to provide strong enough password * Apply formatting * Replace existing registration form with new one * Hide built-in label in `.input` component when none provided * Crop password to first 32 chars for analysis by zxcvbn * Add tests for new form components * Integrate hCaptcha into LV * Fix existing AuthController tests * Add tests for Live.RegisterForm * Hide strength meter when password input is empty * Randomize client IP in headers during tests to avoid hitting rate limit * Apply auxilliary formatting fixes to AuthController * Integrate registration from invitation into LV registration logic * Fix existing password set and reset forms * Make `password_length_hint` component more customizable * Optimize `Auth.User.set_password/2` * Remove unnecessary attribute from registration form * Move password set and reset forms to LV * Add tests for SetPasswordForm LV component * Add tests for password checks in `Auth.User` * Document code a bit * Implement simpler approach to hCaptcha integration * Update CHANGELOG.md * Improve consistency of color scheme * Introduce debounce across all text inputs in registration and password forms * Fix email input background in register form * Ensure only single error is rendered for empty password confirmation case * Remove `/password` form entirely in favor of preferred password reset * Remove unnecessary `router` option from `live_render` calls * Make expensive assigns in LV with `assign_new` (h/t @aerosol) * Accept passwords longer than 32 bytes uniformly as very strong * Avoid displaying blank error side by side with weak password error * Make register actions handle errors gracefully * Render only a single piece of feedback to reduce noise * Make register and password reset forms pw manager friendly (h/t @cnkk) * Move registration forms to live routes * Delete no longer used deadviews * Adjust registration form in accordance to changes in #3290 * Reintroduce dogfood page path for invitation form from #3290 * Use alternative approach to submitting plausible metrics from LV form * Rename metrics events and extend tests to account for them
2023-09-25 11:27:29 +03:00
password: "very-secret-and-very-long-123",
password_confirmation: "very-secret-and-very-long-123"
Remove trial banner for admins & viewers (#1308) * Start trial only when the user creates a site * End trial when ownership is transfered
2021-09-08 15:15:37 +03:00
}
)
assert_delivered_email_matches(%{to: [{_, user_email}], subject: subject})
assert user_email == "user@example.com"
assert subject =~ "is your Plausible email verification code"
end
Use more path helpers
2021-10-26 11:59:14 +03:00
test "user is redirected to activate page after registration", %{
conn: conn,
invitation: invitation
} do
conn =
post(conn, "/register/invitation/#{invitation.invitation_id}",
user: %{
name: "Jane Doe",
email: "user@example.com",
Implement better user password validation (#3344) * Add zxcvbn dependency * Change password length range requirement from 6-64 to 12-128 * Reimplement register form in LV * Implement server-side check for password strength * Add rudimentary strength meter * Make password input with strength a separate component and improve it * Fix existing tests to provide strong enough password * Apply formatting * Replace existing registration form with new one * Hide built-in label in `.input` component when none provided * Crop password to first 32 chars for analysis by zxcvbn * Add tests for new form components * Integrate hCaptcha into LV * Fix existing AuthController tests * Add tests for Live.RegisterForm * Hide strength meter when password input is empty * Randomize client IP in headers during tests to avoid hitting rate limit * Apply auxilliary formatting fixes to AuthController * Integrate registration from invitation into LV registration logic * Fix existing password set and reset forms * Make `password_length_hint` component more customizable * Optimize `Auth.User.set_password/2` * Remove unnecessary attribute from registration form * Move password set and reset forms to LV * Add tests for SetPasswordForm LV component * Add tests for password checks in `Auth.User` * Document code a bit * Implement simpler approach to hCaptcha integration * Update CHANGELOG.md * Improve consistency of color scheme * Introduce debounce across all text inputs in registration and password forms * Fix email input background in register form * Ensure only single error is rendered for empty password confirmation case * Remove `/password` form entirely in favor of preferred password reset * Remove unnecessary `router` option from `live_render` calls * Make expensive assigns in LV with `assign_new` (h/t @aerosol) * Accept passwords longer than 32 bytes uniformly as very strong * Avoid displaying blank error side by side with weak password error * Make register actions handle errors gracefully * Render only a single piece of feedback to reduce noise * Make register and password reset forms pw manager friendly (h/t @cnkk) * Move registration forms to live routes * Delete no longer used deadviews * Adjust registration form in accordance to changes in #3290 * Reintroduce dogfood page path for invitation form from #3290 * Use alternative approach to submitting plausible metrics from LV form * Rename metrics events and extend tests to account for them
2023-09-25 11:27:29 +03:00
password: "very-secret-and-very-long-123",
password_confirmation: "very-secret-and-very-long-123"
Use more path helpers
2021-10-26 11:59:14 +03:00
}
)
assert redirected_to(conn, 302) == "/activate"
end
Remove trial banner for admins & viewers (#1308) * Start trial only when the user creates a site * End trial when ownership is transfered
2021-09-08 15:15:37 +03:00
test "logs the user in", %{conn: conn, invitation: invitation} do
conn =
post(conn, "/register/invitation/#{invitation.invitation_id}",
user: %{
name: "Jane Doe",
email: "user@example.com",
Implement better user password validation (#3344) * Add zxcvbn dependency * Change password length range requirement from 6-64 to 12-128 * Reimplement register form in LV * Implement server-side check for password strength * Add rudimentary strength meter * Make password input with strength a separate component and improve it * Fix existing tests to provide strong enough password * Apply formatting * Replace existing registration form with new one * Hide built-in label in `.input` component when none provided * Crop password to first 32 chars for analysis by zxcvbn * Add tests for new form components * Integrate hCaptcha into LV * Fix existing AuthController tests * Add tests for Live.RegisterForm * Hide strength meter when password input is empty * Randomize client IP in headers during tests to avoid hitting rate limit * Apply auxilliary formatting fixes to AuthController * Integrate registration from invitation into LV registration logic * Fix existing password set and reset forms * Make `password_length_hint` component more customizable * Optimize `Auth.User.set_password/2` * Remove unnecessary attribute from registration form * Move password set and reset forms to LV * Add tests for SetPasswordForm LV component * Add tests for password checks in `Auth.User` * Document code a bit * Implement simpler approach to hCaptcha integration * Update CHANGELOG.md * Improve consistency of color scheme * Introduce debounce across all text inputs in registration and password forms * Fix email input background in register form * Ensure only single error is rendered for empty password confirmation case * Remove `/password` form entirely in favor of preferred password reset * Remove unnecessary `router` option from `live_render` calls * Make expensive assigns in LV with `assign_new` (h/t @aerosol) * Accept passwords longer than 32 bytes uniformly as very strong * Avoid displaying blank error side by side with weak password error * Make register actions handle errors gracefully * Render only a single piece of feedback to reduce noise * Make register and password reset forms pw manager friendly (h/t @cnkk) * Move registration forms to live routes * Delete no longer used deadviews * Adjust registration form in accordance to changes in #3290 * Reintroduce dogfood page path for invitation form from #3290 * Use alternative approach to submitting plausible metrics from LV form * Rename metrics events and extend tests to account for them
2023-09-25 11:27:29 +03:00
password: "very-secret-and-very-long-123",
password_confirmation: "very-secret-and-very-long-123"
Remove trial banner for admins & viewers (#1308) * Start trial only when the user creates a site * End trial when ownership is transfered
2021-09-08 15:15:37 +03:00
}
)
assert get_session(conn, :current_user_id)
end
Onboarding UX improvements (#441) * WIP * Actually activate the user * Send email verification codes * Send activation code with email * Only show onboarding steps during first site creation * Add worker to config * Consistent form styles * Send welcome email when user activates account * Add changelog entry * Use https in new site form * Correct spelling in email
2020-12-15 12:30:45 +03:00
end
describe "GET /activate" do
setup [:create_user, :log_in]
test "if user does not have a code: prompts user to request activation code", %{conn: conn} do
conn = get(conn, "/activate")
assert html_response(conn, 200) =~ "Request activation code"
end
Add elixir action (#526) * Add elixir action * Format the codebase * Add postgresql * Postgres config * Run postgres on localhost * Add clickhouse to CI
2020-12-29 16:17:27 +03:00
test "if user does have a code: prompts user to enter the activation code from their email",
%{conn: conn} do
conn =
post(conn, "/activate/request-code")
|> get("/activate")
Onboarding UX improvements (#441) * WIP * Actually activate the user * Send email verification codes * Send activation code with email * Only show onboarding steps during first site creation * Add worker to config * Consistent form styles * Send welcome email when user activates account * Add changelog entry * Use https in new site form * Correct spelling in email
2020-12-15 12:30:45 +03:00
assert html_response(conn, 200) =~ "Please enter the 4-digit code we sent to"
end
end
describe "POST /activate/request-code" do
setup [:create_user, :log_in]
test "associates an activation pin with the user account", %{conn: conn, user: user} do
post(conn, "/activate/request-code")
Add elixir action (#526) * Add elixir action * Format the codebase * Add postgresql * Postgres config * Run postgres on localhost * Add clickhouse to CI
2020-12-29 16:17:27 +03:00
code =
Repo.one(
from c in "email_verification_codes",
where: c.user_id == ^user.id,
select: %{user_id: c.user_id, issued_at: c.issued_at}
)
Onboarding UX improvements (#441) * WIP * Actually activate the user * Send email verification codes * Send activation code with email * Only show onboarding steps during first site creation * Add worker to config * Consistent form styles * Send welcome email when user activates account * Add changelog entry * Use https in new site form * Correct spelling in email
2020-12-15 12:30:45 +03:00
assert code[:user_id] == user.id
assert Timex.after?(code[:issued_at], Timex.now() |> Timex.shift(seconds: -10))
end
test "sends activation email to user", %{conn: conn, user: user} do
post(conn, "/activate/request-code")
assert_delivered_email_matches(%{to: [{_, user_email}], subject: subject})
assert user_email == user.email
assert subject =~ "is your Plausible email verification code"
Initial commit
2019-09-02 14:29:19 +03:00
end
Use more path helpers
2021-10-26 11:59:14 +03:00
test "redirets user to /activate", %{conn: conn} do
conn = post(conn, "/activate/request-code")
assert redirected_to(conn, 302) == "/activate"
end
Initial commit
2019-09-02 14:29:19 +03:00
end
Onboarding UX improvements (#441) * WIP * Actually activate the user * Send email verification codes * Send activation code with email * Only show onboarding steps during first site creation * Add worker to config * Consistent form styles * Send welcome email when user activates account * Add changelog entry * Use https in new site form * Correct spelling in email
2020-12-15 12:30:45 +03:00
describe "POST /activate" do
setup [:create_user, :log_in]
Initial commit
2019-09-02 14:29:19 +03:00
Onboarding UX improvements (#441) * WIP * Actually activate the user * Send email verification codes * Send activation code with email * Only show onboarding steps during first site creation * Add worker to config * Consistent form styles * Send welcome email when user activates account * Add changelog entry * Use https in new site form * Correct spelling in email
2020-12-15 12:30:45 +03:00
test "with wrong pin - reloads the form with error", %{conn: conn} do
conn = post(conn, "/activate", %{code: "1234"})
assert html_response(conn, 200) =~ "Incorrect activation code"
Initial commit
2019-09-02 14:29:19 +03:00
end
Onboarding UX improvements (#441) * WIP * Actually activate the user * Send email verification codes * Send activation code with email * Only show onboarding steps during first site creation * Add worker to config * Consistent form styles * Send welcome email when user activates account * Add changelog entry * Use https in new site form * Correct spelling in email
2020-12-15 12:30:45 +03:00
test "with expired pin - reloads the form with error", %{conn: conn, user: user} do
Add elixir action (#526) * Add elixir action * Format the codebase * Add postgresql * Postgres config * Run postgres on localhost * Add clickhouse to CI
2020-12-29 16:17:27 +03:00
Repo.insert_all("email_verification_codes", [
%{
code: 1234,
user_id: user.id,
issued_at: Timex.shift(Timex.now(), days: -1)
}
])
Onboarding UX improvements (#441) * WIP * Actually activate the user * Send email verification codes * Send activation code with email * Only show onboarding steps during first site creation * Add worker to config * Consistent form styles * Send welcome email when user activates account * Add changelog entry * Use https in new site form * Correct spelling in email
2020-12-15 12:30:45 +03:00
conn = post(conn, "/activate", %{code: "1234"})
Email flows (#46) * Update activation email * Update trial upgrade emails * Remove feedback emails * Remove feedback email test * Update welcome email (and send it earlier) * Site setup emails * Add create site emails for trialers * Add check stats email * Remove dead code * Adjust site setup emails for users who are not on trial * BCC myself on all new emails * Use old phrasing in the welcome email
2020-03-23 12:34:25 +03:00
Onboarding UX improvements (#441) * WIP * Actually activate the user * Send email verification codes * Send activation code with email * Only show onboarding steps during first site creation * Add worker to config * Consistent form styles * Send welcome email when user activates account * Add changelog entry * Use https in new site form * Correct spelling in email
2020-12-15 12:30:45 +03:00
assert html_response(conn, 200) =~ "Code is expired, please request another one"
Email flows (#46) * Update activation email * Update trial upgrade emails * Remove feedback emails * Remove feedback email test * Update welcome email (and send it earlier) * Site setup emails * Add create site emails for trialers * Add check stats email * Remove dead code * Adjust site setup emails for users who are not on trial * BCC myself on all new emails * Use old phrasing in the welcome email
2020-03-23 12:34:25 +03:00
end
Onboarding UX improvements (#441) * WIP * Actually activate the user * Send email verification codes * Send activation code with email * Only show onboarding steps during first site creation * Add worker to config * Consistent form styles * Send welcome email when user activates account * Add changelog entry * Use https in new site form * Correct spelling in email
2020-12-15 12:30:45 +03:00
test "marks the user account as active", %{conn: conn, user: user} do
Repo.update!(Plausible.Auth.User.changeset(user, %{email_verified: false}))
post(conn, "/activate/request-code")
Add elixir action (#526) * Add elixir action * Format the codebase * Add postgresql * Postgres config * Run postgres on localhost * Add clickhouse to CI
2020-12-29 16:17:27 +03:00
code =
Repo.one(
from c in "email_verification_codes", where: c.user_id == ^user.id, select: c.code
)
|> Integer.to_string()
Initial commit
2019-09-02 14:29:19 +03:00
Onboarding UX improvements (#441) * WIP * Actually activate the user * Send email verification codes * Send activation code with email * Only show onboarding steps during first site creation * Add worker to config * Consistent form styles * Send welcome email when user activates account * Add changelog entry * Use https in new site form * Correct spelling in email
2020-12-15 12:30:45 +03:00
conn = post(conn, "/activate", %{code: code})
user = Repo.get_by(Plausible.Auth.User, id: user.id)
assert user.email_verified
assert redirected_to(conn) == "/sites/new"
Initial commit
2019-09-02 14:29:19 +03:00
end
Use more path helpers
2021-10-26 11:59:14 +03:00
test "redirects to /sites if user has invitation", %{conn: conn, user: user} do
site = insert(:site)
insert(:invitation, inviter: build(:user), site: site, email: user.email)
Repo.update!(Plausible.Auth.User.changeset(user, %{email_verified: false}))
post(conn, "/activate/request-code")
code =
Repo.one(
from c in "email_verification_codes", where: c.user_id == ^user.id, select: c.code
)
|> Integer.to_string()
conn = post(conn, "/activate", %{code: code})
assert redirected_to(conn) == "/sites"
end
Onboarding UX improvements (#441) * WIP * Actually activate the user * Send email verification codes * Send activation code with email * Only show onboarding steps during first site creation * Add worker to config * Consistent form styles * Send welcome email when user activates account * Add changelog entry * Use https in new site form * Correct spelling in email
2020-12-15 12:30:45 +03:00
test "removes the user association from the verification code", %{conn: conn, user: user} do
Repo.update!(Plausible.Auth.User.changeset(user, %{email_verified: false}))
post(conn, "/activate/request-code")
Add elixir action (#526) * Add elixir action * Format the codebase * Add postgresql * Postgres config * Run postgres on localhost * Add clickhouse to CI
2020-12-29 16:17:27 +03:00
code =
Repo.one(
from c in "email_verification_codes", where: c.user_id == ^user.id, select: c.code
)
|> Integer.to_string()
Initial commit
2019-09-02 14:29:19 +03:00
Onboarding UX improvements (#441) * WIP * Actually activate the user * Send email verification codes * Send activation code with email * Only show onboarding steps during first site creation * Add worker to config * Consistent form styles * Send welcome email when user activates account * Add changelog entry * Use https in new site form * Correct spelling in email
2020-12-15 12:30:45 +03:00
post(conn, "/activate", %{code: code})
Initial commit
2019-09-02 14:29:19 +03:00
Onboarding UX improvements (#441) * WIP * Actually activate the user * Send email verification codes * Send activation code with email * Only show onboarding steps during first site creation * Add worker to config * Consistent form styles * Send welcome email when user activates account * Add changelog entry * Use https in new site form * Correct spelling in email
2020-12-15 12:30:45 +03:00
refute Repo.exists?(from c in "email_verification_codes", where: c.user_id == ^user.id)
Initial commit
2019-09-02 14:29:19 +03:00
end
end
describe "GET /login_form" do
test "shows the login form", %{conn: conn} do
conn = get(conn, "/login")
assert html_response(conn, 200) =~ "Enter your email and password"
end
end
describe "POST /login" do
test "valid email and password - logs the user in", %{conn: conn} do
user = insert(:user, password: "password")
conn = post(conn, "/login", email: user.email, password: "password")
assert get_session(conn, :current_user_id) == user.id
redirect users to /sites after login
2020-04-01 10:37:30 +03:00
assert redirected_to(conn) == "/sites"
Initial commit
2019-09-02 14:29:19 +03:00
end
test "email does not exist - renders login form again", %{conn: conn} do
conn = post(conn, "/login", email: "user@example.com", password: "password")
assert get_session(conn, :current_user_id) == nil
assert html_response(conn, 200) =~ "Enter your email and password"
end
test "bad password - renders login form again", %{conn: conn} do
user = insert(:user, password: "password")
conn = post(conn, "/login", email: user.email, password: "wrong")
assert get_session(conn, :current_user_id) == nil
assert html_response(conn, 200) =~ "Enter your email and password"
end
Rate limit login attempts to 5 per minute
2021-05-25 11:32:54 +03:00
test "limits login attempts to 5 per minute" do
user = insert(:user, password: "password")
build_conn()
|> put_req_header("x-forwarded-for", "1.1.1.1")
|> post("/login", email: user.email, password: "wrong")
build_conn()
|> put_req_header("x-forwarded-for", "1.1.1.1")
|> post("/login", email: user.email, password: "wrong")
build_conn()
|> put_req_header("x-forwarded-for", "1.1.1.1")
|> post("/login", email: user.email, password: "wrong")
build_conn()
|> put_req_header("x-forwarded-for", "1.1.1.1")
|> post("/login", email: user.email, password: "wrong")
build_conn()
|> put_req_header("x-forwarded-for", "1.1.1.1")
|> post("/login", email: user.email, password: "wrong")
conn =
build_conn()
|> put_req_header("x-forwarded-for", "1.1.1.1")
|> post("/login", email: user.email, password: "wrong")
assert get_session(conn, :current_user_id) == nil
assert html_response(conn, 429) =~ "Too many login attempts"
end
Initial commit
2019-09-02 14:29:19 +03:00
end
describe "GET /password/request-reset" do
test "renders the form", %{conn: conn} do
conn = get(conn, "/password/request-reset")
assert html_response(conn, 200) =~ "Enter your email so we can send a password reset link"
end
end
describe "POST /password/request-reset" do
test "email is empty - renders form with error", %{conn: conn} do
conn = post(conn, "/password/request-reset", %{email: ""})
assert html_response(conn, 200) =~ "Enter your email so we can send a password reset link"
end
test "email is present and exists - sends password reset email", %{conn: conn} do
Include tests for Captcha success/failure scenarios (#2344) * Include tests for Captcha success/failure scenarios * DRY
2022-10-17 14:16:59 +03:00
mock_captcha_success()
Initial commit
2019-09-02 14:29:19 +03:00
user = insert(:user)
conn = post(conn, "/password/request-reset", %{email: user.email})
assert html_response(conn, 200) =~ "Success!"
assert_email_delivered_with(subject: "Plausible password reset")
end
Include tests for Captcha success/failure scenarios (#2344) * Include tests for Captcha success/failure scenarios * DRY
2022-10-17 14:16:59 +03:00
test "renders captcha errors in case of captcha input verification failure", %{conn: conn} do
mock_captcha_failure()
user = insert(:user)
conn = post(conn, "/password/request-reset", %{email: user.email})
assert html_response(conn, 200) =~ "Please complete the captcha"
end
Initial commit
2019-09-02 14:29:19 +03:00
end
describe "GET /password/reset" do
test "with valid token - shows form", %{conn: conn} do
Implement better user password validation (#3344) * Add zxcvbn dependency * Change password length range requirement from 6-64 to 12-128 * Reimplement register form in LV * Implement server-side check for password strength * Add rudimentary strength meter * Make password input with strength a separate component and improve it * Fix existing tests to provide strong enough password * Apply formatting * Replace existing registration form with new one * Hide built-in label in `.input` component when none provided * Crop password to first 32 chars for analysis by zxcvbn * Add tests for new form components * Integrate hCaptcha into LV * Fix existing AuthController tests * Add tests for Live.RegisterForm * Hide strength meter when password input is empty * Randomize client IP in headers during tests to avoid hitting rate limit * Apply auxilliary formatting fixes to AuthController * Integrate registration from invitation into LV registration logic * Fix existing password set and reset forms * Make `password_length_hint` component more customizable * Optimize `Auth.User.set_password/2` * Remove unnecessary attribute from registration form * Move password set and reset forms to LV * Add tests for SetPasswordForm LV component * Add tests for password checks in `Auth.User` * Document code a bit * Implement simpler approach to hCaptcha integration * Update CHANGELOG.md * Improve consistency of color scheme * Introduce debounce across all text inputs in registration and password forms * Fix email input background in register form * Ensure only single error is rendered for empty password confirmation case * Remove `/password` form entirely in favor of preferred password reset * Remove unnecessary `router` option from `live_render` calls * Make expensive assigns in LV with `assign_new` (h/t @aerosol) * Accept passwords longer than 32 bytes uniformly as very strong * Avoid displaying blank error side by side with weak password error * Make register actions handle errors gracefully * Render only a single piece of feedback to reduce noise * Make register and password reset forms pw manager friendly (h/t @cnkk) * Move registration forms to live routes * Delete no longer used deadviews * Adjust registration form in accordance to changes in #3290 * Reintroduce dogfood page path for invitation form from #3290 * Use alternative approach to submitting plausible metrics from LV form * Rename metrics events and extend tests to account for them
2023-09-25 11:27:29 +03:00
user = insert(:user)
token = Plausible.Auth.Token.sign_password_reset(user.email)
Initial commit
2019-09-02 14:29:19 +03:00
conn = get(conn, "/password/reset", %{token: token})
assert html_response(conn, 200) =~ "Reset your password"
end
test "with invalid token - shows error page", %{conn: conn} do
conn = get(conn, "/password/reset", %{token: "blabla"})
assert html_response(conn, 401) =~ "Your token is invalid"
end
Handle missing or expired token in password reset action and LV gracefully (#3387) This change addresses two problems: * controller action crashing missing "token" param - it's handled gracefully now and will not pollute Sentry anymore with http://sentry.plausible.io/organizations/sentry/issues/4319 * LiveView receives email extracted from token on initial page load instead of reverifying token on every re-mount (which can happen when somebody leaves form open for an extended period of time; rare but happens and needlessly pollutes Sentry as well)
2023-10-02 16:11:59 +03:00
test "without token - shows error page", %{conn: conn} do
conn = get(conn, "/password/reset", %{})
assert html_response(conn, 401) =~ "Your token is invalid"
end
Initial commit
2019-09-02 14:29:19 +03:00
end
describe "POST /password/reset" do
Implement better user password validation (#3344) * Add zxcvbn dependency * Change password length range requirement from 6-64 to 12-128 * Reimplement register form in LV * Implement server-side check for password strength * Add rudimentary strength meter * Make password input with strength a separate component and improve it * Fix existing tests to provide strong enough password * Apply formatting * Replace existing registration form with new one * Hide built-in label in `.input` component when none provided * Crop password to first 32 chars for analysis by zxcvbn * Add tests for new form components * Integrate hCaptcha into LV * Fix existing AuthController tests * Add tests for Live.RegisterForm * Hide strength meter when password input is empty * Randomize client IP in headers during tests to avoid hitting rate limit * Apply auxilliary formatting fixes to AuthController * Integrate registration from invitation into LV registration logic * Fix existing password set and reset forms * Make `password_length_hint` component more customizable * Optimize `Auth.User.set_password/2` * Remove unnecessary attribute from registration form * Move password set and reset forms to LV * Add tests for SetPasswordForm LV component * Add tests for password checks in `Auth.User` * Document code a bit * Implement simpler approach to hCaptcha integration * Update CHANGELOG.md * Improve consistency of color scheme * Introduce debounce across all text inputs in registration and password forms * Fix email input background in register form * Ensure only single error is rendered for empty password confirmation case * Remove `/password` form entirely in favor of preferred password reset * Remove unnecessary `router` option from `live_render` calls * Make expensive assigns in LV with `assign_new` (h/t @aerosol) * Accept passwords longer than 32 bytes uniformly as very strong * Avoid displaying blank error side by side with weak password error * Make register actions handle errors gracefully * Render only a single piece of feedback to reduce noise * Make register and password reset forms pw manager friendly (h/t @cnkk) * Move registration forms to live routes * Delete no longer used deadviews * Adjust registration form in accordance to changes in #3290 * Reintroduce dogfood page path for invitation form from #3290 * Use alternative approach to submitting plausible metrics from LV form * Rename metrics events and extend tests to account for them
2023-09-25 11:27:29 +03:00
test "redirects the user to login and shows success message", %{conn: conn} do
Handle missing or expired token in password reset action and LV gracefully (#3387) This change addresses two problems: * controller action crashing missing "token" param - it's handled gracefully now and will not pollute Sentry anymore with http://sentry.plausible.io/organizations/sentry/issues/4319 * LiveView receives email extracted from token on initial page load instead of reverifying token on every re-mount (which can happen when somebody leaves form open for an extended period of time; rare but happens and needlessly pollutes Sentry as well)
2023-10-02 16:11:59 +03:00
conn = post(conn, "/password/reset", %{})
Use more path helpers
2021-10-26 11:59:14 +03:00
Upgrade phoenix (#2902) * upgrade phoenix Co-authored-by: Vini Brasil <vini@hey.com> * fix a test (flash message) The flash message in focus.html.eex was not covered by any test. This commit fixes also fixes that. * change function name * remove unnecessary formatter and format * update CI cache * fix dialyzer error --------- Co-authored-by: Vini Brasil <vini@hey.com>
2023-05-09 11:51:35 +03:00
assert location = "/login" = redirected_to(conn, 302)
conn = get(recycle(conn), location)
assert html_response(conn, 200) =~ "Password updated successfully"
Use more path helpers
2021-10-26 11:59:14 +03:00
end
Initial commit
2019-09-02 14:29:19 +03:00
end
describe "GET /settings" do
setup [:create_user, :log_in]
test "shows the form", %{conn: conn} do
conn = get(conn, "/settings")
assert html_response(conn, 200) =~ "Account settings"
end
Clarify subscription (#289) * Add billing interval to subscription page * Add test for subscription interval
2020-08-18 14:00:02 +03:00
test "shows subscription", %{conn: conn, user: user} do
insert(:subscription, paddle_plan_id: "558018", user: user)
conn = get(conn, "/settings")
assert html_response(conn, 200) =~ "10k pageviews"
assert html_response(conn, 200) =~ "monthly billing"
end
Refactor current plan data format to make changing it easier
2021-05-06 11:46:22 +03:00
test "shows yearly subscription", %{conn: conn, user: user} do
insert(:subscription, paddle_plan_id: "590752", user: user)
conn = get(conn, "/settings")
assert html_response(conn, 200) =~ "100k pageviews"
assert html_response(conn, 200) =~ "yearly billing"
end
test "shows free subscription", %{conn: conn, user: user} do
insert(:subscription, paddle_plan_id: "free_10k", user: user)
conn = get(conn, "/settings")
assert html_response(conn, 200) =~ "10k pageviews"
assert html_response(conn, 200) =~ "N/A billing"
end
added invoices section (#1511) * added invoices section * fixed formatting * UI and code style improvements, paddle sandbox setup only on dev environment (fixed)
2021-12-09 16:49:57 +03:00
Fix display
2022-03-29 13:38:35 +03:00
test "shows enterprise plan subscription", %{conn: conn, user: user} do
insert(:subscription, paddle_plan_id: "123", user: user)
insert(:enterprise_plan,
paddle_plan_id: "123",
user: user,
monthly_pageview_limit: 10_000_000,
billing_interval: :yearly
)
conn = get(conn, "/settings")
assert html_response(conn, 200) =~ "10M pageviews"
assert html_response(conn, 200) =~ "yearly billing"
end
test "shows current enterprise plan subscription when user has a new one to upgrade to", %{
conn: conn,
user: user
} do
insert(:subscription, paddle_plan_id: "123", user: user)
insert(:enterprise_plan,
paddle_plan_id: "123",
user: user,
monthly_pageview_limit: 10_000_000,
billing_interval: :yearly
)
insert(:enterprise_plan,
paddle_plan_id: "1234",
user: user,
monthly_pageview_limit: 20_000_000,
billing_interval: :yearly
)
conn = get(conn, "/settings")
assert html_response(conn, 200) =~ "10M pageviews"
assert html_response(conn, 200) =~ "yearly billing"
end
added invoices section (#1511) * added invoices section * fixed formatting * UI and code style improvements, paddle sandbox setup only on dev environment (fixed)
2021-12-09 16:49:57 +03:00
test "shows invoices for subscribed user", %{conn: conn, user: user} do
insert(:subscription,
paddle_plan_id: "558018",
paddle_subscription_id: "redundant",
user: user
)
conn = get(conn, "/settings")
assert html_response(conn, 200) =~ "Dec 24, 2020"
assert html_response(conn, 200) =~ "€11.11"
assert html_response(conn, 200) =~ "Nov 24, 2020"
assert html_response(conn, 200) =~ "$22.00"
end
test "shows 'something went wrong' on failed invoice request'", %{conn: conn, user: user} do
insert(:subscription,
paddle_plan_id: "558018",
paddle_subscription_id: "invalid_subscription_id",
user: user
)
conn = get(conn, "/settings")
assert html_response(conn, 200) =~ "Invoices"
assert html_response(conn, 200) =~ "Something went wrong"
end
test "does not show invoice section for a user with no subscription", %{conn: conn} do
conn = get(conn, "/settings")
do not show invoices for free subscription (#2249) * do not show invoices for free subscription * use refute instead of negative assert * changed to refute in the other test too
2022-09-22 23:25:24 +03:00
refute html_response(conn, 200) =~ "Invoices"
end
test "does not show invoice section for a free subscription", %{conn: conn, user: user} do
Plausible.Billing.Subscription.free(%{user_id: user.id, currency_code: "EUR"})
|> Repo.insert!()
conn = get(conn, "/settings")
refute html_response(conn, 200) =~ "Invoices"
added invoices section (#1511) * added invoices section * fixed formatting * UI and code style improvements, paddle sandbox setup only on dev environment (fixed)
2021-12-09 16:49:57 +03:00
end
Initial commit
2019-09-02 14:29:19 +03:00
end
Authentication updates (#54) * Use separate cookie for shared link auth * Remove CSRF protection from login and register pages * Add AuthorizeStats Plug * Fix tests
2020-04-14 14:04:35 +03:00
describe "PUT /settings" do
setup [:create_user, :log_in]
test "updates user record", %{conn: conn, user: user} do
Formatting only changes - No code change (#75) * first commit with test and compile job Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding 'prepare' stage Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * updated ci script to include "test" compile phase Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding environment variables for connecting to postgresql Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * updated ci config for postgres Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * using non-alpine version of elixir Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * re-using the 'compile' artifacts and added explict env variables for testing Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * removing redundant deps fetching from common code Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * formatting using mix.format -- beware no-code changes! Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * added release config Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding consistent env variable for Database Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * more cleaning up of environment variables Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Adding releases config for enabling releases Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * cleaning up env configs Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Cleaned up config and prepared config for releases Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * updated CI script with new config for test Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Added Dockerfile for creating production docker image Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Adding "docker" build job yay! Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * using non-slim version of debian and installing webpack Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Adding overlays for migrations on releases Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * restricting the docker built to master branch only Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * typo fix Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding "Hosting.md" to explain hosting instructions Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * removed the default comments Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Added documentation related to env variables * updated documentation and fixed typo Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * updated documentation * Bumping up elixir version as `overlays` are only supported in latest version read release notes: https://github.com/elixir-lang/elixir/releases/tag/v1.10.0 Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Adding tarball assembly during release Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * updated HOSTING.md Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Added support for db migration Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * minor corrections Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * initializing admin user Admin user has been added in the "migration" phase. A default user is automatically created in the process. One can provide the related env variables, else a new one will be automatically created for you. Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Initial base domain update - phase#1 These changes are only meant for correct operating it under self-hosting. There are many other cosmetic changes, that require updates to email, site and other places where the original website and author is used. Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Using dedicated config variable `base_domain` instead Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding base_domain to releases config Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * removing the dedicated config "base_domain", relying on endpoint host Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Removed the usage of "Mix" in code! It is bad practice to use "mix" module inside the code as in actual release this module is unavailable. Replacing this with a config environment variable Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Added support for SMTP via Bamboo Smtp Adapter Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Capturing SMTP errors via Sentry Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Minor updates Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Adding junit formatter -- useful for generating test reports Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding documentation for default user * Resolve "Gitlab Adoption: Add supported services in "Security & Compliance"" * bumping up the debian version to fix issues fixing some vulnerabilities identified by the scanning tools * More updates for self-hosting Changes in most of the places to suit self-hosting. Although, there are some which have been left-off. Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * quick-dirty-fix! * bumping up the db connect timeout Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * bumping up the db connect timeout Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * bumping up the db connect timeout Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * bumping up timeout - skipping MRs :-/ * removing restrictions on watching for changes this stuff isn't working * Update HOSTING.md * renamed the module name * reverting formatting-whitespace changes Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * reverting the name to release Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding docker-compose.yml and related instructions Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * using `plausible_url` instead of assuming `https` this is because, it is much to test in local dev machines and in most cases there's already a layer above which is capable for `https` termination and http -> https upgrade Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * WIP: merging changes from upstream Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * wip: more changes * Pushing in changes from upstream Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * changes to ci for testing Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * cleaning up and finishing clickhouse integration Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * updating readme with hosting details * removing deleted files from upstream * minor config adjustments Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * formatting changes Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
2020-06-08 10:35:13 +03:00
put(conn, "/settings", %{"user" => %{"name" => "New name"}})
Authentication updates (#54) * Use separate cookie for shared link auth * Remove CSRF protection from login and register pages * Add AuthorizeStats Plug * Fix tests
2020-04-14 14:04:35 +03:00
user = Plausible.Repo.get(Plausible.Auth.User, user.id)
assert user.name == "New name"
end
Use more path helpers
2021-10-26 11:59:14 +03:00
Improve forms (#3380) * Make client-facing user changesets accept only editable fields * Add controller test
2023-09-28 12:44:39 +03:00
test "does not allow setting non-profile fields", %{conn: conn, user: user} do
expiry_date = user.trial_expiry_date
assert %Date{} = expiry_date
put(conn, "/settings", %{
"user" => %{"name" => "New name", "trial_expiry_date" => "2023-07-14"}
})
assert Repo.reload!(user).trial_expiry_date == expiry_date
end
Use more path helpers
2021-10-26 11:59:14 +03:00
test "redirects user to /settings", %{conn: conn} do
conn = put(conn, "/settings", %{"user" => %{"name" => "New name"}})
assert redirected_to(conn, 302) == "/settings"
end
[Sentry APP-5B] Ensure form errors can be rendered on /settings (#2278) * Ensure form errors can be rendered on /settings * Changelog
2022-09-28 14:56:07 +03:00
Improve user input validation (#2291) * Make pagination params parsing ignore bad input * Remove unused binding * Don't crash on filter parse error * Sanitize input date on internal stats API * Revert Query module changes (ref 55645734) * Implement simplistic input date validation in stats controller * Mute bad request logging
2022-10-11 15:42:14 +03:00
test "renders form with error if form validations fail", %{conn: conn} do
[Sentry APP-5B] Ensure form errors can be rendered on /settings (#2278) * Ensure form errors can be rendered on /settings * Changelog
2022-09-28 14:56:07 +03:00
conn = put(conn, "/settings", %{"user" => %{"name" => ""}})
assert html_response(conn, 200) =~ "can&#39;t be blank"
end
Authentication updates (#54) * Use separate cookie for shared link auth * Remove CSRF protection from login and register pages * Add AuthorizeStats Plug * Fix tests
2020-04-14 14:04:35 +03:00
end
Initial commit
2019-09-02 14:29:19 +03:00
describe "DELETE /me" do
Fix tests
2021-11-26 17:40:39 +03:00
setup [:create_user, :log_in, :create_new_site]
Initial commit
2019-09-02 14:29:19 +03:00
use Plausible.Repo
Cascade google auth deletion
2020-01-06 12:08:36 +03:00
test "deletes the user", %{conn: conn, user: user, site: site} do
Formatting only changes - No code change (#75) * first commit with test and compile job Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding 'prepare' stage Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * updated ci script to include "test" compile phase Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding environment variables for connecting to postgresql Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * updated ci config for postgres Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * using non-alpine version of elixir Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * re-using the 'compile' artifacts and added explict env variables for testing Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * removing redundant deps fetching from common code Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * formatting using mix.format -- beware no-code changes! Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * added release config Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding consistent env variable for Database Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * more cleaning up of environment variables Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Adding releases config for enabling releases Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * cleaning up env configs Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Cleaned up config and prepared config for releases Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * updated CI script with new config for test Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Added Dockerfile for creating production docker image Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Adding "docker" build job yay! Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * using non-slim version of debian and installing webpack Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Adding overlays for migrations on releases Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * restricting the docker built to master branch only Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * typo fix Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding "Hosting.md" to explain hosting instructions Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * removed the default comments Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Added documentation related to env variables * updated documentation and fixed typo Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * updated documentation * Bumping up elixir version as `overlays` are only supported in latest version read release notes: https://github.com/elixir-lang/elixir/releases/tag/v1.10.0 Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Adding tarball assembly during release Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * updated HOSTING.md Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Added support for db migration Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * minor corrections Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * initializing admin user Admin user has been added in the "migration" phase. A default user is automatically created in the process. One can provide the related env variables, else a new one will be automatically created for you. Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Initial base domain update - phase#1 These changes are only meant for correct operating it under self-hosting. There are many other cosmetic changes, that require updates to email, site and other places where the original website and author is used. Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Using dedicated config variable `base_domain` instead Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding base_domain to releases config Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * removing the dedicated config "base_domain", relying on endpoint host Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Removed the usage of "Mix" in code! It is bad practice to use "mix" module inside the code as in actual release this module is unavailable. Replacing this with a config environment variable Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Added support for SMTP via Bamboo Smtp Adapter Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Capturing SMTP errors via Sentry Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Minor updates Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * Adding junit formatter -- useful for generating test reports Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding documentation for default user * Resolve "Gitlab Adoption: Add supported services in "Security & Compliance"" * bumping up the debian version to fix issues fixing some vulnerabilities identified by the scanning tools * More updates for self-hosting Changes in most of the places to suit self-hosting. Although, there are some which have been left-off. Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * quick-dirty-fix! * bumping up the db connect timeout Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * bumping up the db connect timeout Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * bumping up the db connect timeout Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * bumping up timeout - skipping MRs :-/ * removing restrictions on watching for changes this stuff isn't working * Update HOSTING.md * renamed the module name * reverting formatting-whitespace changes Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * reverting the name to release Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * adding docker-compose.yml and related instructions Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * using `plausible_url` instead of assuming `https` this is because, it is much to test in local dev machines and in most cases there's already a layer above which is capable for `https` termination and http -> https upgrade Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * WIP: merging changes from upstream Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * wip: more changes * Pushing in changes from upstream Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * changes to ci for testing Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * cleaning up and finishing clickhouse integration Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * updating readme with hosting details * removing deleted files from upstream * minor config adjustments Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me> * formatting changes Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
2020-06-08 10:35:13 +03:00
Repo.insert_all("intro_emails", [
%{
user_id: user.id,
timestamp: NaiveDateTime.utc_now()
}
])
Repo.insert_all("feedback_emails", [
%{
user_id: user.id,
timestamp: NaiveDateTime.utc_now()
}
])
Initial commit
2019-09-02 14:29:19 +03:00
Fix user deletion
2020-12-30 12:00:37 +03:00
Repo.insert_all("create_site_emails", [
%{
user_id: user.id,
timestamp: NaiveDateTime.utc_now()
}
])
Repo.insert_all("check_stats_emails", [
%{
user_id: user.id,
Cascade delete sent_renewal_notifications table when user is deleted (#2549) * Cascade delete sent_renewal_notifications table when user is deleted This commit fixes a bug when deleting a user would trigger a constraint error. * Update CHANGELOG.md
2023-01-02 17:46:18 +03:00
timestamp: NaiveDateTime.utc_now()
}
])
Repo.insert_all("sent_renewal_notifications", [
%{
user_id: user.id,
Fix user deletion
2020-12-30 12:00:37 +03:00
timestamp: NaiveDateTime.utc_now()
}
])
Cascade google auth deletion
2020-01-06 12:08:36 +03:00
insert(:google_auth, site: site, user: user)
Delete user subscription when deleting the user
2020-01-29 17:00:18 +03:00
insert(:subscription, user: user, status: "deleted")
[pg migration] Delete account with multiple subscriptions (#3220) * Migrate user deletion So that subscriptions, google * Make CRM deletion functional * Preload subscriptions in an uniform manner
2023-08-02 14:45:49 +03:00
insert(:subscription, user: user, status: "active")
Cascade google auth deletion
2020-01-06 12:08:36 +03:00
Initial commit
2019-09-02 14:29:19 +03:00
conn = delete(conn, "/me")
assert redirected_to(conn) == "/"
Wrap user deletion in DB transaction (#2964)
2023-05-24 14:23:23 +03:00
assert Repo.reload(site) == nil
assert Repo.reload(user) == nil
[pg migration] Delete account with multiple subscriptions (#3220) * Migrate user deletion So that subscriptions, google * Make CRM deletion functional * Preload subscriptions in an uniform manner
2023-08-02 14:45:49 +03:00
assert Repo.all(Plausible.Billing.Subscription) == []
Initial commit
2019-09-02 14:29:19 +03:00
end
Do not cascade user deletion to sites they do now own
2021-09-08 11:09:58 +03:00
test "deletes sites that the user owns", %{conn: conn, user: user, site: owner_site} do
viewer_site = insert(:site)
insert(:site_membership, site: viewer_site, user: user, role: "viewer")
delete(conn, "/me")
assert Repo.get(Plausible.Site, viewer_site.id)
refute Repo.get(Plausible.Site, owner_site.id)
end
Initial commit
2019-09-02 14:29:19 +03:00
end
Auth updates
2022-08-05 10:24:24 +03:00
describe "POST /settings/api-keys" do
setup [:create_user, :log_in]
import Ecto.Query
Add unique constraint to api keys (#2931) * Add unique constraint to api keys * Fix test * Remove `user_id` from api key index
2023-05-23 11:37:58 +03:00
test "can create an API key", %{conn: conn, user: user} do
site = insert(:site)
insert(:site_membership, site: site, user: user, role: "owner")
conn =
post(conn, "/settings/api-keys", %{
"api_key" => %{
"user_id" => user.id,
"name" => "all your code are belong to us",
"key" => "swordfish"
}
})
key = Plausible.Auth.ApiKey |> where(user_id: ^user.id) |> Repo.one()
assert conn.status == 302
assert key.name == "all your code are belong to us"
end
test "cannot create a duplicate API key", %{conn: conn, user: user} do
site = insert(:site)
insert(:site_membership, site: site, user: user, role: "owner")
conn =
post(conn, "/settings/api-keys", %{
"api_key" => %{
"user_id" => user.id,
"name" => "all your code are belong to us",
"key" => "swordfish"
}
})
conn2 =
post(conn, "/settings/api-keys", %{
"api_key" => %{
"user_id" => user.id,
"name" => "all your code are belong to us",
"key" => "swordfish"
}
})
assert html_response(conn2, 200) =~ "has already been taken"
end
Auth updates
2022-08-05 10:24:24 +03:00
test "can't create api key into another site", %{conn: conn, user: me} do
my_site = insert(:site)
insert(:site_membership, site: my_site, user: me, role: "owner")
other_user = insert(:user)
other_site = insert(:site)
insert(:site_membership, site: other_site, user: other_user, role: "owner")
conn =
post(conn, "/settings/api-keys", %{
"api_key" => %{
"user_id" => other_user.id,
"name" => "all your code are belong to us",
"key" => "swordfish"
}
})
assert conn.status == 302
refute Plausible.Auth.ApiKey |> where(user_id: ^other_user.id) |> Repo.one()
end
end
describe "DELETE /settings/api-keys/:id" do
setup [:create_user, :log_in]
alias Plausible.Auth.ApiKey
test "can't delete api key that doesn't belong to me", %{conn: conn} do
other_user = insert(:user)
insert(:site_membership, site: insert(:site), user: other_user, role: "owner")
assert {:ok, %ApiKey{} = api_key} =
%ApiKey{user_id: other_user.id}
|> ApiKey.changeset(%{"name" => "other user's key"})
|> Repo.insert()
assert_raise Ecto.NoResultsError, fn ->
delete(conn, "/settings/api-keys/#{api_key.id}")
end
assert Repo.get(ApiKey, api_key.id)
end
end
Include tests for Captcha success/failure scenarios (#2344) * Include tests for Captcha success/failure scenarios * DRY
2022-10-17 14:16:59 +03:00
Handle GA authentication errors (#2505)
2022-12-08 05:32:14 +03:00
describe "GET /auth/google/callback" do
test "shows error and redirects back to settings when authentication fails", %{conn: conn} do
site = insert(:site)
callback_params = %{"error" => "access_denied", "state" => "[#{site.id},\"import\"]"}
conn = get(conn, Routes.auth_path(conn, :google_auth_callback), callback_params)
assert redirected_to(conn, 302) == Routes.site_path(conn, :settings_general, site.domain)
Upgrade phoenix (#2902) * upgrade phoenix Co-authored-by: Vini Brasil <vini@hey.com> * fix a test (flash message) The flash message in focus.html.eex was not covered by any test. This commit fixes also fixes that. * change function name * remove unnecessary formatter and format * update CI cache * fix dialyzer error --------- Co-authored-by: Vini Brasil <vini@hey.com>
2023-05-09 11:51:35 +03:00
assert Phoenix.Flash.get(conn.assigns.flash, :error) =~
"unable to authenticate your Google Analytics"
Handle GA authentication errors (#2505)
2022-12-08 05:32:14 +03:00
end
end
Include tests for Captcha success/failure scenarios (#2344) * Include tests for Captcha success/failure scenarios * DRY
2022-10-17 14:16:59 +03:00
defp mock_captcha_success() do
mock_captcha(true)
end
defp mock_captcha_failure() do
mock_captcha(false)
end
defp mock_captcha(success) do
expect(
Plausible.HTTPClient.Mock,
:post,
fn _, _, _ ->
{:ok,
%Finch.Response{
status: 200,
headers: [{"content-type", "application/json"}],
body: %{"success" => success}
}}
end
)
end
Initial commit
2019-09-02 14:29:19 +03:00
end
Reference in New Issue Copy Permalink