Move destroy confirmation logic from model to controllerwinh-delete-account-modal

1 files changed, 22 insertions, 102 deletions

diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index caace9a7d1d..995211845ce 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -2284,127 +2284,47 @@ describe User do
   end
 
   describe '#confirm_deletion_with_password?' do
-    let(:user) { create(:user) }
-
-    subject { user.confirm_deletion_with_password? }
+    where(
+      password_automatically_set: [true, false],
+      ldap_user: [true, false],
+      password_authentication_disabled: [true, false]
+    )
 
-    context 'with password authentication enabled' do
-      before do
-        allow(user).to receive(:allow_password_authentication?).once.and_return(true)
-      end
-
-      context 'with password automatically set' do
-        before do
-          allow(user).to receive(:password_automatically_set?).once.and_return(true)
-        end
+    with_them do
+      let!(:user) { create(:user, password_automatically_set: password_automatically_set) }
+      let!(:identity) { create(:identity, user: user) if ldap_user }
 
-        it { is_expected.to be false }
-      end
-
-      context 'with password automatically set' do
-        before do
-          allow(user).to receive(:password_automatically_set?).once.and_return(false)
-        end
-
-        it { is_expected.to be true }
-      end
-    end
+      # Only confirm deletion with password if all inputs are false
+      let(:expected) { !(password_automatically_set || ldap_user || password_authentication_disabled) }
 
-    context 'with password authentication disabled' do
       before do
-        allow(user).to receive(:allow_password_authentication?).once.and_return(false)
+        stub_application_setting(password_authentication_enabled: !password_authentication_disabled)
       end
 
-      context 'with password automatically set' do
-        before do
-          allow(user).to receive(:password_automatically_set?).once.and_return(true)
-        end
-
-        it { is_expected.to be false }
-      end
-
-      context 'with password automatically set' do
-        before do
-          allow(user).to receive(:password_automatically_set?).once.and_return(false)
-        end
-
-        it { is_expected.to be false }
+      it 'returns false unless all inputs are true' do
+        expect(user.confirm_deletion_with_password?).to eq(expected)
       end
     end
   end
 
   describe '#delete_async' do
     let(:user) { create(:user) }
-    let(:deleted_by) { user }
-    let(:params) { {} }
-    let(:confirmation_params) { { password: 'top secret' } }
+    let(:deleted_by) { create(:user) }
 
-    subject { user.delete_async(deleted_by: deleted_by, params: params, confirmation_params: confirmation_params) }
+    it 'blocks the user then schedules them for deletion if a hard delete is specified' do
+      expect(DeleteUserWorker).to receive(:perform_async).with(deleted_by.id, user.id, hard_delete: true)
 
-    context 'when triggered by same user' do
-      context 'with password confirmation' do
-        before do
-          expect(user).to receive(:confirm_deletion_with_password?).once.and_return(true)
-        end
+      user.delete_async(deleted_by: deleted_by, params: { hard_delete: true })
 
-        context 'with invalid password' do
-          before do
-            expect(user).to receive(:valid_password?).once.and_return(false)
-          end
-
-          it 'raises DeletionNotConfirmedError' do
-            expect { subject }.to raise_error(User::DeletionNotConfirmedError)
-          end
-        end
-
-        context 'with valid password' do
-          before do
-            expect(user).to receive(:valid_password?).once.with(confirmation_params[:password]).and_return(true)
-          end
-
-          it 'schedules user for deletion' do
-            expect(DeleteUserWorker).to receive(:perform_async).with(user.id, user.id, params)
-
-            subject
-          end
-        end
-      end
-
-      context 'without password confirmation' do
-        before do
-          expect(user).to receive(:confirm_deletion_with_password?).once.and_return(false)
-          expect(user).not_to receive(:valid_password?)
-        end
-
-        context 'with invalid username confirmation' do
-          let(:confirmation_params) { { username: "Ceci n'est pas une username" } }
-
-          it 'raises DeletionNotConfirmedError' do
-            expect { subject }.to raise_error(User::DeletionNotConfirmedError)
-          end
-        end
-
-        context 'with valid username confirmation' do
-          let(:confirmation_params) { { username: user.username } }
-
-          it 'schedules user for deletion' do
-            expect(DeleteUserWorker).to receive(:perform_async).with(user.id, user.id, params)
-
-            subject
-          end
-        end
-      end
+      expect(user).to be_blocked
     end
 
-    context 'when triggered by other user' do
-      let(:deleted_by) { create(:user) }
+    it 'schedules user for deletion without blocking them' do
+      expect(DeleteUserWorker).to receive(:perform_async).with(deleted_by.id, user.id, {})
 
-      it 'schedules user for deletion' do
-        expect(user).not_to receive(:confirm_deletion_with_password?)
-        expect(DeleteUserWorker).to receive(:perform_async).with(deleted_by.id, user.id, params)
+      user.delete_async(deleted_by: deleted_by)
 
-        subject
-      end
+      expect(user).not_to be_blocked
     end
   end
 end