extra user controller specs

app/controllers/ui/users_controller.rb

@@ -1,6 +1,7 @@
 module Ui
   class UsersController < ApplicationController
     include SharedControllerMethods
+
     def index
       @title = I18n.t(:users_index_title)
     end
@@ -15,6 +16,29 @@ def new
       @user = User.new
     end
 
+    def create
+      if current_user
+        flash[:alert] = I18n.t(:new_user_not_allowed_for_logged_in_users)
+        redirect_to ui_users_path
+        return
+      end
+      @user = User.new(params.require(:user).permit(
+        :username,
+        :email,
+        :password,
+        :password_confirmation,
+        :ts_and_cs,
+      ))
+      if @user.valid?
+        @user.save
+        session[:user_id] = @user.id
+        flash[:success] = I18n.t(:new_user_success)
+        redirect_to ui_users_path
+      else
+        flash[:alert] = I18n.t(:new_user_failure)
+        render :new, status: :unprocessable_entity
+      end
+    end
     def delete
       @user = User.find(params[:id])
       unless authorize? @user, :destroy?
@@ -45,29 +69,5 @@ def destroy
     def post_delete
       @title = I18n.t(:post_delete_user_title)
     end
-
-    def create
-      if current_user
-        flash[:alert] = I18n.t(:new_user_not_allowed_for_logged_in_users)
-        redirect_to ui_users_path
-        return
-      end
-      @user = User.new(params.require(:user).permit(
-        :username,
-        :email,
-        :password,
-        :password_confirmation,
-        :ts_and_cs,
-      ))
-      if @user.valid?
-        @user.save
-        session[:user_id] = @user.id
-        flash[:success] = I18n.t(:new_user_success)
-        redirect_to ui_users_path
-      else
-        flash[:alert] = I18n.t(:new_user_failure)
-        render :new, status: :unprocessable_entity
-      end
-    end
   end
 end

spec/controllers/ui/users_controller_spec.rb

@@ -4,6 +4,84 @@
 
   let(:user) { create(:user) }
 
+  describe "index" do
+    it "renders the template" do
+        get :index
+        expect(response).to have_http_status(:success)
+        expect(response).to render_template(:index)
+    end
+  end
+
+  describe "new" do
+    context "when no user is logged in" do
+      it "renders the new user form" do
+        get :new
+        expect(response).to have_http_status(:success)
+        expect(response).to render_template(:new)
+      end
+    end
+
+    context "when a user is logged in" do
+      it "displays an error message and redirects to the ui users path" do
+        get :new, session: { user_id: user.id }
+        expect(response).to redirect_to(ui_users_path)
+        expect(flash[:alert]).to be_present
+      end
+    end
+  end
+
+  describe "create" do
+    let(:user_params) {
+      {
+        username: "test_user",
+        email: "test@example.com",
+        password: "password123",
+        password_confirmation: "password123",
+        ts_and_cs: "1"
+      }
+    }
+    context "when a user is logged in" do
+      it "displays an error message and redirects to the ui users path, without creating a user" do
+        expect_any_instance_of(User).not_to receive(:save)
+        post :create, params: { user: user_params }, session: { user_id: user.id }
+        expect(response).to redirect_to(ui_users_path)
+        expect(flash[:alert]).to be_present
+      end
+    end
+
+    context "when no user is logged in" do
+      context "when the parameters provided are valid" do
+        it "creates a user, logs them in, and redirects to the ui user path" do
+          expect_any_instance_of(User).to receive(:save)
+          post :create, params: { user: user_params }, session: { user_id: nil }
+          expect(response).to redirect_to(ui_users_path)
+          expect(flash[:success]).to be_present
+        end
+      end
+
+      context "when the parameters provided are not valid" do
+        let(:user_params) {
+          {
+            username: "test_user",
+            email: "test_example.com",
+            password: "password123",
+            password_confirmation: "anotherpassword",
+            ts_and_cs: nil
+          }
+        }
+
+        it "does not create a user, and renders the new user page" do
+          expect_any_instance_of(User).not_to receive(:save)
+          post :create, params: { user: user_params }, session: { user_id: nil }
+          expect(response).to have_http_status(:unprocessable_entity)
+          expect(response).to render_template(:new)
+          expect(flash[:alert]).to be_present
+        end
+      end
+    end
+  end
+
+
   describe "delete" do
     context "when the correct user is logged in" do
       it "displays the delete user form" do

spec/features/user_management_spec.rb

@@ -140,28 +140,4 @@
       expect(device.reload).to be_archived
     end
   end
-
-  scenario "An unauthorized user tries to delete an account that isn't theirs" do
-    password = "password123"
-    username = "username"
-    evil_username = ""
-    user = create(:user, username: username)
-    evil_user = create(:user, username: evil_username, password: password, password_confirmation: password)
-    devices = 2.times.map { create(:device, owner: user) }
-    visit "/login"
-    fill_in "Username or email", with: evil_username
-    fill_in "Password", with: password
-    click_on "Sign into your account"
-    expect(page).to have_current_path(ui_users_path)
-    visit ""
-    expect(page).to have_current_path(delete_ui_user_path(user.id))
-    fill_in "To confirm, type your username below:", with: username
-    click_on "I understand, delete my account"
-    expect(page).to have_current_path(post_delete_ui_users_path)
-    expect(page).to have_content("We are sorry to see you go!")
-    expect(user.reload).to be_archived
-    devices.each do |device|
-      expect(device.reload).to be_archived
-    end
-  end
 end