From d2f27667da610ee5e95cf8dfade5500941ce2e4a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=20Bol=C3=ADvar?= <francisco.bolivar@nazaries.com>
Date: Wed, 9 Aug 2023 18:03:35 +0200
Subject: [PATCH] Raise exception in `UserTimelineController` if no user with
 the nickname provided (#11465)

* Raise exception in timeline controller if no user with the nickname provided

* Update decidim-core/app/controllers/decidim/user_timeline_controller.rb

Co-authored-by: Alexandru Emil Lupu <contact@alecslupu.ro>

---------

Co-authored-by: Alexandru Emil Lupu <contact@alecslupu.ro>
---
 .../decidim/user_timeline_controller.rb       |  2 +-
 .../decidim/user_timeline_controller_spec.rb  | 45 ++++++++++++++-----
 2 files changed, 36 insertions(+), 11 deletions(-)

diff --git a/decidim-core/app/controllers/decidim/user_timeline_controller.rb b/decidim-core/app/controllers/decidim/user_timeline_controller.rb
index 9b24a0490d7ca..5100ce3d9ee97 100644
--- a/decidim-core/app/controllers/decidim/user_timeline_controller.rb
+++ b/decidim-core/app/controllers/decidim/user_timeline_controller.rb
@@ -12,7 +12,7 @@ class UserTimelineController < Decidim::ApplicationController
     helper_method :activities, :resource_types, :user
 
     def index
-      raise ActionController::RoutingError, "Not Found" if current_user != user
+      raise ActionController::RoutingError, "Not Found" unless user && current_user == user
     end
 
     private
diff --git a/decidim-core/spec/controllers/decidim/user_timeline_controller_spec.rb b/decidim-core/spec/controllers/decidim/user_timeline_controller_spec.rb
index 4a14279010298..ab3d24268f18b 100644
--- a/decidim-core/spec/controllers/decidim/user_timeline_controller_spec.rb
+++ b/decidim-core/spec/controllers/decidim/user_timeline_controller_spec.rb
@@ -4,29 +4,54 @@
 
 module Decidim
   describe UserTimelineController, type: :controller do
+    subject { get :index, params: { nickname: nickname } }
+
     routes { Decidim::Core::Engine.routes }
 
     let(:organization) { create(:organization) }
     let!(:user) { create(:user, :confirmed, nickname: "Nick", organization: organization) }
+    let(:nickname) { "foobar" }
 
     before do
       request.env["decidim.current_organization"] = organization
-      sign_in user
+    end
+
+    shared_examples_for "a not found page" do
+      it "raises an ActionController::RoutingError" do
+        expect { subject }.to raise_error(ActionController::RoutingError, "Not Found")
+      end
     end
 
     describe "#index" do
-      context "with a different user than me" do
-        it "raises an ActionController::RoutingError" do
-          expect do
-            get :index, params: { nickname: "foobar" }
-          end.to raise_error(ActionController::RoutingError, "Not Found")
+      context "with the user logged in" do
+        before do
+          sign_in user
+        end
+
+        context "with a different user than me" do
+          it_behaves_like "a not found page"
+        end
+
+        context "with my user with uppercase" do
+          let(:nickname) { user.nickname.upcase }
+
+          it "returns the lowercased user" do
+            subject
+
+            expect(response).to render_template(:index)
+          end
         end
       end
 
-      context "with my user with uppercase" do
-        it "returns the lowercased user" do
-          get :index, params: { nickname: "NICK" }
-          expect(response).to render_template(:index)
+      context "without the user logged in" do
+        context "with a non existing user" do
+          it_behaves_like "a not found page"
+        end
+
+        context "with my user with uppercase" do
+          let(:nickname) { user.nickname.upcase }
+
+          it_behaves_like "a not found page"
         end
       end
     end