From 03b60184a089fd212370891447248c0619b0a829 Mon Sep 17 00:00:00 2001
From: Pau Perez <saulopefa@gmail.com>
Date: Thu, 1 Apr 2021 18:59:00 +0200
Subject: [PATCH] Test authorization validation

---
 .../authorize_user_spec.rb                    | 39 +++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/spec/lib/decidim/direct_verifications/authorize_user_spec.rb b/spec/lib/decidim/direct_verifications/authorize_user_spec.rb
index 6a8d983..37f9dd4 100644
--- a/spec/lib/decidim/direct_verifications/authorize_user_spec.rb
+++ b/spec/lib/decidim/direct_verifications/authorize_user_spec.rb
@@ -8,6 +8,8 @@ module DirectVerifications
       subject { described_class.new(email, data, session, organization, instrumenter) }
 
       describe "#call" do
+        let(:data) { user.name }
+
         context "when authorizing confirmed users" do
           let(:organization) { build(:organization) }
           let(:user) { create(:user, organization: organization) }
@@ -45,6 +47,43 @@ module DirectVerifications
             end
           end
 
+          context "when the authorization already exists" do
+            context "when the authorization is not granted" do
+              let!(:authorization) { create(:authorization, :pending, user: user, name: :direct_verifications) }
+
+              it "authorizes the user" do
+                expect(Verification::ConfirmUserAuthorization).to receive(:call)
+                subject.call
+              end
+            end
+
+            context "when the authorization is already granted and expired" do
+              let!(:authorization) { create(:authorization, :granted, user: user, name: :direct_verifications) }
+
+              before do
+                allow_any_instance_of(Authorization).to receive(:expired?) { true }
+              end
+
+              it "does not authorize the user" do
+                expect(Verification::ConfirmUserAuthorization).to receive(:call)
+                subject.call
+              end
+            end
+
+            context "when the authorization is already granted and not expired" do
+              let!(:authorization) { create(:authorization, :granted, user: user, name: :direct_verifications) }
+
+              before do
+                allow_any_instance_of(Authorization).to receive(:expired?) { false }
+              end
+
+              it "does not authorize the user" do
+                expect(Verification::ConfirmUserAuthorization).not_to receive(:call)
+                subject.call
+              end
+            end
+          end
+
           context "when the user fails to be authorized" do
             let(:form) { instance_double(Verification::DirectVerificationsForm, valid?: false) }
             let(:data) { user.name }