Merge pull request #5268 from manyfold3d/allow-saving-invalid-user-tour-state

Allow saving tour state without validation

Author: Floppy

app/models/user.rb

@@ -12,7 +12,7 @@ class User < ApplicationRecord
   has_many :creators, -> { where("caber_relations.permission": "own") }, through: :caber_relations, source_type: "Creator", source: :object
   accepts_nested_attributes_for :creators
 
-  before_validation :set_json_field_defaults, on: :create
+  before_validation :set_json_field_defaults
   before_save :set_quota
 
   acts_as_federails_actor(
@@ -29,22 +29,22 @@ class User < ApplicationRecord
 
   devise :omniauthable, omniauth_providers: %i[openid_connect] if SiteSettings.oidc_enabled?
 
-  validates :username, multimodel_uniqueness: {punctuation_sensitive: false, case_sensitive: false, check: FederailsCommon::FEDIVERSE_USERNAMES}
-
-  validates :username,
-    presence: true,
-    uniqueness: {case_sensitive: false},
-    format: {with: /\A[[:alnum:].\-_;]+\z/}
-
-  validates :email,
-    presence: true,
-    uniqueness: {case_sensitive: false},
-    format: {with: URI::MailTo::EMAIL_REGEXP}
-
-  validates :password,
-    presence: true,
-    confirmation: true,
-    if: :password_required?
+  # Reduce validations if only safe settings are being changed
+  with_options unless: :only_settings_changed? do
+    validates :username,
+      presence: true,
+      uniqueness: {case_sensitive: false},
+      format: {with: /\A[[:alnum:].\-_;]+\z/},
+      multimodel_uniqueness: {punctuation_sensitive: false, case_sensitive: false, check: FederailsCommon::FEDIVERSE_USERNAMES}
+    validates :email,
+      presence: true,
+      uniqueness: {case_sensitive: false},
+      format: {with: URI::MailTo::EMAIL_REGEXP}
+    validates :password,
+      presence: true,
+      confirmation: true,
+      if: :password_required?
+  end
 
   after_create :assign_default_role
 
@@ -234,4 +234,12 @@ def set_json_field_defaults
     self.file_list_settings ||= SiteSettings::UserDefaults::FILE_LIST
     self.tour_state ||= DEFAULT_TOUR_STATE
   end
+
+  def only_settings_changed?
+    return false unless changed?
+    settings_attributes = [
+      "tour_state"
+    ].freeze
+    (changed - settings_attributes).empty?
+  end
 end

spec/requests/users/registrations_spec.rb

@@ -452,5 +452,30 @@
       patch "/users", params: completion_params, as: :json
       expect(User.first.tour_state["completed"]).to include("new-item", "old-item")
     end
+
+    context "with an invalid user" do # rubocop:disable RSpec/MultipleMemoizedHelpers
+      let(:user) { create(:contributor) }
+      let(:creator) { create(:creator) }
+
+      before do
+        sign_in user
+        user.username = "@@@"
+        user.save validate: false
+      end
+
+      it "has an invalid user" do
+        expect(user).not_to be_valid
+      end
+
+      it "doesn't validate if only saving tour state or other settings" do
+        patch "/users", params: completion_params, as: :json
+        expect(response).to have_http_status :success
+      end
+
+      it "validates if important data is also entered" do
+        patch "/users", params: {user: {email: "[email protected]", tour_state: {completed: {add: ["new-item"]}}}}, as: :json
+        expect(response).to have_http_status :unprocessable_content
+      end
+    end
   end
 end