require 'test_helper' class UserDeviceControllerTest < ActionDispatch::IntegrationTest self.test_order = :sorted self.use_transactional_tests = false setup do # set accept header @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } # create agent roles = Role.where(name: %w[Admin Agent]) groups = Group.all UserInfo.current_user_id = 1 @admin = User.create_or_update( login: 'user-device-admin', firstname: 'UserDevice', lastname: 'Admin', email: 'user-device-admin@example.com', password: 'adminpw', active: true, roles: roles, groups: groups, ) # create agent roles = Role.where(name: 'Agent') @agent = User.create_or_update( login: 'user-device-agent', firstname: 'UserDevice', lastname: 'Agent', email: 'user-device-agent@example.com', password: 'agentpw', active: true, roles: roles, groups: groups, ) ENV['TEST_REMOTE_IP'] = '5.9.62.170' # de ENV['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:46.0) Gecko/20100101 Firefox/46.0' ENV['SWITCHED_FROM_USER_ID'] = nil UserDevice.destroy_all end test '01 - index with nobody' do get '/api/v1/signshow' assert_response(200) result = JSON.parse(@response.body) assert_equal(result.class, Hash) assert_equal(result['error'], 'no valid session') assert(result['config']) assert_not(controller.session[:user_device_fingerprint]) Scheduler.worker(true) end test '02 - login index with admin without fingerprint' do assert_equal(0, UserDevice.where(user_id: @admin.id).count) assert_equal(0, email_notification_count('user_device_new', @admin.email)) assert_equal(0, email_notification_count('user_device_new_location', @admin.email)) params = { without_fingerprint: 'none', username: 'user-device-admin', password: 'adminpw' } post '/api/v1/signin', params: params.to_json, headers: @headers assert_response(422) result = JSON.parse(@response.body) assert_equal(result.class, Hash) assert_equal('Need fingerprint param!', result['error']) assert_not(result['config']) assert_not(controller.session[:user_device_fingerprint]) Scheduler.worker(true) assert_equal(0, UserDevice.where(user_id: @admin.id).count) assert_equal(0, email_notification_count('user_device_new', @admin.email)) assert_equal(0, email_notification_count('user_device_new_location', @admin.email)) end test '03 - login index with admin with fingerprint - I' do assert_equal(0, UserDevice.where(user_id: @admin.id).count) assert_equal(0, email_notification_count('user_device_new', @admin.email)) assert_equal(0, email_notification_count('user_device_new_location', @admin.email)) params = { fingerprint: 'my_finger_print', username: 'user-device-admin', password: 'adminpw' } post '/api/v1/signin', params: params.to_json, headers: @headers assert_response(201) result = JSON.parse(@response.body) assert_equal(result.class, Hash) assert_not(result['error']) assert(result['config']) assert('my_finger_print', controller.session[:user_device_fingerprint]) Scheduler.worker(true) assert_equal(1, UserDevice.where(user_id: @admin.id).count) assert_equal(0, email_notification_count('user_device_new', @admin.email)) assert_equal(0, email_notification_count('user_device_new_location', @admin.email)) user_device_first = UserDevice.last sleep 2 params = {} get '/api/v1/users', params: params.to_json, headers: @headers assert_response(200) result = JSON.parse(@response.body) assert_equal(result.class, Array) assert('my_finger_print', controller.session[:user_device_fingerprint]) Scheduler.worker(true) assert_equal(1, UserDevice.where(user_id: @admin.id).count) assert_equal(0, email_notification_count('user_device_new', @admin.email)) assert_equal(0, email_notification_count('user_device_new_location', @admin.email)) user_device_last = UserDevice.last assert_equal(user_device_last.updated_at.to_s, user_device_first.updated_at.to_s) params = { fingerprint: 'my_finger_print' } get '/api/v1/signshow', params: params, headers: @headers assert_response(200) result = JSON.parse(@response.body) assert_equal(result.class, Hash) assert(result['session']) assert_equal(result['session']['login'], 'user-device-admin') assert(result['config']) Scheduler.worker(true) assert_equal(1, UserDevice.where(user_id: @admin.id).count) assert_equal(0, email_notification_count('user_device_new', @admin.email)) assert_equal(0, email_notification_count('user_device_new_location', @admin.email)) user_device_last = UserDevice.last assert_equal(user_device_last.updated_at.to_s, user_device_first.updated_at.to_s) ENV['USER_DEVICE_UPDATED_AT'] = (Time.zone.now - 4.hours).to_s params = {} get '/api/v1/users', params: params.to_json, headers: @headers assert_response(200) result = JSON.parse(@response.body) assert_equal(result.class, Array) assert('my_finger_print', controller.session[:user_device_fingerprint]) Scheduler.worker(true) assert_equal(1, UserDevice.where(user_id: @admin.id).count) assert_equal(0, email_notification_count('user_device_new', @admin.email)) assert_equal(0, email_notification_count('user_device_new_location', @admin.email)) user_device_last = UserDevice.last assert_not_equal(user_device_last.updated_at.to_s, user_device_first.updated_at.to_s) ENV['USER_DEVICE_UPDATED_AT'] = nil ENV['TEST_REMOTE_IP'] = '195.65.29.254' # ch params = {} get '/api/v1/users', params: params.to_json, headers: @headers assert_response(200) result = JSON.parse(@response.body) Scheduler.worker(true) assert_equal(2, UserDevice.where(user_id: @admin.id).count) assert_equal(0, email_notification_count('user_device_new', @admin.email)) assert_equal(1, email_notification_count('user_device_new_location', @admin.email)) # ip reset ENV['TEST_REMOTE_IP'] = '5.9.62.170' # de end test '04 - login index with admin with fingerprint - II' do UserDevice.create!( user_id: @admin.id, name: 'test 1', location: 'some location', user_agent: 'some user agent', ip: '127.0.0.1', fingerprint: 'fingerprintI', ) params = { fingerprint: 'my_finger_print_II', username: 'user-device-admin', password: 'adminpw' } post '/api/v1/signin', params: params.to_json, headers: @headers assert_response(201) result = JSON.parse(@response.body) Scheduler.worker(true) assert_equal(2, UserDevice.where(user_id: @admin.id).count) assert_equal(1, email_notification_count('user_device_new', @admin.email)) assert_equal(0, email_notification_count('user_device_new_location', @admin.email)) assert_equal(result.class, Hash) assert_not(result['error']) assert(result['config']) assert('my_finger_print_III', controller.session[:user_device_fingerprint]) get '/api/v1/users', params: params.to_json, headers: @headers assert_response(200) result = JSON.parse(@response.body) assert_equal(result.class, Array) Scheduler.worker(true) assert_equal(2, UserDevice.where(user_id: @admin.id).count) assert_equal(1, email_notification_count('user_device_new', @admin.email)) assert_equal(0, email_notification_count('user_device_new_location', @admin.email)) params = { fingerprint: 'my_finger_print_II' } get '/api/v1/signshow', params: params, headers: @headers assert_response(200) result = JSON.parse(@response.body) assert_equal(result.class, Hash) assert(result['session']) assert_equal(result['session']['login'], 'user-device-admin') assert(result['config']) Scheduler.worker(true) assert_equal(2, UserDevice.where(user_id: @admin.id).count) assert_equal(1, email_notification_count('user_device_new', @admin.email)) assert_equal(0, email_notification_count('user_device_new_location', @admin.email)) ENV['TEST_REMOTE_IP'] = '195.65.29.254' # ch params = {} get '/api/v1/users', params: params.to_json, headers: @headers assert_response(200) result = JSON.parse(@response.body) Scheduler.worker(true) assert_equal(3, UserDevice.where(user_id: @admin.id).count) assert_equal(1, email_notification_count('user_device_new', @admin.email)) assert_equal(1, email_notification_count('user_device_new_location', @admin.email)) # ip reset ENV['TEST_REMOTE_IP'] = '5.9.62.170' # de end test '05 - login index with admin with fingerprint - II' do UserDevice.add( ENV['HTTP_USER_AGENT'], ENV['TEST_REMOTE_IP'], @admin.id, 'my_finger_print_II', 'session', # session|basic_auth|token_auth|sso ) assert_equal(1, UserDevice.where(user_id: @admin.id).count) params = { fingerprint: 'my_finger_print_II', username: 'user-device-admin', password: 'adminpw' } post '/api/v1/signin', params: params.to_json, headers: @headers assert_response(201) result = JSON.parse(@response.body) Scheduler.worker(true) assert_equal(1, UserDevice.where(user_id: @admin.id).count) assert_equal(0, email_notification_count('user_device_new', @admin.email)) assert_equal(0, email_notification_count('user_device_new_location', @admin.email)) assert_equal(result.class, Hash) assert_not(result['error']) assert(result['config']) assert('my_finger_print_II', controller.session[:user_device_fingerprint]) end test '06 - login index with admin with basic auth' do ENV['HTTP_USER_AGENT'] = 'curl 1.0.0' UserDevice.add( ENV['HTTP_USER_AGENT'], '127.0.0.1', @admin.id, '', 'basic_auth', # session|basic_auth|token_auth|sso ) assert_equal(1, UserDevice.where(user_id: @admin.id).count) credentials = ActionController::HttpAuthentication::Basic.encode_credentials('user-device-admin', 'adminpw') ENV['HTTP_USER_AGENT'] = 'curl 1.2.3' params = {} get '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) Scheduler.worker(true) assert_equal(2, UserDevice.where(user_id: @admin.id).count) assert_equal(1, email_notification_count('user_device_new', @admin.email)) assert_equal(0, email_notification_count('user_device_new_location', @admin.email)) assert_equal(result.class, Array) user_device_first = UserDevice.last sleep 2 params = {} get '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) Scheduler.worker(true) assert_equal(2, UserDevice.where(user_id: @admin.id).count) assert_equal(1, email_notification_count('user_device_new', @admin.email)) assert_equal(0, email_notification_count('user_device_new_location', @admin.email)) assert_equal(result.class, Array) user_device_last = UserDevice.last assert_equal(user_device_last.id, user_device_first.id) assert_equal(user_device_last.updated_at.to_s, user_device_first.updated_at.to_s) user_device_last.updated_at = Time.zone.now - 4.hours user_device_last.save! params = {} get '/api/v1/users', params: params, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) Scheduler.worker(true) assert_equal(2, UserDevice.where(user_id: @admin.id).count) assert_equal(1, email_notification_count('user_device_new', @admin.email)) assert_equal(0, email_notification_count('user_device_new_location', @admin.email)) assert_equal(result.class, Array) user_device_last = UserDevice.last assert_equal(user_device_last.id, user_device_first.id) assert(user_device_last.updated_at > user_device_first.updated_at) end test '07 - login index with admin with basic auth' do ENV['HTTP_USER_AGENT'] = 'curl 1.2.3' UserDevice.add( ENV['HTTP_USER_AGENT'], ENV['TEST_REMOTE_IP'], @admin.id, '', 'basic_auth', # session|basic_auth|token_auth|sso ) assert_equal(1, UserDevice.where(user_id: @admin.id).count) credentials = ActionController::HttpAuthentication::Basic.encode_credentials('user-device-admin', 'adminpw') params = {} get '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) Scheduler.worker(true) assert_equal(1, UserDevice.where(user_id: @admin.id).count) assert_equal(0, email_notification_count('user_device_new', @admin.email)) assert_equal(0, email_notification_count('user_device_new_location', @admin.email)) assert_equal(result.class, Array) end test '08 - login index with agent with basic auth' do assert_equal(0, UserDevice.where(user_id: @agent.id).count) assert_equal(0, email_notification_count('user_device_new', @agent.email)) assert_equal(0, email_notification_count('user_device_new_location', @agent.email)) ENV['HTTP_USER_AGENT'] = 'curl 1.2.3' credentials = ActionController::HttpAuthentication::Basic.encode_credentials('user-device-agent', 'agentpw') params = {} get '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) Scheduler.worker(true) assert_equal(1, UserDevice.where(user_id: @agent.id).count) assert_equal(0, email_notification_count('user_device_new', @agent.email)) assert_equal(0, email_notification_count('user_device_new_location', @agent.email)) assert_equal(result.class, Array) end test '09 - login index with agent with basic auth' do ENV['HTTP_USER_AGENT'] = 'curl 1.2.3' UserDevice.add( ENV['HTTP_USER_AGENT'], ENV['TEST_REMOTE_IP'], @agent.id, '', 'basic_auth', # session|basic_auth|token_auth|sso ) assert_equal(1, UserDevice.where(user_id: @agent.id).count) assert_equal(0, email_notification_count('user_device_new', @agent.email)) assert_equal(0, email_notification_count('user_device_new_location', @agent.email)) credentials = ActionController::HttpAuthentication::Basic.encode_credentials('user-device-agent', 'agentpw') params = {} get '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) Scheduler.worker(true) assert_equal(1, UserDevice.where(user_id: @agent.id).count) assert_equal(0, email_notification_count('user_device_new', @agent.email)) assert_equal(0, email_notification_count('user_device_new_location', @agent.email)) assert_equal(result.class, Array) end test '10 - login with switched_from_user_id' do assert_equal(0, UserDevice.where(user_id: @agent.id).count) assert_equal(0, email_notification_count('user_device_new', @agent.email)) assert_equal(0, email_notification_count('user_device_new_location', @agent.email)) ENV['SWITCHED_FROM_USER_ID'] = @admin.id.to_s params = { fingerprint: 'my_finger_print_II', username: 'user-device-agent', password: 'agentpw' } post '/api/v1/signin', params: params.to_json, headers: @headers assert_response(201) result = JSON.parse(@response.body) Scheduler.worker(true) assert_equal(0, UserDevice.where(user_id: @agent.id).count) assert_equal(0, email_notification_count('user_device_new', @agent.email)) assert_equal(0, email_notification_count('user_device_new_location', @agent.email)) assert_equal(result.class, Hash) assert_not(result['error']) assert(result['config']) assert('my_finger_print_II', controller.session[:user_device_fingerprint]) Scheduler.worker(true) assert_equal(0, UserDevice.where(user_id: @agent.id).count) assert_equal(0, email_notification_count('user_device_new', @agent.email)) assert_equal(0, email_notification_count('user_device_new_location', @agent.email)) ENV['USER_DEVICE_UPDATED_AT'] = (Time.zone.now - 4.hours).to_s params = {} get '/api/v1/users', params: params.to_json, headers: @headers assert_response(200) result = JSON.parse(@response.body) assert_equal(result.class, Array) assert('my_finger_print_II', controller.session[:user_device_fingerprint]) Scheduler.worker(true) assert_equal(0, UserDevice.where(user_id: @agent.id).count) assert_equal(0, email_notification_count('user_device_new', @agent.email)) assert_equal(0, email_notification_count('user_device_new_location', @agent.email)) ENV['USER_DEVICE_UPDATED_AT'] = nil ENV['TEST_REMOTE_IP'] = '195.65.29.254' # ch params = {} get '/api/v1/users', params: params.to_json, headers: @headers assert_response(200) result = JSON.parse(@response.body) Scheduler.worker(true) # ip reset ENV['TEST_REMOTE_IP'] = '5.9.62.170' # de assert_equal(0, UserDevice.where(user_id: @agent.id).count) assert_equal(0, email_notification_count('user_device_new', @agent.email)) assert_equal(0, email_notification_count('user_device_new_location', @agent.email)) end test '11 - login with invalid fingerprint' do assert_equal(0, UserDevice.where(user_id: @admin.id).count) assert_equal(0, email_notification_count('user_device_new', @admin.email)) assert_equal(0, email_notification_count('user_device_new_location', @admin.email)) params = { fingerprint: 'to_long_1234567890to_long_1234567890to_long_1234567890to_long_1234567890to_long_1234567890to_long_1234567890to_long_1234567890to_long_1234567890to_long_1234567890to_long_1234567890to_long_1234567890', username: 'user-device-admin', password: 'adminpw' } post '/api/v1/signin', params: params.to_json, headers: @headers assert_response(422) result = JSON.parse(@response.body) assert_equal(result.class, Hash) assert_equal('fingerprint is 198 chars but can only be 160 chars!', result['error']) assert_not(result['config']) assert_not(controller.session[:user_device_fingerprint]) Scheduler.worker(true) assert_equal(0, UserDevice.where(user_id: @admin.id).count) assert_equal(0, email_notification_count('user_device_new', @admin.email)) assert_equal(0, email_notification_count('user_device_new_location', @admin.email)) end test '12 - login with integer as fingerprint' do assert_equal(0, UserDevice.where(user_id: @admin.id).count) assert_equal(0, email_notification_count('user_device_new', @admin.email)) assert_equal(0, email_notification_count('user_device_new_location', @admin.email)) params = { fingerprint: 123_456_789, username: 'user-device-admin', password: 'adminpw' } post '/api/v1/signin', params: params.to_json, headers: @headers assert_response(201) result = JSON.parse(@response.body) assert(123_456_789, controller.session[:user_device_fingerprint]) Scheduler.worker(true) assert_equal(1, UserDevice.where(user_id: @admin.id).count) assert_equal(0, email_notification_count('user_device_new', @admin.email)) assert_equal(0, email_notification_count('user_device_new_location', @admin.email)) assert_equal(result.class, Hash) assert_nil(result['error']) end test '13 - login form controller - check no user device logging' do Setting.set('form_ticket_create', true) assert_equal(0, UserDevice.where(user_id: @admin.id).count) assert_equal(0, email_notification_count('user_device_new', @admin.email)) assert_equal(0, email_notification_count('user_device_new_location', @admin.email)) credentials = ActionController::HttpAuthentication::Basic.encode_credentials('user-device-admin', 'adminpw') params = { fingerprint: 'long_1234567890long_1234567890long_1234567890long_1234567890long_1234567890long_1234567890long_1234567890long_1234567890long_1234567890long_1234567890long_1234567890' } post '/api/v1/form_config', params: params.to_json, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(result.class, Hash) assert_not(result['error']) assert(result['endpoint']) assert_not(controller.session[:user_device_fingerprint]) Scheduler.worker(true) assert_equal(0, UserDevice.where(user_id: @admin.id).count) assert_equal(0, email_notification_count('user_device_new', @admin.email)) assert_equal(0, email_notification_count('user_device_new_location', @admin.email)) end end