zammad/test/unit/rest_test.rb

# encoding: utf-8
require 'test_helper'
require 'faraday'

class RestTest < ActiveSupport::TestCase

  test 'users and orgs' do

    if !ENV['BROWSER_URL']
      puts "NOTICE: Do not execute rest tests, no BROWSER_URL=http://some_host:port is defined! e. g. export BROWSER_URL=http://localhost:3000"
      return
    end

    # create agent
    roles  = Role.where( :name => ['Admin', 'Agent'] )
    groups = Group.all

    UserInfo.current_user_id = 1
    admin = User.create_or_update(
      :login         => 'rest-admin',
      :firstname     => 'Rest',
      :lastname      => 'Agent',
      :email         => 'rest-admin@example.com',
      :password      => 'adminpw',
      :active        => true,
      :roles         => roles,
      :groups        => groups,
    )

    # create agent
    roles = Role.where( :name => 'Agent' )
    agent = User.create_or_update(
      :login         => 'rest-agent@example.com',
      :firstname     => 'Rest',
      :lastname      => 'Agent',
      :email         => 'rest-agent@example.com',
      :password      => 'agentpw',
      :active        => true,
      :roles         => roles,
      :groups        => groups,
    )

    # create customer without org
    roles = Role.where( :name => 'Customer' )
    customer_without_org = User.create_or_update(
      :login         => 'rest-customer1@example.com',
      :firstname     => 'Rest',
      :lastname      => 'Customer1',
      :email         => 'rest-customer1@example.com',
      :password      => 'customer1pw',
      :active        => true,
      :roles         => roles,
    )

    # create orgs
    organization = Organization.create_or_update(
      :name => 'Rest Org',
    )
    organization2 = Organization.create_or_update(
      :name => 'Rest Org #2',
    )
    organization3 = Organization.create_or_update(
      :name => 'Rest Org #3',
    )

    # create customer with org
    customer_with_org = User.create_or_update(
      :login           => 'rest-customer2@example.com',
      :firstname       => 'Rest',
      :lastname        => 'Customer2',
      :email           => 'rest-customer2@example.com',
      :password        => 'customer2pw',
      :active          => true,
      :roles           => roles,
      :organization_id => organization.id,
    )

    # not existing user
    request = get( 'not_existing@example.com', 'adminpw', '/api/v1/users')
    assert_equal( request[:response].status, 401 )
    assert_equal( request[:data].class, Hash)
    assert_equal( request[:data]['error'], 'authentication failed' )

    # username auth, wrong pw
    request = get( 'rest-admin', 'not_existing', '/api/v1/users' )
    assert_equal( request[:response].status, 401 )
    assert_equal( request[:data]['error'], 'authentication failed' )

    # email auth, wrong pw
    request = get( 'rest-admin@example.com', 'not_existing', '/api/v1/users' )
    assert_equal( request[:response].status, 401 )
    assert_equal( request[:data]['error'], 'authentication failed' )

    # username auth
    request = get( 'rest-admin', 'adminpw', '/api/v1/users' )
    assert_equal( request[:response].status, 200 )

    # email auth
    request = get( 'rest-admin@example.com', 'adminpw', '/api/v1/users' )
    assert_equal( request[:response].status, 200 )

    # /users

    # index
    request = get( 'rest-agent@example.com', 'agentpw', '/api/v1/users')
    assert_equal( request[:response].status, 200 )
    assert_equal( request[:data].class, Array)
    assert( request[:data].length >= 3 )

    # show/:id
    request = get( 'rest-agent@example.com', 'agentpw', '/api/v1/users/' + agent.id.to_s )
    assert_equal( request[:response].status, 200 )
    assert_equal( request[:data].class, Hash)
    assert_equal( request[:data]['email'], 'rest-agent@example.com')
    request = get( 'rest-agent@example.com', 'agentpw', '/api/v1/users/' + customer_without_org.id.to_s )
    assert_equal( request[:response].status, 200 )
    assert_equal( request[:data].class, Hash)
    assert_equal( request[:data]['email'], 'rest-customer1@example.com')

    # index
    request = get( 'rest-customer1@example.com', 'customer1pw', '/api/v1/users')
    assert_equal( request[:response].status, 200 )
    assert_equal( request[:data].class, Array)
    assert_equal( request[:data].length, 1 )

    # show/:id
    request = get( 'rest-customer1@example.com', 'customer1pw', '/api/v1/users/' + customer_without_org.id.to_s )
    assert_equal( request[:response].status, 200 )
    assert_equal( request[:data].class, Hash)
    assert_equal( request[:data]['email'], 'rest-customer1@example.com')
    request = get( 'rest-customer1@example.com', 'customer1pw', '/api/v1/users/' + customer_with_org.id.to_s )
    assert_equal( request[:response].status, 401 )
    assert_equal( request[:data].class, Hash)
    assert_equal( request[:data]['email'], nil)

    # index
    request = get( 'rest-customer2@example.com', 'customer2pw', '/api/v1/users')
    assert_equal( request[:response].status, 200 )
    assert_equal( request[:data].class, Array)
    assert_equal( request[:data].length, 1 )

    # show/:id
    request = get( 'rest-customer2@example.com', 'customer2pw', '/api/v1/users/' + customer_with_org.id.to_s )
    assert_equal( request[:response].status, 200 )
    assert_equal( request[:data].class, Hash)
    assert_equal( request[:data]['email'], 'rest-customer2@example.com')
    request = get( 'rest-customer2@example.com', 'customer2pw', '/api/v1/users/' + customer_without_org.id.to_s )
    assert_equal( request[:response].status, 401 )
    assert_equal( request[:data].class, Hash)
    assert_equal( request[:data]['email'], nil)


    # /organizations

    # index
    request = get( 'rest-agent@example.com', 'agentpw', '/api/v1/organizations')
    assert_equal( request[:response].status, 200 )
    assert_equal( request[:data].class, Array)
    assert( request[:data].length >= 3 )

    # show/:id
    request = get( 'rest-agent@example.com', 'agentpw', '/api/v1/organizations/' + organization.id.to_s )
    assert_equal( request[:response].status, 200 )
    assert_equal( request[:data].class, Hash)
    assert_equal( request[:data]['name'], 'Rest Org')
    request = get( 'rest-agent@example.com', 'agentpw', '/api/v1/organizations/' + organization2.id.to_s )
    assert_equal( request[:response].status, 200 )
    assert_equal( request[:data].class, Hash)
    assert_equal( request[:data]['name'], 'Rest Org #2')

    # index
    request = get( 'rest-customer1@example.com', 'customer1pw', '/api/v1/organizations')
    assert_equal( request[:response].status, 200 )
    assert_equal( request[:data].class, Array)
    assert_equal( request[:data].length, 0 )

    # show/:id
    request = get( 'rest-customer1@example.com', 'customer1pw', '/api/v1/organizations/' + organization.id.to_s )
    assert_equal( request[:response].status, 200 )
    assert_equal( request[:data].class, Hash)
    assert_equal( request[:data]['name'], nil)
    request = get( 'rest-customer1@example.com', 'customer1pw', '/api/v1/organizations/' + organization2.id.to_s )
    assert_equal( request[:response].status, 200 )
    assert_equal( request[:data].class, Hash)
    assert_equal( request[:data]['name'], nil)

    # index
    request = get( 'rest-customer2@example.com', 'customer2pw', '/api/v1/organizations')
    assert_equal( request[:response].status, 200 )
    assert_equal( request[:data].class, Array)
    assert_equal( request[:data].length, 1 )

    # show/:id
    request = get( 'rest-customer2@example.com', 'customer2pw', '/api/v1/organizations/' + organization.id.to_s )
    assert_equal( request[:response].status, 200 )
    assert_equal( request[:data].class, Hash)
    assert_equal( request[:data]['name'], 'Rest Org')
    request = get( 'rest-customer2@example.com', 'customer2pw', '/api/v1/organizations/' + organization2.id.to_s )
    assert_equal( request[:response].status, 401 )
    assert_equal( request[:data].class, Hash)
    assert_equal( request[:data]['name'], nil)


    # packages
    request = get( 'rest-admin@example.com', 'adminpw', '/api/v1/packages' )
    assert_equal( request[:response].status, 200 )
    assert_equal( request[:data].class, Hash)
    assert( request[:data]['packages'] )

    request = get( 'rest-agent@example.com', 'agentpw', '/api/v1/packages' )
    assert_equal( request[:response].status, 401 )
    assert_equal( request[:data].class, Hash)
    assert( !request[:data]['name'] )

    request = get( 'rest-customer1@example.com', 'customer1pw', '/api/v1/packages' )
    assert_equal( request[:response].status, 401 )
    assert_equal( request[:data].class, Hash)
    assert( !request[:data]['name'] )

    # settings
    request = get( 'rest-admin@example.com', 'adminpw', '/api/v1/settings' )
    assert_equal( request[:response].status, 200 )
    assert_equal( request[:data].class, Array)
    assert( request[:data][0] )

    request = get( 'rest-agent@example.com', 'agentpw', '/api/v1/settings' )
    assert_equal( request[:response].status, 401 )
    assert_equal( request[:data].class, Hash)
    assert( !request[:data]['name'] )

    request = get( 'rest-customer1@example.com', 'customer1pw', '/api/v1/settings' )
    assert_equal( request[:response].status, 401 )
    assert_equal( request[:data].class, Hash)
    assert( !request[:data]['name'] )

  end
  def get(user, pw, url)
    conn = Faraday.new( :url => ENV['BROWSER_URL'] )
    conn.basic_auth( user, pw )
    response = conn.get url
#    puts 'URL: ' + url
#    puts response.body.to_s
    data = JSON.parse( response.body )
    return { :data => data, :response => response }
  end
end