external_credentials_spec.rb 7.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe 'External Credentials', type: :request do
  4. let(:admin) { create(:admin) }
  5. context 'without authentication' do
  6. describe '#index' do
  7. it 'returns 403 Forbidden' do
  8. get '/api/v1/external_credentials', as: :json
  9. expect(response).to have_http_status(:forbidden)
  10. expect(json_response).to include('error' => 'Authentication required')
  11. end
  12. end
  13. describe '#app_verify' do
  14. it 'returns 403 Forbidden' do
  15. post '/api/v1/external_credentials/facebook/app_verify', as: :json
  16. expect(response).to have_http_status(:forbidden)
  17. expect(json_response).to include('error' => 'Authentication required')
  18. end
  19. end
  20. describe '#link_account' do
  21. it 'returns 403 Forbidden' do
  22. get '/api/v1/external_credentials/facebook/link_account', as: :json
  23. expect(response).to have_http_status(:forbidden)
  24. expect(json_response).to include('error' => 'Authentication required')
  25. end
  26. end
  27. describe '#callback' do
  28. it 'returns 403 Forbidden' do
  29. get '/api/v1/external_credentials/facebook/callback', as: :json
  30. expect(response).to have_http_status(:forbidden)
  31. expect(json_response).to include('error' => 'Authentication required')
  32. end
  33. end
  34. end
  35. context 'authenticated as admin' do
  36. before { authenticated_as(admin, via: :browser) }
  37. describe '#index' do
  38. it 'responds with an array of ExternalCredential records' do
  39. get '/api/v1/external_credentials', as: :json
  40. expect(response).to have_http_status(:ok)
  41. expect(json_response).to eq([])
  42. end
  43. context 'with expand=true URL parameters' do
  44. it 'responds with an array of ExternalCredential records and their association data' do
  45. get '/api/v1/external_credentials?expand=true', as: :json
  46. expect(response).to have_http_status(:ok)
  47. expect(json_response).to eq([])
  48. end
  49. end
  50. end
  51. context 'for Facebook' do
  52. let(:invalid_credentials) do
  53. { application_id: 123, application_secret: 123 }
  54. end
  55. describe '#app_verify' do
  56. describe 'failure cases' do
  57. context 'when permission for Facebook channel is deactivated' do
  58. before { Permission.find_by(name: 'admin.channel_facebook').update(active: false) }
  59. it 'returns 403 Forbidden with internal (Zammad) error' do
  60. post '/api/v1/external_credentials/facebook/app_verify', as: :json
  61. expect(response).to have_http_status(:forbidden)
  62. expect(json_response).to include('error' => 'User authorization failed.')
  63. end
  64. end
  65. context 'with no credentials' do
  66. it 'returns 200 with internal (Zammad) error' do
  67. post '/api/v1/external_credentials/facebook/app_verify', as: :json
  68. expect(response).to have_http_status(:ok)
  69. expect(json_response).to include('error' => "The required parameter 'application_id' is missing.")
  70. end
  71. end
  72. context 'with invalid credentials, via request params' do
  73. it 'returns 200 with remote (Facebook auth) error', :use_vcr do
  74. post '/api/v1/external_credentials/facebook/app_verify', params: invalid_credentials, as: :json
  75. expect(response).to have_http_status(:ok)
  76. expect(json_response).to include('error' => 'type: OAuthException, code: 101, message: Error validating application. Cannot get application info due to a system error., fbtrace_id: Ggs96Qoszeb [HTTP 400]')
  77. end
  78. end
  79. context 'with invalid credentials, via ExternalCredential record' do
  80. before { create(:facebook_credential, credentials: invalid_credentials) }
  81. it 'returns 200 with remote (Facebook auth) error', :use_vcr do
  82. post '/api/v1/external_credentials/facebook/app_verify', as: :json
  83. expect(response).to have_http_status(:ok)
  84. expect(json_response).to include('error' => 'type: OAuthException, code: 101, message: Error validating application. Cannot get application info due to a system error., fbtrace_id: GZPegj7a6Qi [HTTP 400]')
  85. end
  86. end
  87. end
  88. end
  89. describe '#link_account' do
  90. describe 'failure cases' do
  91. context 'with no credentials' do
  92. it 'returns 422 unprocessable entity with internal (Zammad) error' do
  93. get '/api/v1/external_credentials/facebook/link_account', as: :json
  94. expect(response).to have_http_status(:unprocessable_entity)
  95. expect(json_response).to include('error' => 'No Facebook app configured!')
  96. end
  97. end
  98. context 'with invalid credentials, via request params' do
  99. it 'returns 422 unprocessable entity with internal (Zammad) error' do
  100. get '/api/v1/external_credentials/facebook/link_account', params: invalid_credentials, as: :json
  101. expect(response).to have_http_status(:unprocessable_entity)
  102. expect(json_response).to include('error' => 'No Facebook app configured!')
  103. end
  104. end
  105. context 'with invalid credentials, via ExternalCredential record' do
  106. before { create(:facebook_credential, credentials: invalid_credentials) }
  107. it 'returns 500 with remote (Facebook auth) error', :use_vcr do
  108. get '/api/v1/external_credentials/facebook/link_account', as: :json
  109. expect(response).to have_http_status(:internal_server_error)
  110. expect(json_response).to include('error' => 'type: OAuthException, code: 101, message: Error validating application. Cannot get application info due to a system error., fbtrace_id: GHQfpOGoO6+ [HTTP 400]')
  111. end
  112. end
  113. end
  114. end
  115. describe '#callback' do
  116. describe 'failure cases' do
  117. context 'with no credentials' do
  118. it 'returns 422 unprocessable entity with internal (Zammad) error' do
  119. get '/api/v1/external_credentials/facebook/callback', as: :json
  120. expect(response).to have_http_status(:unprocessable_entity)
  121. expect(json_response).to include('error' => 'No Facebook app configured!')
  122. end
  123. end
  124. context 'with invalid credentials, via request params' do
  125. it 'returns 422 unprocessable entity with internal (Zammad) error' do
  126. get '/api/v1/external_credentials/facebook/callback', params: invalid_credentials, as: :json
  127. expect(response).to have_http_status(:unprocessable_entity)
  128. expect(json_response).to include('error' => 'No Facebook app configured!')
  129. end
  130. end
  131. context 'with invalid credentials, via ExternalCredential record' do
  132. before { create(:facebook_credential, credentials: invalid_credentials) }
  133. it 'returns 500 with remote (Facebook auth) error', :use_vcr do
  134. get '/api/v1/external_credentials/facebook/callback', as: :json
  135. expect(response).to have_http_status(:internal_server_error)
  136. expect(json_response).to include('error' => 'type: OAuthException, code: 101, message: Error validating application. Cannot get application info due to a system error., fbtrace_id: FEdFTInow6l [HTTP 400]')
  137. end
  138. end
  139. end
  140. end
  141. end
  142. end
  143. end