form_controller_test.rb 9.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272
  1. # encoding: utf-8
  2. require 'test_helper'
  3. require 'rake'
  4. class FormControllerTest < ActionDispatch::IntegrationTest
  5. setup do
  6. @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json', 'REMOTE_ADDR' => '1.2.3.4' }
  7. if ENV['ES_URL'].present?
  8. #fail "ERROR: Need ES_URL - hint ES_URL='http://127.0.0.1:9200'"
  9. Setting.set('es_url', ENV['ES_URL'])
  10. # Setting.set('es_url', 'http://127.0.0.1:9200')
  11. # Setting.set('es_index', 'estest.local_zammad')
  12. # Setting.set('es_user', 'elasticsearch')
  13. # Setting.set('es_password', 'zammad')
  14. if ENV['ES_INDEX_RAND'].present?
  15. ENV['ES_INDEX'] = "es_index_#{rand(999_999_999)}"
  16. end
  17. if ENV['ES_INDEX'].blank?
  18. raise "ERROR: Need ES_INDEX - hint ES_INDEX='estest.local_zammad'"
  19. end
  20. Setting.set('es_index', ENV['ES_INDEX'])
  21. end
  22. Ticket.destroy_all
  23. # drop/create indexes
  24. Setting.reload
  25. Rake::Task.clear
  26. Zammad::Application.load_tasks
  27. Rake::Task['searchindex:rebuild'].execute
  28. end
  29. teardown do
  30. if ENV['ES_URL'].present?
  31. Rake::Task['searchindex:drop'].execute
  32. end
  33. end
  34. test '01 - get config call' do
  35. post '/api/v1/form_config', params: {}.to_json, headers: @headers
  36. assert_response(401)
  37. result = JSON.parse(@response.body)
  38. assert_equal(result.class, Hash)
  39. assert_equal(result['error'], 'Not authorized')
  40. end
  41. test '02 - get config call' do
  42. Setting.set('form_ticket_create', true)
  43. post '/api/v1/form_config', params: {}.to_json, headers: @headers
  44. assert_response(401)
  45. result = JSON.parse(@response.body)
  46. assert_equal(result.class, Hash)
  47. assert_equal(result['error'], 'Not authorized')
  48. end
  49. test '03 - get config call & do submit' do
  50. Setting.set('form_ticket_create', true)
  51. fingerprint = SecureRandom.hex(40)
  52. post '/api/v1/form_config', params: { fingerprint: fingerprint }.to_json, headers: @headers
  53. assert_response(200)
  54. result = JSON.parse(@response.body)
  55. assert_equal(result.class, Hash)
  56. assert_equal(result['enabled'], true)
  57. assert_equal(result['endpoint'], 'http://zammad.example.com/api/v1/form_submit')
  58. assert(result['token'])
  59. token = result['token']
  60. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: 'invalid' }.to_json, headers: @headers
  61. assert_response(401)
  62. result = JSON.parse(@response.body)
  63. assert_equal(result.class, Hash)
  64. assert_equal(result['error'], 'Not authorized')
  65. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token }.to_json, headers: @headers
  66. assert_response(200)
  67. result = JSON.parse(@response.body)
  68. assert_equal(result.class, Hash)
  69. assert(result['errors'])
  70. assert_equal(result['errors']['name'], 'required')
  71. assert_equal(result['errors']['email'], 'required')
  72. assert_equal(result['errors']['title'], 'required')
  73. assert_equal(result['errors']['body'], 'required')
  74. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, email: 'some' }.to_json, headers: @headers
  75. assert_response(200)
  76. result = JSON.parse(@response.body)
  77. assert_equal(result.class, Hash)
  78. assert(result['errors'])
  79. assert_equal(result['errors']['name'], 'required')
  80. assert_equal(result['errors']['email'], 'invalid')
  81. assert_equal(result['errors']['title'], 'required')
  82. assert_equal(result['errors']['body'], 'required')
  83. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }.to_json, headers: @headers
  84. assert_response(200)
  85. result = JSON.parse(@response.body)
  86. assert_equal(result.class, Hash)
  87. assert_not(result['errors'])
  88. assert(result['ticket'])
  89. assert(result['ticket']['id'])
  90. assert(result['ticket']['number'])
  91. travel 5.hours
  92. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }.to_json, headers: @headers
  93. assert_response(200)
  94. result = JSON.parse(@response.body)
  95. assert_equal(result.class, Hash)
  96. assert_not(result['errors'])
  97. assert(result['ticket'])
  98. assert(result['ticket']['id'])
  99. assert(result['ticket']['number'])
  100. travel 20.hours
  101. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }.to_json, headers: @headers
  102. assert_response(401)
  103. end
  104. test '04 - get config call & do submit' do
  105. Setting.set('form_ticket_create', true)
  106. fingerprint = SecureRandom.hex(40)
  107. post '/api/v1/form_config', params: { fingerprint: fingerprint }.to_json, headers: @headers
  108. assert_response(200)
  109. result = JSON.parse(@response.body)
  110. assert_equal(result.class, Hash)
  111. assert_equal(result['enabled'], true)
  112. assert_equal(result['endpoint'], 'http://zammad.example.com/api/v1/form_submit')
  113. assert(result['token'])
  114. token = result['token']
  115. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: 'invalid' }.to_json, headers: @headers
  116. assert_response(401)
  117. result = JSON.parse(@response.body)
  118. assert_equal(result.class, Hash)
  119. assert_equal(result['error'], 'Not authorized')
  120. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token }.to_json, headers: @headers
  121. assert_response(200)
  122. result = JSON.parse(@response.body)
  123. assert_equal(result.class, Hash)
  124. assert(result['errors'])
  125. assert_equal(result['errors']['name'], 'required')
  126. assert_equal(result['errors']['email'], 'required')
  127. assert_equal(result['errors']['title'], 'required')
  128. assert_equal(result['errors']['body'], 'required')
  129. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, email: 'some' }.to_json, headers: @headers
  130. assert_response(200)
  131. result = JSON.parse(@response.body)
  132. assert_equal(result.class, Hash)
  133. assert(result['errors'])
  134. assert_equal(result['errors']['name'], 'required')
  135. assert_equal(result['errors']['email'], 'invalid')
  136. assert_equal(result['errors']['title'], 'required')
  137. assert_equal(result['errors']['body'], 'required')
  138. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'somebody@example.com', title: 'test', body: 'hello' }.to_json, headers: @headers
  139. assert_response(200)
  140. result = JSON.parse(@response.body)
  141. assert_equal(result.class, Hash)
  142. assert(result['errors'])
  143. assert_equal(result['errors']['email'], 'invalid')
  144. end
  145. test '05 - limits' do
  146. return if !SearchIndexBackend.enabled?
  147. Setting.set('form_ticket_create', true)
  148. fingerprint = SecureRandom.hex(40)
  149. post '/api/v1/form_config', params: { fingerprint: fingerprint }.to_json, headers: @headers
  150. assert_response(200)
  151. result = JSON.parse(@response.body)
  152. assert_equal(result.class, Hash)
  153. assert_equal(result['enabled'], true)
  154. assert_equal(result['endpoint'], 'http://zammad.example.com/api/v1/form_submit')
  155. assert(result['token'])
  156. token = result['token']
  157. (1..20).each { |count|
  158. travel 10.seconds
  159. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: "test#{count}", body: 'hello' }.to_json, headers: @headers
  160. assert_response(200)
  161. result = JSON.parse(@response.body)
  162. assert_equal(result.class, Hash)
  163. assert_not(result['errors'])
  164. assert(result['ticket'])
  165. assert(result['ticket']['id'])
  166. assert(result['ticket']['number'])
  167. Scheduler.worker(true)
  168. sleep 1 # wait until elasticsearch is index
  169. }
  170. sleep 10 # wait until elasticsearch is index
  171. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test-last', body: 'hello' }.to_json, headers: @headers
  172. assert_response(401)
  173. result = JSON.parse(@response.body)
  174. assert_equal(result.class, Hash)
  175. assert(result['error'])
  176. @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json', 'REMOTE_ADDR' => '1.2.3.5' }
  177. (1..20).each { |count|
  178. travel 10.seconds
  179. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: "test-2-#{count}", body: 'hello' }.to_json, headers: @headers
  180. assert_response(200)
  181. result = JSON.parse(@response.body)
  182. assert_equal(result.class, Hash)
  183. assert_not(result['errors'])
  184. assert(result['ticket'])
  185. assert(result['ticket']['id'])
  186. assert(result['ticket']['number'])
  187. Scheduler.worker(true)
  188. sleep 1 # wait until elasticsearch is index
  189. }
  190. sleep 10 # wait until elasticsearch is index
  191. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test-2-last', body: 'hello' }.to_json, headers: @headers
  192. assert_response(401)
  193. result = JSON.parse(@response.body)
  194. assert_equal(result.class, Hash)
  195. assert(result['error'])
  196. end
  197. test '06 - customer_ticket_create false disables form' do
  198. Setting.set('form_ticket_create', true)
  199. Setting.set('customer_ticket_create', false)
  200. fingerprint = SecureRandom.hex(40)
  201. post '/api/v1/form_config', params: { fingerprint: fingerprint }.to_json, headers: @headers
  202. result = JSON.parse(@response.body)
  203. token = result['token']
  204. params = {
  205. fingerprint: fingerprint,
  206. token: token,
  207. name: 'Bob Smith',
  208. email: 'discard@znuny.com',
  209. title: 'test',
  210. body: 'hello'
  211. }
  212. post '/api/v1/form_submit', params: params.to_json, headers: @headers
  213. assert_response(401)
  214. end
  215. end