Главная Обзор Помощь
Вход
SMusatov
/
zammad
зеркало из https://github.com/zammad/zammad.git
1
0
Ответвить 0
Файлы
Дерево: bcce8c51f9
Ветки Метки
zammad
/
spec
/
requests
/
user_spec.rb

user_spec.rb 51 KB
История Исходник

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145 
  1. require 'rails_helper'
    2. 

  2. 

  3. RSpec.describe 'User', type: :request, searchindex: true do
    4. 

  4. 

  5.   let!(:admin_user) do
    6. 

  6.     create(
    7. 

  7.       :admin_user,
    8. 

  8.       groups:    Group.all,
    9. 

  9.       login:     'rest-admin',
    10. 

  10.       firstname: 'Rest',
    11. 

  11.       lastname:  'Agent',
    12. 

  12.       email:     'rest-admin@example.com',
    13. 

  13.     )
    14. 

  14.   end
    15. 

  15.   let!(:admin_user_pw) do
    16. 

  16.     create(
    17. 

  17.       :admin_user,
    18. 

  18.       groups:    Group.all,
    19. 

  19.       login:     'rest-admin-pw',
    20. 

  20.       firstname: 'Rest',
    21. 

  21.       lastname:  'Agent',
    22. 

  22.       email:     'rest-admin-pw@example.com',
    23. 

  23.       password:  'adminpw',
    24. 

  24.     )
    25. 

  25.   end
    26. 

  26.   let!(:agent_user) do
    27. 

  27.     create(
    28. 

  28.       :agent_user,
    29. 

  29.       groups:    Group.all,
    30. 

  30.       login:     'rest-agent@example.com',
    31. 

  31.       firstname: 'Rest',
    32. 

  32.       lastname:  'Agent',
    33. 

  33.       email:     'rest-agent@example.com',
    34. 

  34.     )
    35. 

  35.   end
    36. 

  36.   let!(:customer_user) do
    37. 

  37.     create(
    38. 

  38.       :customer_user,
    39. 

  39.       login:     'rest-customer1@example.com',
    40. 

  40.       firstname: 'Rest',
    41. 

  41.       lastname:  'Customer1',
    42. 

  42.       email:     'rest-customer1@example.com',
    43. 

  43.     )
    44. 

  44.   end
    45. 

  45.   let!(:organization) do
    46. 

  46.     create(:organization, name: 'Rest Org')
    47. 

  47.   end
    48. 

  48.   let!(:organization2) do
    49. 

  49.     create(:organization, name: 'Rest Org #2')
    50. 

  50.   end
    51. 

  51.   let!(:organization3) do
    52. 

  52.     create(:organization, name: 'Rest Org #3')
    53. 

  53.   end
    54. 

  54.   let!(:customer_user2) do
    55. 

  55.     create(
    56. 

  56.       :customer_user,
    57. 

  57.       organization: organization,
    58. 

  58.       login:        'rest-customer2@example.com',
    59. 

  59.       firstname:    'Rest',
    60. 

  60.       lastname:     'Customer2',
    61. 

  61.       email:        'rest-customer2@example.com',
    62. 

  62.     )
    63. 

  63.   end
    64. 

  64. 

  65.   before do
    66. 

  66.     configure_elasticsearch do
    67. 

  67. 

  68.       travel 1.minute
    69. 

  69. 

  70.       rebuild_searchindex
    71. 

  71. 

  72.       # execute background jobs
    73. 

  73.       Scheduler.worker(true)
    74. 

  74. 

  75.       sleep 6
    76. 

  76.     end
    77. 

  77.   end
    78. 

  78. 

  79.   describe 'request handling' do
    80. 

  80. 

  81.     it 'does user create tests - no user' do
    82. 

  82. 

  83.       post '/api/v1/signshow', params: {}, as: :json
    84. 

  84. 

  85.       # create user with disabled feature
    86. 

  86.       Setting.set('user_create_account', false)
    87. 

  87.       token = @response.headers['CSRF-TOKEN']
    88. 

  88. 

  89.       # token based on form
    90. 

  90.       params = { email: 'some_new_customer@example.com', authenticity_token: token }
    91. 

  91.       post '/api/v1/users', params: params, as: :json
    92. 

  92.       expect(response).to have_http_status(:unprocessable_entity)
    93. 

  93.       expect(json_response['error']).to be_truthy
    94. 

  94.       expect(json_response['error']).to eq('Feature not enabled!')
    95. 

  95. 

  96.       # token based on headers
    97. 

  97.       headers = { 'X-CSRF-Token' => token }
    98. 

  98.       params = { email: 'some_new_customer@example.com' }
    99. 

  99.       post '/api/v1/users', params: params, headers: headers, as: :json
    100. 

  100.       expect(response).to have_http_status(:unprocessable_entity)
    101. 

  101.       expect(json_response['error']).to be_truthy
    102. 

  102.       expect(json_response['error']).to eq('Feature not enabled!')
    103. 

  103. 

  104.       Setting.set('user_create_account', true)
    105. 

  105. 

  106.       # no signup param with enabled feature
    107. 

  107.       params = { email: 'some_new_customer@example.com' }
    108. 

  108.       post '/api/v1/users', params: params, headers: headers, as: :json
    109. 

  109.       expect(response).to have_http_status(:unprocessable_entity)
    110. 

  110.       expect(json_response['error']).to be_truthy
    111. 

  111.       expect(json_response['error']).to eq('Only signup with not authenticate user possible!')
    112. 

  112. 

  113.       # already existing user with enabled feature
    114. 

  114.       params = { email: 'rest-customer1@example.com', signup: true }
    115. 

  115.       post '/api/v1/users', params: params, headers: headers, as: :json
    116. 

  116.       expect(response).to have_http_status(:unprocessable_entity)
    117. 

  117.       expect(json_response['error']).to be_truthy
    118. 

  118.       expect(json_response['error']).to eq("Email address 'rest-customer1@example.com' is already used for other user.")
    119. 

  119. 

  120.       # email missing with enabled feature
    121. 

  121.       params = { firstname: 'some firstname', signup: true }
    122. 

  122.       post '/api/v1/users', params: params, headers: headers, as: :json
    123. 

  123.       expect(response).to have_http_status(:unprocessable_entity)
    124. 

  124.       expect(json_response['error']).to be_truthy
    125. 

  125.       expect(json_response['error']).to eq('Attribute \'email\' required!')
    126. 

  126. 

  127.       # email missing with enabled feature
    128. 

  128.       params = { firstname: 'some firstname', signup: true }
    129. 

  129.       post '/api/v1/users', params: params, headers: headers, as: :json
    130. 

  130.       expect(response).to have_http_status(:unprocessable_entity)
    131. 

  131.       expect(json_response['error']).to be_truthy
    132. 

  132.       expect(json_response['error']).to eq('Attribute \'email\' required!')
    133. 

  133. 

  134.       # create user with enabled feature (take customer role)
    135. 

  135.       params = { firstname: 'Me First', lastname: 'Me Last', email: 'new_here@example.com', signup: true }
    136. 

  136.       post '/api/v1/users', params: params, headers: headers, as: :json
    137. 

  137.       expect(response).to have_http_status(:created)
    138. 

  138.       expect(json_response).to be_truthy
    139. 

  139. 

  140.       expect(json_response['firstname']).to eq('Me First')
    141. 

  141.       expect(json_response['lastname']).to eq('Me Last')
    142. 

  142.       expect(json_response['login']).to eq('new_here@example.com')
    143. 

  143.       expect(json_response['email']).to eq('new_here@example.com')
    144. 

  144.       user = User.find(json_response['id'])
    145. 

  145.       expect(user).not_to be_role('Admin')
    146. 

  146.       expect(user).not_to be_role('Agent')
    147. 

  147.       expect(user).to be_role('Customer')
    148. 

  148. 

  149.       # create user with admin role (not allowed for signup, take customer role)
    150. 

  150.       role = Role.lookup(name: 'Admin')
    151. 

  151.       params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin@example.com', role_ids: [ role.id ], signup: true }
    152. 

  152.       post '/api/v1/users', params: params, headers: headers, as: :json
    153. 

  153.       expect(response).to have_http_status(:created)
    154. 

  154.       expect(json_response).to be_truthy
    155. 

  155.       user = User.find(json_response['id'])
    156. 

  156.       expect(user).not_to be_role('Admin')
    157. 

  157.       expect(user).not_to be_role('Agent')
    158. 

  158.       expect(user).to be_role('Customer')
    159. 

  159. 

  160.       # create user with agent role (not allowed for signup, take customer role)
    161. 

  161.       role = Role.lookup(name: 'Agent')
    162. 

  162.       params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent@example.com', role_ids: [ role.id ], signup: true }
    163. 

  163.       post '/api/v1/users', params: params, headers: headers, as: :json
    164. 

  164.       expect(response).to have_http_status(:created)
    165. 

  165.       expect(json_response).to be_truthy
    166. 

  166.       user = User.find(json_response['id'])
    167. 

  167.       expect(user).not_to be_role('Admin')
    168. 

  168.       expect(user).not_to be_role('Agent')
    169. 

  169.       expect(user).to be_role('Customer')
    170. 

  170. 

  171.       # no user (because of no session)
    172. 

  172.       get '/api/v1/users', params: {}, headers: headers, as: :json
    173. 

  173.       expect(response).to have_http_status(:unauthorized)
    174. 

  174.       expect(json_response['error']).to eq('authentication failed')
    175. 

  175. 

  176.       # me
    177. 

  177.       get '/api/v1/users/me', params: {}, headers: headers, as: :json
    178. 

  178.       expect(response).to have_http_status(:unauthorized)
    179. 

  179.       expect(json_response['error']).to eq('authentication failed')
    180. 

  180.     end
    181. 

  181. 

  182.     it 'does auth tests - not existing user' do
    183. 

  183.       authenticated_as(nil, login: 'not_existing@example.com', password: 'adminpw')
    184. 

  184.       get '/api/v1/users/me', params: {}, as: :json
    185. 

  185.       expect(response).to have_http_status(:unauthorized)
    186. 

  186.       expect(json_response['error']).to eq('authentication failed')
    187. 

  187. 

  188.       get '/api/v1/users', params: {}, as: :json
    189. 

  189.       expect(response).to have_http_status(:unauthorized)
    190. 

  190.       expect(json_response['error']).to eq('authentication failed')
    191. 

  191.     end
    192. 

  192. 

  193.     it 'does auth tests - username auth, wrong pw' do
    194. 

  194.       authenticated_as(admin_user, password: 'not_existing')
    195. 

  195.       get '/api/v1/users', params: {}, as: :json
    196. 

  196.       expect(response).to have_http_status(:unauthorized)
    197. 

  197.       expect(json_response['error']).to eq('authentication failed')
    198. 

  198.     end
    199. 

  199. 

  200.     it 'does auth tests - email auth, wrong pw' do
    201. 

  201.       authenticated_as(nil, login: 'rest-admin@example.com', password: 'not_existing')
    202. 

  202.       get '/api/v1/users', params: {}, as: :json
    203. 

  203.       expect(response).to have_http_status(:unauthorized)
    204. 

  204.       expect(json_response['error']).to eq('authentication failed')
    205. 

  205.     end
    206. 

  206. 

  207.     it 'does auth tests - username auth' do
    208. 

  208.       authenticated_as(nil, login: 'rest-admin-pw', password: 'adminpw')
    209. 

  209.       get '/api/v1/users', params: {}, as: :json
    210. 

  210.       expect(response).to have_http_status(:ok)
    211. 

  211.       expect(json_response).to be_truthy
    212. 

  212.     end
    213. 

  213. 

  214.     it 'does auth tests - email auth' do
    215. 

  215.       authenticated_as(nil, login: 'rest-admin-pw@example.com', password: 'adminpw')
    216. 

  216.       get '/api/v1/users', params: {}, as: :json
    217. 

  217.       expect(response).to have_http_status(:ok)
    218. 

  218.       expect(json_response).to be_truthy
    219. 

  219.     end
    220. 

  220. 

  221.     it 'does user index and create with admin' do
    222. 

  222.       authenticated_as(admin_user)
    223. 

  223.       get '/api/v1/users/me', params: {}, as: :json
    224. 

  224.       expect(response).to have_http_status(:ok)
    225. 

  225.       expect(json_response).to be_truthy
    226. 

  226.       expect('rest-admin@example.com').to eq(json_response['email'])
    227. 

  227. 

  228.       # index
    229. 

  229.       get '/api/v1/users', params: {}, as: :json
    230. 

  230.       expect(response).to have_http_status(:ok)
    231. 

  231.       expect(json_response).to be_truthy
    232. 

  232. 

  233.       # index
    234. 

  234.       get '/api/v1/users', params: {}, as: :json
    235. 

  235.       expect(response).to have_http_status(:ok)
    236. 

  236.       expect(json_response).to be_truthy
    237. 

  237.       expect(Array).to eq(json_response.class)
    238. 

  238.       expect(json_response.length >= 3).to be_truthy
    239. 

  239. 

  240.       # show/:id
    241. 

  241.       get "/api/v1/users/#{agent_user.id}", params: {}, as: :json
    242. 

  242.       expect(response).to have_http_status(:ok)
    243. 

  243.       expect(json_response).to be_truthy
    244. 

  244.       expect(Hash).to eq(json_response.class)
    245. 

  245.       expect('rest-agent@example.com').to eq(json_response['email'])
    246. 

  246. 

  247.       get "/api/v1/users/#{customer_user.id}", params: {}, as: :json
    248. 

  248.       expect(response).to have_http_status(:ok)
    249. 

  249.       expect(json_response).to be_truthy
    250. 

  250.       expect(Hash).to eq(json_response.class)
    251. 

  251.       expect('rest-customer1@example.com').to eq(json_response['email'])
    252. 

  252. 

  253.       # create user with admin role
    254. 

  254.       role = Role.lookup(name: 'Admin')
    255. 

  255.       params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_admin@example.com', role_ids: [ role.id ] }
    256. 

  256.       post '/api/v1/users', params: params, as: :json
    257. 

  257.       expect(response).to have_http_status(:created)
    258. 

  258.       expect(json_response).to be_truthy
    259. 

  259.       user = User.find(json_response['id'])
    260. 

  260.       expect(user).to be_role('Admin')
    261. 

  261.       expect(user).not_to be_role('Agent')
    262. 

  262.       expect(user).not_to be_role('Customer')
    263. 

  263.       expect(json_response['login']).to eq('new_admin_by_admin@example.com')
    264. 

  264.       expect(json_response['email']).to eq('new_admin_by_admin@example.com')
    265. 

  265. 

  266.       # create user with agent role
    267. 

  267.       role = Role.lookup(name: 'Agent')
    268. 

  268.       params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_admin1@example.com', role_ids: [ role.id ] }
    269. 

  269.       post '/api/v1/users', params: params, as: :json
    270. 

  270.       expect(response).to have_http_status(:created)
    271. 

  271.       expect(json_response).to be_truthy
    272. 

  272.       user = User.find(json_response['id'])
    273. 

  273.       expect(user).not_to be_role('Admin')
    274. 

  274.       expect(user).to be_role('Agent')
    275. 

  275.       expect(user).not_to be_role('Customer')
    276. 

  276.       expect(json_response['login']).to eq('new_agent_by_admin1@example.com')
    277. 

  277.       expect(json_response['email']).to eq('new_agent_by_admin1@example.com')
    278. 

  278. 

  279.       role = Role.lookup(name: 'Agent')
    280. 

  280.       params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
    281. 

  281.       post '/api/v1/users', params: params, as: :json
    282. 

  282.       expect(response).to have_http_status(:created)
    283. 

  283.       expect(json_response).to be_truthy
    284. 

  284.       user = User.find(json_response['id'])
    285. 

  285.       expect(user).not_to be_role('Admin')
    286. 

  286.       expect(user).to be_role('Agent')
    287. 

  287.       expect(user).not_to be_role('Customer')
    288. 

  288.       expect(json_response['login']).to eq('new_agent_by_admin2@example.com')
    289. 

  289.       expect(json_response['email']).to eq('new_agent_by_admin2@example.com')
    290. 

  290.       expect(json_response['firstname']).to eq('Agent')
    291. 

  291.       expect(json_response['lastname']).to eq('First')
    292. 

  292. 

  293.       role = Role.lookup(name: 'Agent')
    294. 

  294.       params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
    295. 

  295.       post '/api/v1/users', params: params, as: :json
    296. 

  296.       expect(response).to have_http_status(:unprocessable_entity)
    297. 

  297.       expect(json_response).to be_truthy
    298. 

  298.       expect(json_response['error']).to eq("Email address 'new_agent_by_admin2@example.com' is already used for other user.")
    299. 

  299. 

  300.       # missing required attributes
    301. 

  301.       params = { note: 'some note' }
    302. 

  302.       post '/api/v1/users', params: params, as: :json
    303. 

  303.       expect(response).to have_http_status(:unprocessable_entity)
    304. 

  304.       expect(json_response).to be_truthy
    305. 

  305.       expect(json_response['error']).to eq('Minimum one identifier (login, firstname, lastname, phone or email) for user is required.')
    306. 

  306. 

  307.       # invalid email
    308. 

  308.       params = { firstname: 'newfirstname123', email: 'some_what', note: 'some note' }
    309. 

  309.       post '/api/v1/users', params: params, as: :json
    310. 

  310.       expect(response).to have_http_status(:unprocessable_entity)
    311. 

  311.       expect(json_response).to be_truthy
    312. 

  312.       expect(json_response['error']).to eq("Invalid email 'some_what'")
    313. 

  313. 

  314.       # with valid attributes
    315. 

  315.       params = { firstname: 'newfirstname123', note: 'some note' }
    316. 

  316.       post '/api/v1/users', params: params, as: :json
    317. 

  317.       expect(response).to have_http_status(:created)
    318. 

  318.       expect(json_response).to be_truthy
    319. 

  319.       user = User.find(json_response['id'])
    320. 

  320.       expect(user).not_to be_role('Admin')
    321. 

  321.       expect(user).not_to be_role('Agent')
    322. 

  322.       expect(user).to be_role('Customer')
    323. 

  323.       expect(json_response['login']).to be_start_with('auto-')
    324. 

  324.       expect(json_response['email']).to eq('')
    325. 

  325.       expect(json_response['firstname']).to eq('newfirstname123')
    326. 

  326.       expect(json_response['lastname']).to eq('')
    327. 

  327.     end
    328. 

  328. 

  329.     it 'does user index and create with agent' do
    330. 

  330.       authenticated_as(agent_user)
    331. 

  331.       get '/api/v1/users/me', params: {}, as: :json
    332. 

  332.       expect(response).to have_http_status(:ok)
    333. 

  333.       expect(json_response).to be_truthy
    334. 

  334.       expect('rest-agent@example.com').to eq(json_response['email'])
    335. 

  335. 

  336.       # index
    337. 

  337.       get '/api/v1/users', params: {}, as: :json
    338. 

  338.       expect(response).to have_http_status(:ok)
    339. 

  339.       expect(json_response).to be_truthy
    340. 

  340. 

  341.       # index
    342. 

  342.       get '/api/v1/users', params: {}, as: :json
    343. 

  343.       expect(response).to have_http_status(:ok)
    344. 

  344.       expect(json_response).to be_truthy
    345. 

  345.       expect(Array).to eq(json_response.class)
    346. 

  346.       expect(json_response.length >= 3).to be_truthy
    347. 

  347. 

  348.       get '/api/v1/users?limit=40&page=1&per_page=2', params: {}, as: :json
    349. 

  349.       expect(response).to have_http_status(:ok)
    350. 

  350.       expect(json_response).to be_a_kind_of(Array)
    351. 

  351.       users = User.order(:id).limit(2)
    352. 

  352.       expect(json_response[0]['id']).to eq(users[0].id)
    353. 

  353.       expect(json_response[1]['id']).to eq(users[1].id)
    354. 

  354.       expect(json_response.count).to eq(2)
    355. 

  355. 

  356.       get '/api/v1/users?limit=40&page=2&per_page=2', params: {}, as: :json
    357. 

  357.       expect(response).to have_http_status(:ok)
    358. 

  358.       expect(json_response).to be_a_kind_of(Array)
    359. 

  359.       users = User.order(:id).limit(4)
    360. 

  360.       expect(json_response[0]['id']).to eq(users[2].id)
    361. 

  361.       expect(json_response[1]['id']).to eq(users[3].id)
    362. 

  362.       expect(json_response.count).to eq(2)
    363. 

  363. 

  364.       # create user with admin role
    365. 

  365.       firstname = "First test#{rand(999_999_999)}"
    366. 

  366.       role = Role.lookup(name: 'Admin')
    367. 

  367.       params = { firstname: "Admin#{firstname}", lastname: 'Admin Last', email: 'new_admin_by_agent@example.com', role_ids: [ role.id ] }
    368. 

  368.       post '/api/v1/users', params: params, as: :json
    369. 

  369.       expect(response).to have_http_status(:created)
    370. 

  370.       json_response_user1 = JSON.parse(@response.body)
    371. 

  371.       expect(json_response_user1).to be_truthy
    372. 

  372.       user = User.find(json_response_user1['id'])
    373. 

  373.       expect(user).not_to be_role('Admin')
    374. 

  374.       expect(user).not_to be_role('Agent')
    375. 

  375.       expect(user).to be_role('Customer')
    376. 

  376.       expect(json_response_user1['login']).to eq('new_admin_by_agent@example.com')
    377. 

  377.       expect(json_response_user1['email']).to eq('new_admin_by_agent@example.com')
    378. 

  378. 

  379.       # create user with agent role
    380. 

  380.       role = Role.lookup(name: 'Agent')
    381. 

  381.       params = { firstname: "Agent#{firstname}", lastname: 'Agent Last', email: 'new_agent_by_agent@example.com', role_ids: [ role.id ] }
    382. 

  382.       post '/api/v1/users', params: params, as: :json
    383. 

  383.       expect(response).to have_http_status(:created)
    384. 

  384.       json_response_user1 = JSON.parse(@response.body)
    385. 

  385.       expect(json_response_user1).to be_truthy
    386. 

  386.       user = User.find(json_response_user1['id'])
    387. 

  387.       expect(user).not_to be_role('Admin')
    388. 

  388.       expect(user).not_to be_role('Agent')
    389. 

  389.       expect(user).to be_role('Customer')
    390. 

  390.       expect(json_response_user1['login']).to eq('new_agent_by_agent@example.com')
    391. 

  391.       expect(json_response_user1['email']).to eq('new_agent_by_agent@example.com')
    392. 

  392. 

  393.       # create user with customer role
    394. 

  394.       role = Role.lookup(name: 'Customer')
    395. 

  395.       params = { firstname: "Customer#{firstname}", lastname: 'Customer Last', email: 'new_customer_by_agent@example.com', role_ids: [ role.id ] }
    396. 

  396.       post '/api/v1/users', params: params, as: :json
    397. 

  397.       expect(response).to have_http_status(:created)
    398. 

  398.       json_response_user1 = JSON.parse(@response.body)
    399. 

  399.       expect(json_response_user1).to be_truthy
    400. 

  400.       user = User.find(json_response_user1['id'])
    401. 

  401.       expect(user).not_to be_role('Admin')
    402. 

  402.       expect(user).not_to be_role('Agent')
    403. 

  403.       expect(user).to be_role('Customer')
    404. 

  404.       expect(json_response_user1['login']).to eq('new_customer_by_agent@example.com')
    405. 

  405.       expect(json_response_user1['email']).to eq('new_customer_by_agent@example.com')
    406. 

  406. 

  407.       # search as agent
    408. 

  408.       Scheduler.worker(true)
    409. 

  409.       sleep 2 # let es time to come ready
    410. 

  410.       get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}", params: {}, as: :json
    411. 

  411.       expect(response).to have_http_status(:ok)
    412. 

  412.       expect(json_response).to be_a_kind_of(Array)
    413. 

  413. 

  414.       expect(json_response[0]['id']).to eq(json_response_user1['id'])
    415. 

  415.       expect(json_response[0]['firstname']).to eq("Customer#{firstname}")
    416. 

  416.       expect(json_response[0]['lastname']).to eq('Customer Last')
    417. 

  417.       expect(json_response[0]['role_ids']).to be_truthy
    418. 

  418.       expect(json_response[0]['roles']).to be_falsey
    419. 

  419. 

  420.       get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&expand=true", params: {}, as: :json
    421. 

  421.       expect(response).to have_http_status(:ok)
    422. 

  422.       expect(json_response).to be_a_kind_of(Array)
    423. 

  423.       expect(json_response[0]['id']).to eq(json_response_user1['id'])
    424. 

  424.       expect(json_response[0]['firstname']).to eq("Customer#{firstname}")
    425. 

  425.       expect(json_response[0]['lastname']).to eq('Customer Last')
    426. 

  426.       expect(json_response[0]['role_ids']).to be_truthy
    427. 

  427.       expect(json_response[0]['roles']).to be_truthy
    428. 

  428. 

  429.       get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&label=true", params: {}, as: :json
    430. 

  430.       expect(response).to have_http_status(:ok)
    431. 

  431.       expect(json_response).to be_a_kind_of(Array)
    432. 

  432.       expect(json_response[0]['id']).to eq(json_response_user1['id'])
    433. 

  433.       expect(json_response[0]['label']).to eq("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>")
    434. 

  434.       expect(json_response[0]['value']).to eq("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>")
    435. 

  435.       expect(json_response[0]['role_ids']).to be_falsey
    436. 

  436.       expect(json_response[0]['roles']).to be_falsey
    437. 

  437. 

  438.       get "/api/v1/users/search?term=#{CGI.escape("Customer#{firstname}")}", params: {}, as: :json
    439. 

  439.       expect(response).to have_http_status(:ok)
    440. 

  440.       expect(json_response).to be_a_kind_of(Array)
    441. 

  441.       expect(json_response[0]['id']).to eq(json_response_user1['id'])
    442. 

  442.       expect(json_response[0]['label']).to eq("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>")
    443. 

  443.       expect(json_response[0]['value']).to eq('new_customer_by_agent@example.com')
    444. 

  444.       expect(json_response[0]['role_ids']).to be_falsey
    445. 

  445.       expect(json_response[0]['roles']).to be_falsey
    446. 

  446. 

  447.       # Regression test for issue #2539 - search pagination broken in users_controller.rb
    448. 

  448.       # Get the total number of users N, then search with one result per page, so there should N pages with one result each
    449. 

  449.       get '/api/v1/users/search', params: { query: '*' }, as: :json
    450. 

  450.       total_user_number = json_response.count
    451. 

  451.       (1..total_user_number).each do |i|
    452. 

  452.         get '/api/v1/users/search', params: { query: '*', per_page: 1, page: i }, as: :json
    453. 

  453.         expect(response).to have_http_status(:ok)
    454. 

  454.         expect(json_response).to be_a_kind_of(Array)
    455. 

  455.         expect(json_response.count).to eq(1), "Page #{i}/#{total_user_number} of the user search pagination test have the wrong result!"
    456. 

  456.       end
    457. 

  457. 

  458.       role = Role.find_by(name: 'Agent')
    459. 

  459.       get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, as: :json
    460. 

  460.       expect(response).to have_http_status(:ok)
    461. 

  461.       expect(json_response).to be_a_kind_of(Array)
    462. 

  462.       expect(json_response.count).to eq(0)
    463. 

  463. 

  464.       role = Role.find_by(name: 'Customer')
    465. 

  465.       get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, as: :json
    466. 

  466.       expect(response).to have_http_status(:ok)
    467. 

  467.       expect(json_response).to be_a_kind_of(Array)
    468. 

  468.       expect(json_response[0]['id']).to eq(json_response_user1['id'])
    469. 

  469.       expect(json_response[0]['label']).to eq("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>")
    470. 

  470.       expect(json_response[0]['value']).to eq("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>")
    471. 

  471.       expect(json_response[0]['role_ids']).to be_falsey
    472. 

  472.       expect(json_response[0]['roles']).to be_falsey
    473. 

  473. 

  474.       permission = Permission.find_by(name: 'ticket.agent')
    475. 

  475.       get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, as: :json
    476. 

  476.       expect(response).to have_http_status(:ok)
    477. 

  477.       expect(json_response).to be_a_kind_of(Array)
    478. 

  478.       expect(json_response.count).to eq(0)
    479. 

  479. 

  480.       permission = Permission.find_by(name: 'ticket.customer')
    481. 

  481.       get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, as: :json
    482. 

  482.       expect(response).to have_http_status(:ok)
    483. 

  483.       expect(json_response).to be_a_kind_of(Array)
    484. 

  484.       expect(json_response[0]['id']).to eq(json_response_user1['id'])
    485. 

  485.       expect(json_response[0]['label']).to eq("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>")
    486. 

  486.       expect(json_response[0]['value']).to eq("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>")
    487. 

  487.       expect(json_response[0]['role_ids']).to be_falsey
    488. 

  488.       expect(json_response[0]['roles']).to be_falsey
    489. 

  489.     end
    490. 

  490. 

  491.     it 'does user index and create with customer1' do
    492. 

  492.       authenticated_as(customer_user)
    493. 

  493.       get '/api/v1/users/me', params: {}, as: :json
    494. 

  494.       expect(response).to have_http_status(:ok)
    495. 

  495.       expect(json_response).to be_truthy
    496. 

  496.       expect('rest-customer1@example.com').to eq(json_response['email'])
    497. 

  497. 

  498.       # index
    499. 

  499.       get '/api/v1/users', params: {}, as: :json
    500. 

  500.       expect(response).to have_http_status(:ok)
    501. 

  501.       expect(Array).to eq(json_response.class)
    502. 

  502.       expect(1).to eq(json_response.length)
    503. 

  503. 

  504.       # show/:id
    505. 

  505.       get "/api/v1/users/#{customer_user.id}", params: {}, as: :json
    506. 

  506.       expect(response).to have_http_status(:ok)
    507. 

  507.       expect(Hash).to eq(json_response.class)
    508. 

  508.       expect('rest-customer1@example.com').to eq(json_response['email'])
    509. 

  509. 

  510.       get "/api/v1/users/#{customer_user2.id}", params: {}, as: :json
    511. 

  511.       expect(response).to have_http_status(:unauthorized)
    512. 

  512.       expect(Hash).to eq(json_response.class)
    513. 

  513.       expect(json_response['error']).to be_truthy
    514. 

  514. 

  515.       # create user with admin role
    516. 

  516.       role = Role.lookup(name: 'Admin')
    517. 

  517.       params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_customer1@example.com', role_ids: [ role.id ] }
    518. 

  518.       post '/api/v1/users', params: params, as: :json
    519. 

  519.       expect(response).to have_http_status(:unauthorized)
    520. 

  520. 

  521.       # create user with agent role
    522. 

  522.       role = Role.lookup(name: 'Agent')
    523. 

  523.       params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_customer1@example.com', role_ids: [ role.id ] }
    524. 

  524.       post '/api/v1/users', params: params, as: :json
    525. 

  525.       expect(response).to have_http_status(:unauthorized)
    526. 

  526. 

  527.       # search
    528. 

  528.       Scheduler.worker(true)
    529. 

  529.       get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, as: :json
    530. 

  530.       expect(response).to have_http_status(:unauthorized)
    531. 

  531.     end
    532. 

  532. 

  533.     it 'does user index with customer2' do
    534. 

  534.       authenticated_as(customer_user2)
    535. 

  535.       get '/api/v1/users/me', params: {}, as: :json
    536. 

  536.       expect(response).to have_http_status(:ok)
    537. 

  537.       expect(json_response).to be_truthy
    538. 

  538.       expect('rest-customer2@example.com').to eq(json_response['email'])
    539. 

  539. 

  540.       # index
    541. 

  541.       get '/api/v1/users', params: {}, as: :json
    542. 

  542.       expect(response).to have_http_status(:ok)
    543. 

  543.       expect(Array).to eq(json_response.class)
    544. 

  544.       expect(1).to eq(json_response.length)
    545. 

  545. 

  546.       # show/:id
    547. 

  547.       get "/api/v1/users/#{customer_user2.id}", params: {}, as: :json
    548. 

  548.       expect(response).to have_http_status(:ok)
    549. 

  549.       expect(Hash).to eq(json_response.class)
    550. 

  550.       expect('rest-customer2@example.com').to eq(json_response['email'])
    551. 

  551. 

  552.       get "/api/v1/users/#{customer_user.id}", params: {}, as: :json
    553. 

  553.       expect(response).to have_http_status(:unauthorized)
    554. 

  554.       expect(Hash).to eq(json_response.class)
    555. 

  555.       expect(json_response['error']).to be_truthy
    556. 

  556. 

  557.       # search
    558. 

  558.       Scheduler.worker(true)
    559. 

  559.       get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, as: :json
    560. 

  560.       expect(response).to have_http_status(:unauthorized)
    561. 

  561.     end
    562. 

  562. 

  563.     it 'does users show and response format (04.01)' do
    564. 

  564.       user = create(
    565. 

  565.         :customer_user,
    566. 

  566.         login:         'rest-customer3@example.com',
    567. 

  567.         firstname:     'Rest',
    568. 

  568.         lastname:      'Customer3',
    569. 

  569.         email:         'rest-customer3@example.com',
    570. 

  570.         password:      'customer3pw',
    571. 

  571.         active:        true,
    572. 

  572.         organization:  organization,
    573. 

  573.         updated_by_id: admin_user.id,
    574. 

  574.         created_by_id: admin_user.id,
    575. 

  575.       )
    576. 

  576. 

  577.       authenticated_as(admin_user)
    578. 

  578.       get "/api/v1/users/#{user.id}", params: {}, as: :json
    579. 

  579.       expect(response).to have_http_status(:ok)
    580. 

  580.       expect(json_response).to be_a_kind_of(Hash)
    581. 

  581.       expect(json_response['id']).to eq(user.id)
    582. 

  582.       expect(json_response['firstname']).to eq(user.firstname)
    583. 

  583.       expect(json_response['organization']).to be_falsey
    584. 

  584.       expect(json_response['organization_id']).to eq(user.organization_id)
    585. 

  585.       expect(json_response['password']).to be_falsey
    586. 

  586.       expect(json_response['role_ids']).to eq(user.role_ids)
    587. 

  587.       expect(json_response['updated_by_id']).to eq(admin_user.id)
    588. 

  588.       expect(json_response['created_by_id']).to eq(admin_user.id)
    589. 

  589. 

  590.       get "/api/v1/users/#{user.id}?expand=true", params: {}, as: :json
    591. 

  591.       expect(response).to have_http_status(:ok)
    592. 

  592.       expect(json_response).to be_a_kind_of(Hash)
    593. 

  593.       expect(json_response['id']).to eq(user.id)
    594. 

  594.       expect(json_response['firstname']).to eq(user.firstname)
    595. 

  595.       expect(json_response['organization_id']).to eq(user.organization_id)
    596. 

  596.       expect(json_response['organization']).to eq(user.organization.name)
    597. 

  597.       expect(json_response['role_ids']).to eq(user.role_ids)
    598. 

  598.       expect(json_response['password']).to be_falsey
    599. 

  599.       expect(json_response['updated_by_id']).to eq(admin_user.id)
    600. 

  600.       expect(json_response['created_by_id']).to eq(admin_user.id)
    601. 

  601. 

  602.       get "/api/v1/users/#{user.id}?expand=false", params: {}, as: :json
    603. 

  603.       expect(response).to have_http_status(:ok)
    604. 

  604.       expect(json_response).to be_a_kind_of(Hash)
    605. 

  605.       expect(json_response['id']).to eq(user.id)
    606. 

  606.       expect(json_response['firstname']).to eq(user.firstname)
    607. 

  607.       expect(json_response['organization']).to be_falsey
    608. 

  608.       expect(json_response['organization_id']).to eq(user.organization_id)
    609. 

  609.       expect(json_response['password']).to be_falsey
    610. 

  610.       expect(json_response['role_ids']).to eq(user.role_ids)
    611. 

  611.       expect(json_response['updated_by_id']).to eq(admin_user.id)
    612. 

  612.       expect(json_response['created_by_id']).to eq(admin_user.id)
    613. 

  613. 

  614.       get "/api/v1/users/#{user.id}?full=true", params: {}, as: :json
    615. 

  615.       expect(response).to have_http_status(:ok)
    616. 

  616. 

  617.       expect(json_response).to be_a_kind_of(Hash)
    618. 

  618.       expect(json_response['id']).to eq(user.id)
    619. 

  619.       expect(json_response['assets']).to be_truthy
    620. 

  620.       expect(json_response['assets']['User']).to be_truthy
    621. 

  621.       expect(json_response['assets']['User'][user.id.to_s]).to be_truthy
    622. 

  622.       expect(json_response['assets']['User'][user.id.to_s]['id']).to eq(user.id)
    623. 

  623.       expect(json_response['assets']['User'][user.id.to_s]['firstname']).to eq(user.firstname)
    624. 

  624.       expect(json_response['assets']['User'][user.id.to_s]['organization_id']).to eq(user.organization_id)
    625. 

  625.       expect(json_response['assets']['User'][user.id.to_s]['role_ids']).to eq(user.role_ids)
    626. 

  626. 

  627.       get "/api/v1/users/#{user.id}?full=false", params: {}, as: :json
    628. 

  628.       expect(response).to have_http_status(:ok)
    629. 

  629.       expect(json_response).to be_a_kind_of(Hash)
    630. 

  630.       expect(json_response['id']).to eq(user.id)
    631. 

  631.       expect(json_response['firstname']).to eq(user.firstname)
    632. 

  632.       expect(json_response['organization']).to be_falsey
    633. 

  633.       expect(json_response['organization_id']).to eq(user.organization_id)
    634. 

  634.       expect(json_response['password']).to be_falsey
    635. 

  635.       expect(json_response['role_ids']).to eq(user.role_ids)
    636. 

  636.       expect(json_response['updated_by_id']).to eq(admin_user.id)
    637. 

  637.       expect(json_response['created_by_id']).to eq(admin_user.id)
    638. 

  638.     end
    639. 

  639. 

  640.     it 'does user index and response format (04.02)' do
    641. 

  641.       user = create(
    642. 

  642.         :customer_user,
    643. 

  643.         login:         'rest-customer3@example.com',
    644. 

  644.         firstname:     'Rest',
    645. 

  645.         lastname:      'Customer3',
    646. 

  646.         email:         'rest-customer3@example.com',
    647. 

  647.         password:      'customer3pw',
    648. 

  648.         active:        true,
    649. 

  649.         organization:  organization,
    650. 

  650.         updated_by_id: admin_user.id,
    651. 

  651.         created_by_id: admin_user.id,
    652. 

  652.       )
    653. 

  653. 

  654.       authenticated_as(admin_user)
    655. 

  655.       get '/api/v1/users', params: {}, as: :json
    656. 

  656.       expect(response).to have_http_status(:ok)
    657. 

  657.       expect(json_response).to be_a_kind_of(Array)
    658. 

  658.       expect(json_response[0].class).to eq(Hash)
    659. 

  659.       expect(json_response.last['id']).to eq(user.id)
    660. 

  660.       expect(json_response.last['lastname']).to eq(user.lastname)
    661. 

  661.       expect(json_response.last['organization']).to be_falsey
    662. 

  662.       expect(json_response.last['role_ids']).to eq(user.role_ids)
    663. 

  663.       expect(json_response.last['organization_id']).to eq(user.organization_id)
    664. 

  664.       expect(json_response.last['password']).to be_falsey
    665. 

  665.       expect(json_response.last['updated_by_id']).to eq(admin_user.id)
    666. 

  666.       expect(json_response.last['created_by_id']).to eq(admin_user.id)
    667. 

  667. 

  668.       get '/api/v1/users?expand=true', params: {}, as: :json
    669. 

  669.       expect(response).to have_http_status(:ok)
    670. 

  670.       expect(json_response).to be_a_kind_of(Array)
    671. 

  671.       expect(json_response[0].class).to eq(Hash)
    672. 

  672.       expect(json_response.last['id']).to eq(user.id)
    673. 

  673.       expect(json_response.last['lastname']).to eq(user.lastname)
    674. 

  674.       expect(json_response.last['organization_id']).to eq(user.organization_id)
    675. 

  675.       expect(json_response.last['organization']).to eq(user.organization.name)
    676. 

  676.       expect(json_response.last['password']).to be_falsey
    677. 

  677.       expect(json_response.last['updated_by_id']).to eq(admin_user.id)
    678. 

  678.       expect(json_response.last['created_by_id']).to eq(admin_user.id)
    679. 

  679. 

  680.       get '/api/v1/users?expand=false', params: {}, as: :json
    681. 

  681.       expect(response).to have_http_status(:ok)
    682. 

  682.       expect(json_response).to be_a_kind_of(Array)
    683. 

  683.       expect(json_response[0].class).to eq(Hash)
    684. 

  684.       expect(json_response.last['id']).to eq(user.id)
    685. 

  685.       expect(json_response.last['lastname']).to eq(user.lastname)
    686. 

  686.       expect(json_response.last['organization']).to be_falsey
    687. 

  687.       expect(json_response.last['role_ids']).to eq(user.role_ids)
    688. 

  688.       expect(json_response.last['organization_id']).to eq(user.organization_id)
    689. 

  689.       expect(json_response.last['password']).to be_falsey
    690. 

  690.       expect(json_response.last['updated_by_id']).to eq(admin_user.id)
    691. 

  691.       expect(json_response.last['created_by_id']).to eq(admin_user.id)
    692. 

  692. 

  693.       get '/api/v1/users?full=true', params: {}, as: :json
    694. 

  694.       expect(response).to have_http_status(:ok)
    695. 

  695. 

  696.       expect(json_response).to be_a_kind_of(Hash)
    697. 

  697.       expect(json_response['record_ids'].class).to eq(Array)
    698. 

  698.       expect(json_response['record_ids'][0]).to eq(1)
    699. 

  699.       expect(json_response['record_ids'].last).to eq(user.id)
    700. 

  700.       expect(json_response['assets']).to be_truthy
    701. 

  701.       expect(json_response['assets']['User']).to be_truthy
    702. 

  702.       expect(json_response['assets']['User'][user.id.to_s]).to be_truthy
    703. 

  703.       expect(json_response['assets']['User'][user.id.to_s]['id']).to eq(user.id)
    704. 

  704.       expect(json_response['assets']['User'][user.id.to_s]['lastname']).to eq(user.lastname)
    705. 

  705.       expect(json_response['assets']['User'][user.id.to_s]['organization_id']).to eq(user.organization_id)
    706. 

  706.       expect(json_response['assets']['User'][user.id.to_s]['password']).to be_falsey
    707. 

  707. 

  708.       get '/api/v1/users?full=false', params: {}, as: :json
    709. 

  709.       expect(response).to have_http_status(:ok)
    710. 

  710.       expect(json_response).to be_a_kind_of(Array)
    711. 

  711.       expect(json_response[0].class).to eq(Hash)
    712. 

  712.       expect(json_response.last['id']).to eq(user.id)
    713. 

  713.       expect(json_response.last['lastname']).to eq(user.lastname)
    714. 

  714.       expect(json_response.last['organization']).to be_falsey
    715. 

  715.       expect(json_response.last['role_ids']).to eq(user.role_ids)
    716. 

  716.       expect(json_response.last['organization_id']).to eq(user.organization_id)
    717. 

  717.       expect(json_response.last['password']).to be_falsey
    718. 

  718.       expect(json_response.last['updated_by_id']).to eq(admin_user.id)
    719. 

  719.       expect(json_response.last['created_by_id']).to eq(admin_user.id)
    720. 

  720.     end
    721. 

  721. 

  722.     it 'does ticket create and response format (04.03)' do
    723. 

  723.       organization = Organization.first
    724. 

  724.       params = {
    725. 

  725.         firstname:    'newfirstname123',
    726. 

  726.         note:         'some note',
    727. 

  727.         organization: organization.name,
    728. 

  728.       }
    729. 

  729. 

  730.       authenticated_as(admin_user)
    731. 

  731.       post '/api/v1/users', params: params, as: :json
    732. 

  732.       expect(response).to have_http_status(:created)
    733. 

  733.       expect(json_response).to be_a_kind_of(Hash)
    734. 

  734. 

  735.       user = User.find(json_response['id'])
    736. 

  736.       expect(json_response['firstname']).to eq(user.firstname)
    737. 

  737.       expect(json_response['organization_id']).to eq(user.organization_id)
    738. 

  738.       expect(json_response['organization']).to be_falsey
    739. 

  739.       expect(json_response['password']).to be_falsey
    740. 

  740.       expect(json_response['updated_by_id']).to eq(admin_user.id)
    741. 

  741.       expect(json_response['created_by_id']).to eq(admin_user.id)
    742. 

  742. 

  743.       post '/api/v1/users?expand=true', params: params, as: :json
    744. 

  744.       expect(response).to have_http_status(:created)
    745. 

  745.       expect(json_response).to be_a_kind_of(Hash)
    746. 

  746. 

  747.       user = User.find(json_response['id'])
    748. 

  748.       expect(json_response['firstname']).to eq(user.firstname)
    749. 

  749.       expect(json_response['organization_id']).to eq(user.organization_id)
    750. 

  750.       expect(json_response['organization']).to eq(user.organization.name)
    751. 

  751.       expect(json_response['password']).to be_falsey
    752. 

  752.       expect(json_response['updated_by_id']).to eq(admin_user.id)
    753. 

  753.       expect(json_response['created_by_id']).to eq(admin_user.id)
    754. 

  754. 

  755.       post '/api/v1/users?full=true', params: params, as: :json
    756. 

  756.       expect(response).to have_http_status(:created)
    757. 

  757.       expect(json_response).to be_a_kind_of(Hash)
    758. 

  758. 

  759.       user = User.find(json_response['id'])
    760. 

  760.       expect(json_response['assets']).to be_truthy
    761. 

  761.       expect(json_response['assets']['User']).to be_truthy
    762. 

  762.       expect(json_response['assets']['User'][user.id.to_s]).to be_truthy
    763. 

  763.       expect(json_response['assets']['User'][user.id.to_s]['id']).to eq(user.id)
    764. 

  764.       expect(json_response['assets']['User'][user.id.to_s]['firstname']).to eq(user.firstname)
    765. 

  765.       expect(json_response['assets']['User'][user.id.to_s]['lastname']).to eq(user.lastname)
    766. 

  766.       expect(json_response['assets']['User'][user.id.to_s]['password']).to be_falsey
    767. 

  767. 

  768.       expect(json_response['assets']['User'][admin_user.id.to_s]).to be_truthy
    769. 

  769.       expect(json_response['assets']['User'][admin_user.id.to_s]['id']).to eq(admin_user.id)
    770. 

  770.       expect(json_response['assets']['User'][admin_user.id.to_s]['firstname']).to eq(admin_user.firstname)
    771. 

  771.       expect(json_response['assets']['User'][admin_user.id.to_s]['lastname']).to eq(admin_user.lastname)
    772. 

  772.       expect(json_response['assets']['User'][admin_user.id.to_s]['password']).to be_falsey
    773. 

  773. 

  774.     end
    775. 

  775. 

  776.     it 'does ticket update and response formats (04.04)' do
    777. 

  777.       user = create(
    778. 

  778.         :customer_user,
    779. 

  779.         login:         'rest-customer3@example.com',
    780. 

  780.         firstname:     'Rest',
    781. 

  781.         lastname:      'Customer3',
    782. 

  782.         email:         'rest-customer3@example.com',
    783. 

  783.         password:      'customer3pw',
    784. 

  784.         active:        true,
    785. 

  785.         organization:  organization,
    786. 

  786.         updated_by_id: admin_user.id,
    787. 

  787.         created_by_id: admin_user.id,
    788. 

  788.       )
    789. 

  789. 

  790.       authenticated_as(admin_user)
    791. 

  791.       params = {
    792. 

  792.         firstname: 'a update firstname #1',
    793. 

  793.       }
    794. 

  794.       put "/api/v1/users/#{user.id}", params: params, as: :json
    795. 

  795.       expect(response).to have_http_status(:ok)
    796. 

  796.       expect(json_response).to be_a_kind_of(Hash)
    797. 

  797. 

  798.       user = User.find(json_response['id'])
    799. 

  799.       expect(json_response['lastname']).to eq(user.lastname)
    800. 

  800.       expect(json_response['firstname']).to eq(params[:firstname])
    801. 

  801.       expect(json_response['organization_id']).to eq(user.organization_id)
    802. 

  802.       expect(json_response['organization']).to be_falsey
    803. 

  803.       expect(json_response['password']).to be_falsey
    804. 

  804.       expect(json_response['updated_by_id']).to eq(admin_user.id)
    805. 

  805.       expect(json_response['created_by_id']).to eq(admin_user.id)
    806. 

  806. 

  807.       params = {
    808. 

  808.         firstname: 'a update firstname #2',
    809. 

  809.       }
    810. 

  810.       put "/api/v1/users/#{user.id}?expand=true", params: params, as: :json
    811. 

  811.       expect(response).to have_http_status(:ok)
    812. 

  812.       expect(json_response).to be_a_kind_of(Hash)
    813. 

  813. 

  814.       user = User.find(json_response['id'])
    815. 

  815.       expect(json_response['lastname']).to eq(user.lastname)
    816. 

  816.       expect(json_response['firstname']).to eq(params[:firstname])
    817. 

  817.       expect(json_response['organization_id']).to eq(user.organization_id)
    818. 

  818.       expect(json_response['organization']).to eq(user.organization.name)
    819. 

  819.       expect(json_response['password']).to be_falsey
    820. 

  820.       expect(json_response['updated_by_id']).to eq(admin_user.id)
    821. 

  821.       expect(json_response['created_by_id']).to eq(admin_user.id)
    822. 

  822. 

  823.       params = {
    824. 

  824.         firstname: 'a update firstname #3',
    825. 

  825.       }
    826. 

  826.       put "/api/v1/users/#{user.id}?full=true", params: params, as: :json
    827. 

  827.       expect(response).to have_http_status(:ok)
    828. 

  828.       expect(json_response).to be_a_kind_of(Hash)
    829. 

  829. 

  830.       user = User.find(json_response['id'])
    831. 

  831.       expect(json_response['assets']).to be_truthy
    832. 

  832.       expect(json_response['assets']['User']).to be_truthy
    833. 

  833.       expect(json_response['assets']['User'][user.id.to_s]).to be_truthy
    834. 

  834.       expect(json_response['assets']['User'][user.id.to_s]['id']).to eq(user.id)
    835. 

  835.       expect(json_response['assets']['User'][user.id.to_s]['firstname']).to eq(params[:firstname])
    836. 

  836.       expect(json_response['assets']['User'][user.id.to_s]['lastname']).to eq(user.lastname)
    837. 

  837.       expect(json_response['assets']['User'][user.id.to_s]['password']).to be_falsey
    838. 

  838. 

  839.       expect(json_response['assets']['User'][admin_user.id.to_s]).to be_truthy
    840. 

  840.       expect(json_response['assets']['User'][admin_user.id.to_s]['id']).to eq(admin_user.id)
    841. 

  841.       expect(json_response['assets']['User'][admin_user.id.to_s]['firstname']).to eq(admin_user.firstname)
    842. 

  842.       expect(json_response['assets']['User'][admin_user.id.to_s]['lastname']).to eq(admin_user.lastname)
    843. 

  843.       expect(json_response['assets']['User'][admin_user.id.to_s]['password']).to be_falsey
    844. 

  844. 

  845.     end
    846. 

  846. 

  847.     it 'does csv example - customer no access (05.01)' do
    848. 

  848. 

  849.       authenticated_as(customer_user)
    850. 

  850.       get '/api/v1/users/import_example', params: {}, as: :json
    851. 

  851.       expect(response).to have_http_status(:unauthorized)
    852. 

  852.       expect(json_response['error']).to eq('Not authorized (user)!')
    853. 

  853.     end
    854. 

  854. 

  855.     it 'does csv example - admin access (05.02)' do
    856. 

  856. 

  857.       authenticated_as(admin_user)
    858. 

  858.       get '/api/v1/users/import_example', params: {}, as: :json
    859. 

  859.       expect(response).to have_http_status(:ok)
    860. 

  860. 

  861.       rows = CSV.parse(@response.body)
    862. 

  862.       header = rows.shift
    863. 

  863. 

  864.       expect(header[0]).to eq('id')
    865. 

  865.       expect(header[1]).to eq('login')
    866. 

  866.       expect(header[2]).to eq('firstname')
    867. 

  867.       expect(header[3]).to eq('lastname')
    868. 

  868.       expect(header[4]).to eq('email')
    869. 

  869.       expect(header).to include('organization')
    870. 

  870.     end
    871. 

  871. 

  872.     it 'does csv import - admin access (05.03)' do
    873. 

  873. 

  874.       # invalid file
    875. 

  875.       csv_file = fixture_file_upload('csv_import/user/simple_col_not_existing.csv', 'text/csv')
    876. 

  876.       authenticated_as(admin_user)
    877. 

  877.       post '/api/v1/users/import?try=true', params: { file: csv_file, col_sep: ';' }
    878. 

  878.       expect(response).to have_http_status(:ok)
    879. 

  879.       expect(json_response).to be_a_kind_of(Hash)
    880. 

  880. 

  881.       expect(json_response['try']).to eq(true)
    882. 

  882.       expect(json_response['records']).to be_empty
    883. 

  883.       expect(json_response['result']).to eq('failed')
    884. 

  884.       expect(json_response['errors'].count).to eq(2)
    885. 

  885.       expect(json_response['errors'][0]).to eq("Line 1: Unable to create record - unknown attribute 'firstname2' for User.")
    886. 

  886.       expect(json_response['errors'][1]).to eq("Line 2: Unable to create record - unknown attribute 'firstname2' for User.")
    887. 

  887. 

  888.       # valid file try
    889. 

  889.       csv_file = fixture_file_upload('csv_import/user/simple.csv', 'text/csv')
    890. 

  890.       post '/api/v1/users/import?try=true', params: { file: csv_file, col_sep: ';' }
    891. 

  891.       expect(response).to have_http_status(:ok)
    892. 

  892.       expect(json_response).to be_a_kind_of(Hash)
    893. 

  893. 

  894.       expect(json_response['try']).to eq(true)
    895. 

  895.       expect(json_response['records'].count).to eq(2)
    896. 

  896.       expect(json_response['result']).to eq('success')
    897. 

  897. 

  898.       expect(User.find_by(login: 'user-simple-import1')).to be_nil
    899. 

  899.       expect(User.find_by(login: 'user-simple-import2')).to be_nil
    900. 

  900. 

  901.       # valid file
    902. 

  902.       csv_file = fixture_file_upload('csv_import/user/simple.csv', 'text/csv')
    903. 

  903.       post '/api/v1/users/import', params: { file: csv_file, col_sep: ';' }
    904. 

  904.       expect(response).to have_http_status(:ok)
    905. 

  905.       expect(json_response).to be_a_kind_of(Hash)
    906. 

  906. 

  907.       expect(json_response['try']).to eq(false)
    908. 

  908.       expect(json_response['records'].count).to eq(2)
    909. 

  909.       expect(json_response['result']).to eq('success')
    910. 

  910. 

  911.       user1 = User.find_by(login: 'user-simple-import1')
    912. 

  912.       expect(user1).to be_truthy
    913. 

  913.       expect(user1.login).to eq('user-simple-import1')
    914. 

  914.       expect(user1.firstname).to eq('firstname-simple-import1')
    915. 

  915.       expect(user1.lastname).to eq('lastname-simple-import1')
    916. 

  916.       expect(user1.email).to eq('user-simple-import1@example.com')
    917. 

  917.       expect(user1.active).to eq(true)
    918. 

  918.       user2 = User.find_by(login: 'user-simple-import2')
    919. 

  919.       expect(user2).to be_truthy
    920. 

  920.       expect(user2.login).to eq('user-simple-import2')
    921. 

  921.       expect(user2.firstname).to eq('firstname-simple-import2')
    922. 

  922.       expect(user2.lastname).to eq('lastname-simple-import2')
    923. 

  923.       expect(user2.email).to eq('user-simple-import2@example.com')
    924. 

  924.       expect(user2.active).to eq(false)
    925. 

  925. 

  926.       user1.destroy!
    927. 

  927.       user2.destroy!
    928. 

  928.     end
    929. 

  929. 

  930.     it 'does user history' do
    931. 

  931.       user1 = create(
    932. 

  932.         :customer_user,
    933. 

  933.         login:     'history@example.com',
    934. 

  934.         firstname: 'History',
    935. 

  935.         lastname:  'Customer1',
    936. 

  936.         email:     'history@example.com',
    937. 

  937.       )
    938. 

  938. 

  939.       authenticated_as(agent_user)
    940. 

  940.       get "/api/v1/users/history/#{user1.id}", params: {}, as: :json
    941. 

  941.       expect(response).to have_http_status(:ok)
    942. 

  942.       expect(json_response).to be_a_kind_of(Hash)
    943. 

  943.       expect(json_response['history'].class).to eq(Array)
    944. 

  944.       expect(json_response['assets'].class).to eq(Hash)
    945. 

  945.       expect(json_response['assets']['Ticket']).to be_nil
    946. 

  946.       expect(json_response['assets']['User'][user1.id.to_s]).not_to be_nil
    947. 

  947.     end
    948. 

  948. 

  949.     it 'does user search sortable' do
    950. 

  950.       firstname = "user_search_sortable #{rand(999_999_999)}"
    951. 

  951. 

  952.       user1 = create(
    953. 

  953.         :customer_user,
    954. 

  954.         login:           'rest-user_search_sortableA@example.com',
    955. 

  955.         firstname:       "#{firstname} A",
    956. 

  956.         lastname:        'user_search_sortableA',
    957. 

  957.         email:           'rest-user_search_sortableA@example.com',
    958. 

  958.         password:        'user_search_sortableA',
    959. 

  959.         active:          true,
    960. 

  960.         organization_id: organization.id,
    961. 

  961.         out_of_office:   false,
    962. 

  962.         created_at:      '2016-02-05 17:42:00',
    963. 

  963.       )
    964. 

  964.       user2 = create(
    965. 

  965.         :customer_user,
    966. 

  966.         login:                        'rest-user_search_sortableB@example.com',
    967. 

  967.         firstname:                    "#{firstname} B",
    968. 

  968.         lastname:                     'user_search_sortableB',
    969. 

  969.         email:                        'rest-user_search_sortableB@example.com',
    970. 

  970.         password:                     'user_search_sortableB',
    971. 

  971.         active:                       true,
    972. 

  972.         organization_id:              organization.id,
    973. 

  973.         out_of_office_start_at:       '2016-02-06 19:42:00',
    974. 

  974.         out_of_office_end_at:         '2016-02-07 19:42:00',
    975. 

  975.         out_of_office_replacement_id: 1,
    976. 

  976.         out_of_office:                true,
    977. 

  977.         created_at:                   '2016-02-05 19:42:00',
    978. 

  978.       )
    979. 

  979.       Scheduler.worker(true)
    980. 

  980.       sleep 2 # let es time to come ready
    981. 

  981. 

  982.       authenticated_as(admin_user)
    983. 

  983.       get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'created_at', order_by: 'asc' }, as: :json
    984. 

  984.       expect(response).to have_http_status(:ok)
    985. 

  985.       expect(json_response).to be_a_kind_of(Array)
    986. 

  986.       result = json_response
    987. 

  987.       result.collect! { |v| v['id'] }
    988. 

  988.       expect(result).to eq([user1.id, user2.id])
    989. 

  989. 

  990.       get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'firstname', order_by: 'asc' }, as: :json
    991. 

  991.       expect(response).to have_http_status(:ok)
    992. 

  992.       expect(json_response).to be_a_kind_of(Array)
    993. 

  993.       result = json_response
    994. 

  994.       result.collect! { |v| v['id'] }
    995. 

  995.       expect(result).to eq([user1.id, user2.id])
    996. 

  996. 

  997.       get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'firstname', order_by: 'desc' }, as: :json
    998. 

  998.       expect(response).to have_http_status(:ok)
    999. 

  999.       expect(json_response).to be_a_kind_of(Array)
    1000. 

  1000.       result = json_response
    1001. 

  1001.       result.collect! { |v| v['id'] }
    1002. 

  1002.       expect(result).to eq([user2.id, user1.id])
    1003. 

  1003. 

  1004.       get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[firstname created_at], order_by: %w[desc asc] }, as: :json
    1005. 

  1005.       expect(response).to have_http_status(:ok)
    1006. 

  1006.       expect(json_response).to be_a_kind_of(Array)
    1007. 

  1007.       result = json_response
    1008. 

  1008.       result.collect! { |v| v['id'] }
    1009. 

  1009.       expect(result).to eq([user2.id, user1.id])
    1010. 

  1010. 

  1011.       get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[firstname created_at], order_by: %w[desc asc] }, as: :json
    1012. 

  1012.       expect(response).to have_http_status(:ok)
    1013. 

  1013.       expect(json_response).to be_a_kind_of(Array)
    1014. 

  1014.       result = json_response
    1015. 

  1015.       result.collect! { |v| v['id'] }
    1016. 

  1016.       expect(result).to eq([user2.id, user1.id])
    1017. 

  1017. 

  1018.       get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'out_of_office', order_by: 'asc' }, as: :json
    1019. 

  1019.       expect(response).to have_http_status(:ok)
    1020. 

  1020.       expect(json_response).to be_a_kind_of(Array)
    1021. 

  1021.       result = json_response
    1022. 

  1022.       result.collect! { |v| v['id'] }
    1023. 

  1023.       expect(result).to eq([user1.id, user2.id])
    1024. 

  1024. 

  1025.       get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'out_of_office', order_by: 'desc' }, as: :json
    1026. 

  1026.       expect(response).to have_http_status(:ok)
    1027. 

  1027.       expect(json_response).to be_a_kind_of(Array)
    1028. 

  1028.       result = json_response
    1029. 

  1029.       result.collect! { |v| v['id'] }
    1030. 

  1030.       expect(result).to eq([user2.id, user1.id])
    1031. 

  1031. 

  1032.       get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[created_by_id created_at], order_by: %w[asc asc] }, as: :json
    1033. 

  1033.       expect(response).to have_http_status(:ok)
    1034. 

  1034.       expect(json_response).to be_a_kind_of(Array)
    1035. 

  1035.       result = json_response
    1036. 

  1036.       result.collect! { |v| v['id'] }
    1037. 

  1037.       expect(result).to eq([user1.id, user2.id])
    1038. 

  1038.     end
    1039. 

  1039. 

  1040.     context 'does password reset send work' do
    1041. 

  1041.       let(:user) { create(:customer_user, login: 'somebody', email: 'somebody@example.com') }
    1042. 

  1042. 

  1043.       context 'for user without email address' do
    1044. 

  1044.         let(:user) { create(:customer_user, login: 'somebody', email: '') }
    1045. 

  1045. 

  1046.         it 'return failed' do
    1047. 

  1047.           post '/api/v1/users/password_reset', params: { username: user.login }, as: :json
    1048. 

  1048. 

  1049.           expect(response).to have_http_status(:ok)
    1050. 

  1050.           expect(json_response).to be_a_kind_of(Hash)
    1051. 

  1051.           expect(json_response['message']).to eq('failed')
    1052. 

  1052.         end
    1053. 

  1053.       end
    1054. 

  1054. 

  1055.       context 'for user with email address' do
    1056. 

  1056.         it 'return ok' do
    1057. 

  1057.           post '/api/v1/users/password_reset', params: { username: user.login }, as: :json
    1058. 

  1058. 

  1059.           expect(response).to have_http_status(:ok)
    1060. 

  1060.           expect(json_response).to be_a_kind_of(Hash)
    1061. 

  1061.           expect(json_response['message']).to eq('ok')
    1062. 

  1062.         end
    1063. 

  1063.       end
    1064. 

  1064. 

  1065.       context 'for user with email address but disabled feature' do
    1066. 

  1066.         before { Setting.set('user_lost_password', false) }
    1067. 

  1067. 

  1068.         it 'raise 422' do
    1069. 

  1069.           post '/api/v1/users/password_reset', params: { username: user.login }, as: :json
    1070. 

  1070. 

  1071.           expect(response).to have_http_status(:unprocessable_entity)
    1072. 

  1072.           expect(json_response['error']).to be_truthy
    1073. 

  1073.           expect(json_response['error']).to eq('Feature not enabled!')
    1074. 

  1074.         end
    1075. 

  1075.       end
    1076. 

  1076.     end
    1077. 

  1077. 

  1078.     context 'does password reset by token work' do
    1079. 

  1079.       let(:user) { create(:customer_user, login: 'somebody', email: 'somebody@example.com') }
    1080. 

  1080.       let(:token) { create(:token, action: 'PasswordReset', user_id: user.id) }
    1081. 

  1081. 

  1082.       context 'for user without email address' do
    1083. 

  1083.         let(:user) { create(:customer_user, login: 'somebody', email: '') }
    1084. 

  1084. 

  1085.         it 'return failed' do
    1086. 

  1086.           post '/api/v1/users/password_reset_verify', params: { username: user.login, token: token.name, password: 'Test1234#.' }, as: :json
    1087. 

  1087. 

  1088.           expect(response).to have_http_status(:ok)
    1089. 

  1089.           expect(json_response).to be_a_kind_of(Hash)
    1090. 

  1090.           expect(json_response['message']).to eq('failed')
    1091. 

  1091.         end
    1092. 

  1092.       end
    1093. 

  1093. 

  1094.       context 'for user with email address' do
    1095. 

  1095.         it 'return ok' do
    1096. 

  1096.           post '/api/v1/users/password_reset_verify', params: { username: user.login, token: token.name, password: 'Test1234#.' }, as: :json
    1097. 

  1097. 

  1098.           expect(response).to have_http_status(:ok)
    1099. 

  1099.           expect(json_response).to be_a_kind_of(Hash)
    1100. 

  1100.           expect(json_response['message']).to eq('ok')
    1101. 

  1101.         end
    1102. 

  1102.       end
    1103. 

  1103. 

  1104.       context 'for user with email address but disabled feature' do
    1105. 

  1105.         before { Setting.set('user_lost_password', false) }
    1106. 

  1106. 

  1107.         it 'raise 422' do
    1108. 

  1108.           post '/api/v1/users/password_reset_verify', params: { username: user.login, token: token.name, password: 'Test1234#.' }, as: :json
    1109. 

  1109. 

  1110.           expect(response).to have_http_status(:unprocessable_entity)
    1111. 

  1111.           expect(json_response['error']).to be_truthy
    1112. 

  1112.           expect(json_response['error']).to eq('Feature not enabled!')
    1113. 

  1113.         end
    1114. 

  1114.       end
    1115. 

  1115.     end
    1116. 

  1116. 

  1117.     context 'password change' do
    1118. 

  1118.       let(:user) { create(:customer_user, login: 'somebody', email: 'somebody@example.com', password: 'Test1234#.') }
    1119. 

  1119. 

  1120.       before { authenticated_as(user, login: 'somebody', password: 'Test1234#.') }
    1121. 

  1121. 

  1122.       context 'user without email address' do
    1123. 

  1123.         let(:user) { create(:customer_user, login: 'somebody', email: '', password: 'Test1234#.') }
    1124. 

  1124. 

  1125.         it 'return ok' do
    1126. 

  1126.           post '/api/v1/users/password_change', params: { password_old: 'Test1234#.', password_new: 'Test12345#.' }, as: :json
    1127. 

  1127. 

  1128.           expect(response).to have_http_status(:ok)
    1129. 

  1129.           expect(json_response).to be_a_kind_of(Hash)
    1130. 

  1130.           expect(json_response['message']).to eq('ok')
    1131. 

  1131.         end
    1132. 

  1132.       end
    1133. 

  1133. 

  1134.       context 'user with email address' do
    1135. 

  1135.         it 'return ok' do
    1136. 

  1136.           post '/api/v1/users/password_change', params: { password_old: 'Test1234#.', password_new: 'Test12345#.' }, as: :json
    1137. 

  1137. 

  1138.           expect(response).to have_http_status(:ok)
    1139. 

  1139.           expect(json_response).to be_a_kind_of(Hash)
    1140. 

  1140.           expect(json_response['message']).to eq('ok')
    1141. 

  1141.         end
    1142. 

  1142.       end
    1143. 

  1143.     end
    1144. 

  1144.   end
    1145. 

  1145. end
    1146.