Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Tree: c8ef769829
Branches Tags
zammad
/
spec
/
models
/
token_spec.rb

token_spec.rb 4.6 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141 
  1. require 'rails_helper'
    2. 

  2. 

  3. RSpec.describe Token, type: :model do
    4. 

  4.   subject(:token) { create(:password_reset_token) }
    5. 

  5. 

  6.   describe '.check' do
    7. 

  7.     context 'with name and action matching existing token' do
    8. 

  8.       it 'returns the token’s user' do
    9. 

  9.         expect(Token.check(action: token.action, name: token.name)).to eq(token.user)
    10. 

  10.       end
    11. 

  11.     end
    12. 

  12. 

  13.     context 'with invalid name' do
    14. 

  14.       it 'returns nil' do
    15. 

  15.         expect(Token.check(action: token.action, name: '1NV4L1D')).to be(nil)
    16. 

  16.       end
    17. 

  17.     end
    18. 

  18. 

  19.     context 'with invalid action' do
    20. 

  20.       it 'returns nil' do
    21. 

  21.         expect(Token.check(action: 'PasswordReset_NotExisting', name: token.name)).to be(nil)
    22. 

  22.       end
    23. 

  23.     end
    24. 

  24. 

  25.     describe 'persistence handling' do
    26. 

  26.       context 'for persistent token' do
    27. 

  27.         subject(:token) { create(:ical_token, persistent: true, created_at: created_at) }
    28. 

  28. 

  29.         context 'at any time' do
    30. 

  30.           let(:created_at) { 1.month.ago }
    31. 

  31. 

  32.           it 'returns the token’s user' do
    33. 

  33.             expect(Token.check(action: token.action, name: token.name)).to eq(token.user)
    34. 

  34.           end
    35. 

  35. 

  36.           it 'does not delete the token' do
    37. 

  37.             token  # create token
    38. 

  38. 

  39.             expect { Token.check(action: token.action, name: token.name) }
    40. 

  40.               .not_to change(Token, :count)
    41. 

  41.           end
    42. 

  42.         end
    43. 

  43.       end
    44. 

  44. 

  45.       context 'for non-persistent token' do
    46. 

  46.         subject(:token) { create(:password_reset_token, persistent: false, created_at: created_at) }
    47. 

  47. 

  48.         context 'less than one day after creation' do
    49. 

  49.           let(:created_at) { 1.day.ago + 5 }
    50. 

  50. 

  51.           it 'returns the token’s user' do
    52. 

  52.             expect(Token.check(action: token.action, name: token.name)).to eq(token.user)
    53. 

  53.           end
    54. 

  54. 

  55.           it 'does not delete the token' do
    56. 

  56.             token  # create token
    57. 

  57. 

  58.             expect { Token.check(action: token.action, name: token.name) }
    59. 

  59.               .not_to change(Token, :count)
    60. 

  60.           end
    61. 

  61.         end
    62. 

  62. 

  63.         context 'at least one day after creation' do
    64. 

  64.           let(:created_at) { 1.day.ago }
    65. 

  65. 

  66.           it 'returns nil' do
    67. 

  67.             expect(Token.check(action: token.action, name: token.name)).to be(nil)
    68. 

  68.           end
    69. 

  69. 

  70.           it 'deletes the token' do
    71. 

  71.             token  # create token
    72. 

  72. 

  73.             expect { Token.check(action: token.action, name: token.name) }
    74. 

  74.               .to change(Token, :count).by(-1)
    75. 

  75.           end
    76. 

  76.         end
    77. 

  77.       end
    78. 

  78.     end
    79. 

  79. 

  80.     describe 'permission matching' do
    81. 

  81.       subject(:token) { create(:api_token, user: agent, preferences: preferences) }
    82. 

  82. 

  83.       let(:agent) { create(:agent_user) }
    84. 

  84.       let(:preferences) { { permission: %w[admin ticket.agent] } } # agent has no access to admin.*
    85. 

  85. 

  86.       context 'with a permission shared by both token.user and token.preferences' do
    87. 

  87.         it 'returns token.user' do
    88. 

  88.           expect(Token.check(action: token.action, name: token.name, permission: 'ticket.agent')).to eq(agent)
    89. 

  89.         end
    90. 

  90.       end
    91. 

  91. 

  92.       context 'with the child of a permission shared by both token.user and token.preferences' do
    93. 

  93.         it 'returns token.user' do
    94. 

  94.           expect(Token.check(action: token.action, name: token.name, permission: 'ticket.agent.foo')).to eq(agent)
    95. 

  95.         end
    96. 

  96.       end
    97. 

  97. 

  98.       context 'with the parent of a permission shared by both token.user and token.preferences' do
    99. 

  99.         it 'returns nil' do
    100. 

  100.           expect(Token.check(action: token.action, name: token.name, permission: 'ticket')).to be(nil)
    101. 

  101.         end
    102. 

  102.       end
    103. 

  103. 

  104.       context 'with a permission in token.preferences, but not on token.user' do
    105. 

  105.         it 'returns nil' do
    106. 

  106.           expect(Token.check(action: token.action, name: token.name, permission: 'admin')).to be(nil)
    107. 

  107.         end
    108. 

  108.       end
    109. 

  109. 

  110.       context 'with a permission not in token.preferences, but on token.user' do
    111. 

  111.         it 'returns nil' do
    112. 

  112.           expect(Token.check(action: token.action, name: token.name, permission: 'cti.agent')).to be(nil)
    113. 

  113.         end
    114. 

  114.       end
    115. 

  115. 

  116.       context 'with non-existent permission' do
    117. 

  117.         it 'returns nil' do
    118. 

  118.           expect(Token.check(action: token.action, name: token.name, permission: 'foo')).to be(nil)
    119. 

  119.         end
    120. 

  120.       end
    121. 

  121. 

  122.       context 'with multiple permissions, where at least one is shared by both token.user and token.preferences' do
    123. 

  123.         it 'returns token.user' do
    124. 

  124.           expect(Token.check(action: token.action, name: token.name, permission: %w[foo ticket.agent])).to eq(agent)
    125. 

  125.         end
    126. 

  126.       end
    127. 

  127.     end
    128. 

  128.   end
    129. 

  129. 

  130.   describe 'Attributes:' do
    131. 

  131.     describe '#persistent' do
    132. 

  132.       context 'when not set on creation' do
    133. 

  133.         subject(:token) { Token.create(action: 'foo', user_id: User.first.id) }
    134. 

  134. 

  135.         it 'defaults to nil' do
    136. 

  136.           expect(token.persistent).to be(nil)
    137. 

  137.         end
    138. 

  138.       end
    139. 

  139.     end
    140. 

  140.   end
    141. 

  141. end
    142.