api_auth_on_behalf_of_spec.rb 5.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166
  1. require 'rails_helper'
  2. RSpec.describe 'Api Auth On Behalf Of', type: :request do
  3. let(:admin) do
  4. create(:admin, groups: Group.all)
  5. end
  6. let(:agent) do
  7. create(:agent)
  8. end
  9. let(:customer) do
  10. create(:customer)
  11. end
  12. describe 'request handling' do
  13. it 'does X-On-Behalf-Of auth - ticket create admin for customer by id' do
  14. params = {
  15. title: 'a new ticket #3',
  16. group: 'Users',
  17. priority: '2 normal',
  18. state: 'new',
  19. customer_id: customer.id,
  20. article: {
  21. body: 'some test 123',
  22. },
  23. }
  24. authenticated_as(admin, on_behalf_of: customer.id)
  25. post '/api/v1/tickets', params: params, as: :json
  26. expect(response).to have_http_status(:created)
  27. expect(json_response).to be_a_kind_of(Hash)
  28. expect(customer.id).to eq(json_response['created_by_id'])
  29. end
  30. it 'does X-On-Behalf-Of auth - ticket create admin for customer by login' do
  31. ActivityStream.cleanup(1.year)
  32. params = {
  33. title: 'a new ticket #3',
  34. group: 'Users',
  35. priority: '2 normal',
  36. state: 'new',
  37. customer_id: customer.id,
  38. article: {
  39. body: 'some test 123',
  40. },
  41. }
  42. authenticated_as(admin, on_behalf_of: customer.login)
  43. post '/api/v1/tickets', params: params, as: :json
  44. expect(response).to have_http_status(:created)
  45. json_response_ticket = json_response
  46. expect(json_response_ticket).to be_a_kind_of(Hash)
  47. expect(customer.id).to eq(json_response_ticket['created_by_id'])
  48. authenticated_as(admin)
  49. get '/api/v1/activity_stream?full=true', params: {}, as: :json
  50. expect(response).to have_http_status(:ok)
  51. json_response_activity = json_response
  52. expect(json_response_activity).to be_a_kind_of(Hash)
  53. ticket_created = nil
  54. json_response_activity['record_ids'].each do |record_id|
  55. activity_stream = ActivityStream.find(record_id)
  56. next if activity_stream.object.name != 'Ticket'
  57. next if activity_stream.o_id != json_response_ticket['id'].to_i
  58. ticket_created = activity_stream
  59. end
  60. expect(ticket_created).to be_truthy
  61. expect(customer.id).to eq(ticket_created.created_by_id)
  62. get '/api/v1/activity_stream', params: {}, as: :json
  63. expect(response).to have_http_status(:ok)
  64. json_response_activity = json_response
  65. expect(json_response_activity).to be_a_kind_of(Array)
  66. ticket_created = nil
  67. json_response_activity.each do |record|
  68. activity_stream = ActivityStream.find(record['id'])
  69. next if activity_stream.object.name != 'Ticket'
  70. next if activity_stream.o_id != json_response_ticket['id']
  71. ticket_created = activity_stream
  72. end
  73. expect(ticket_created).to be_truthy
  74. expect(customer.id).to eq(ticket_created.created_by_id)
  75. end
  76. it 'does X-On-Behalf-Of auth - ticket create admin for customer by email' do
  77. params = {
  78. title: 'a new ticket #3',
  79. group: 'Users',
  80. priority: '2 normal',
  81. state: 'new',
  82. customer_id: customer.id,
  83. article: {
  84. body: 'some test 123',
  85. },
  86. }
  87. authenticated_as(admin, on_behalf_of: customer.email)
  88. post '/api/v1/tickets', params: params, as: :json
  89. expect(response).to have_http_status(:created)
  90. expect(json_response).to be_a_kind_of(Hash)
  91. expect(customer.id).to eq(json_response['created_by_id'])
  92. end
  93. it 'does X-On-Behalf-Of auth - ticket create admin for unknown' do
  94. params = {
  95. title: 'a new ticket #3',
  96. group: 'Users',
  97. priority: '2 normal',
  98. state: 'new',
  99. customer_id: customer.id,
  100. article: {
  101. body: 'some test 123',
  102. },
  103. }
  104. authenticated_as(admin, on_behalf_of: 99_449_494_949)
  105. post '/api/v1/tickets', params: params, as: :json
  106. expect(response).to have_http_status(:unauthorized)
  107. expect(@response.header).not_to be_key('Access-Control-Allow-Origin')
  108. expect(json_response).to be_a_kind_of(Hash)
  109. expect(json_response['error']).to eq("No such user '99449494949'")
  110. end
  111. it 'does X-On-Behalf-Of auth - ticket create customer for admin' do
  112. params = {
  113. title: 'a new ticket #3',
  114. group: 'Users',
  115. priority: '2 normal',
  116. state: 'new',
  117. customer_id: customer.id,
  118. article: {
  119. body: 'some test 123',
  120. },
  121. }
  122. authenticated_as(customer, on_behalf_of: admin.email)
  123. post '/api/v1/tickets', params: params, as: :json
  124. expect(response).to have_http_status(:unauthorized)
  125. expect(@response.header).not_to be_key('Access-Control-Allow-Origin')
  126. expect(json_response).to be_a_kind_of(Hash)
  127. expect(json_response['error']).to eq("Current user has no permission to use 'X-On-Behalf-Of'!")
  128. end
  129. it 'does X-On-Behalf-Of auth - ticket create admin for customer by email but no permitted action' do
  130. params = {
  131. title: 'a new ticket #3',
  132. group: 'secret1234',
  133. priority: '2 normal',
  134. state: 'new',
  135. customer_id: customer.id,
  136. article: {
  137. body: 'some test 123',
  138. },
  139. }
  140. authenticated_as(admin, on_behalf_of: customer.email)
  141. post '/api/v1/tickets', params: params, as: :json
  142. expect(response).to have_http_status(:unprocessable_entity)
  143. expect(@response.header).not_to be_key('Access-Control-Allow-Origin')
  144. expect(json_response).to be_a_kind_of(Hash)
  145. expect(json_response['error']).to eq('No lookup value found for \'group\': "secret1234"')
  146. end
  147. end
  148. end