123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166 |
- require 'rails_helper'
- RSpec.describe 'Api Auth On Behalf Of', type: :request do
- let(:admin) do
- create(:admin, groups: Group.all)
- end
- let(:agent) do
- create(:agent)
- end
- let(:customer) do
- create(:customer)
- end
- describe 'request handling' do
- it 'does X-On-Behalf-Of auth - ticket create admin for customer by id' do
- params = {
- title: 'a new ticket #3',
- group: 'Users',
- priority: '2 normal',
- state: 'new',
- customer_id: customer.id,
- article: {
- body: 'some test 123',
- },
- }
- authenticated_as(admin, on_behalf_of: customer.id)
- post '/api/v1/tickets', params: params, as: :json
- expect(response).to have_http_status(:created)
- expect(json_response).to be_a_kind_of(Hash)
- expect(customer.id).to eq(json_response['created_by_id'])
- end
- it 'does X-On-Behalf-Of auth - ticket create admin for customer by login' do
- ActivityStream.cleanup(1.year)
- params = {
- title: 'a new ticket #3',
- group: 'Users',
- priority: '2 normal',
- state: 'new',
- customer_id: customer.id,
- article: {
- body: 'some test 123',
- },
- }
- authenticated_as(admin, on_behalf_of: customer.login)
- post '/api/v1/tickets', params: params, as: :json
- expect(response).to have_http_status(:created)
- json_response_ticket = json_response
- expect(json_response_ticket).to be_a_kind_of(Hash)
- expect(customer.id).to eq(json_response_ticket['created_by_id'])
- authenticated_as(admin)
- get '/api/v1/activity_stream?full=true', params: {}, as: :json
- expect(response).to have_http_status(:ok)
- json_response_activity = json_response
- expect(json_response_activity).to be_a_kind_of(Hash)
- ticket_created = nil
- json_response_activity['record_ids'].each do |record_id|
- activity_stream = ActivityStream.find(record_id)
- next if activity_stream.object.name != 'Ticket'
- next if activity_stream.o_id != json_response_ticket['id'].to_i
- ticket_created = activity_stream
- end
- expect(ticket_created).to be_truthy
- expect(customer.id).to eq(ticket_created.created_by_id)
- get '/api/v1/activity_stream', params: {}, as: :json
- expect(response).to have_http_status(:ok)
- json_response_activity = json_response
- expect(json_response_activity).to be_a_kind_of(Array)
- ticket_created = nil
- json_response_activity.each do |record|
- activity_stream = ActivityStream.find(record['id'])
- next if activity_stream.object.name != 'Ticket'
- next if activity_stream.o_id != json_response_ticket['id']
- ticket_created = activity_stream
- end
- expect(ticket_created).to be_truthy
- expect(customer.id).to eq(ticket_created.created_by_id)
- end
- it 'does X-On-Behalf-Of auth - ticket create admin for customer by email' do
- params = {
- title: 'a new ticket #3',
- group: 'Users',
- priority: '2 normal',
- state: 'new',
- customer_id: customer.id,
- article: {
- body: 'some test 123',
- },
- }
- authenticated_as(admin, on_behalf_of: customer.email)
- post '/api/v1/tickets', params: params, as: :json
- expect(response).to have_http_status(:created)
- expect(json_response).to be_a_kind_of(Hash)
- expect(customer.id).to eq(json_response['created_by_id'])
- end
- it 'does X-On-Behalf-Of auth - ticket create admin for unknown' do
- params = {
- title: 'a new ticket #3',
- group: 'Users',
- priority: '2 normal',
- state: 'new',
- customer_id: customer.id,
- article: {
- body: 'some test 123',
- },
- }
- authenticated_as(admin, on_behalf_of: 99_449_494_949)
- post '/api/v1/tickets', params: params, as: :json
- expect(response).to have_http_status(:unauthorized)
- expect(@response.header).not_to be_key('Access-Control-Allow-Origin')
- expect(json_response).to be_a_kind_of(Hash)
- expect(json_response['error']).to eq("No such user '99449494949'")
- end
- it 'does X-On-Behalf-Of auth - ticket create customer for admin' do
- params = {
- title: 'a new ticket #3',
- group: 'Users',
- priority: '2 normal',
- state: 'new',
- customer_id: customer.id,
- article: {
- body: 'some test 123',
- },
- }
- authenticated_as(customer, on_behalf_of: admin.email)
- post '/api/v1/tickets', params: params, as: :json
- expect(response).to have_http_status(:unauthorized)
- expect(@response.header).not_to be_key('Access-Control-Allow-Origin')
- expect(json_response).to be_a_kind_of(Hash)
- expect(json_response['error']).to eq("Current user has no permission to use 'X-On-Behalf-Of'!")
- end
- it 'does X-On-Behalf-Of auth - ticket create admin for customer by email but no permitted action' do
- params = {
- title: 'a new ticket #3',
- group: 'secret1234',
- priority: '2 normal',
- state: 'new',
- customer_id: customer.id,
- article: {
- body: 'some test 123',
- },
- }
- authenticated_as(admin, on_behalf_of: customer.email)
- post '/api/v1/tickets', params: params, as: :json
- expect(response).to have_http_status(:unprocessable_entity)
- expect(@response.header).not_to be_key('Access-Control-Allow-Origin')
- expect(json_response).to be_a_kind_of(Hash)
- expect(json_response['error']).to eq('No lookup value found for \'group\': "secret1234"')
- end
- end
- end
|