123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371 |
- require 'rails_helper'
- RSpec.describe 'User', type: :request do
- describe 'request handling', searchindex: true do
- let!(:admin) do
- create(
- :admin,
- groups: Group.all,
- login: 'rest-admin',
- firstname: 'Rest',
- lastname: 'Agent',
- email: 'rest-admin@example.com',
- )
- end
- let!(:admin_with_pw) do
- create(
- :admin,
- groups: Group.all,
- login: 'rest-admin-pw',
- firstname: 'Rest',
- lastname: 'Agent',
- email: 'rest-admin-pw@example.com',
- password: 'adminpw',
- )
- end
- let!(:agent) do
- create(
- :agent,
- groups: Group.all,
- login: 'rest-agent@example.com',
- firstname: 'Rest',
- lastname: 'Agent',
- email: 'rest-agent@example.com',
- )
- end
- let!(:customer) do
- create(
- :customer,
- login: 'rest-customer1@example.com',
- firstname: 'Rest',
- lastname: 'Customer1',
- email: 'rest-customer1@example.com',
- )
- end
- let!(:organization) do
- create(:organization, name: 'Rest Org')
- end
- let!(:organization2) do
- create(:organization, name: 'Rest Org #2')
- end
- let!(:organization3) do
- create(:organization, name: 'Rest Org #3')
- end
- let!(:customer2) do
- create(
- :customer,
- organization: organization,
- login: 'rest-customer2@example.com',
- firstname: 'Rest',
- lastname: 'Customer2',
- email: 'rest-customer2@example.com',
- )
- end
- before do
- configure_elasticsearch(rebuild: true)
- end
- it 'does user create tests - no user' do
- post '/api/v1/signshow', params: {}, as: :json
- # create user with disabled feature
- Setting.set('user_create_account', false)
- token = @response.headers['CSRF-TOKEN']
- # token based on form
- params = { email: 'some_new_customer@example.com', signup: true, authenticity_token: token }
- post '/api/v1/users', params: params, as: :json
- expect(response).to have_http_status(:unprocessable_entity)
- expect(json_response['error']).to be_truthy
- expect(json_response['error']).to eq('Feature not enabled!')
- # token based on headers
- headers = { 'X-CSRF-Token' => token }
- params = { email: 'some_new_customer@example.com', signup: true }
- post '/api/v1/users', params: params, headers: headers, as: :json
- expect(response).to have_http_status(:unprocessable_entity)
- expect(json_response['error']).to be_truthy
- expect(json_response['error']).to eq('Feature not enabled!')
- Setting.set('user_create_account', true)
- # no signup param without password
- params = { email: 'some_new_customer@example.com', signup: true }
- post '/api/v1/users', params: params, headers: headers, as: :json
- expect(response).to have_http_status(:unprocessable_entity)
- expect(json_response['error']).to be_truthy
- # already existing user with enabled feature, pretend signup is successful
- params = { email: 'rest-customer1@example.com', password: 'asd1ASDasd!', signup: true }
- post '/api/v1/users', params: params, headers: headers, as: :json
- expect(response).to have_http_status(:created)
- expect(json_response).to be_truthy
- # email missing with enabled feature
- params = { firstname: 'some firstname', signup: true }
- post '/api/v1/users', params: params, headers: headers, as: :json
- expect(response).to have_http_status(:unprocessable_entity)
- expect(json_response['error']).to be_truthy
- expect(json_response['error']).to eq('Attribute \'email\' required!')
- # email missing with enabled feature
- params = { firstname: 'some firstname', signup: true }
- post '/api/v1/users', params: params, headers: headers, as: :json
- expect(response).to have_http_status(:unprocessable_entity)
- expect(json_response['error']).to be_truthy
- expect(json_response['error']).to eq('Attribute \'email\' required!')
- # create user with enabled feature (take customer role)
- params = { firstname: 'Me First', lastname: 'Me Last', email: 'new_here@example.com', password: '1asdASDasd', signup: true }
- post '/api/v1/users', params: params, headers: headers, as: :json
- expect(response).to have_http_status(:created)
- expect(json_response).to be_truthy
- expect(json_response['message']).to eq('ok')
- user = User.find_by email: 'new_here@example.com'
- expect(user).not_to be_role('Admin')
- expect(user).not_to be_role('Agent')
- expect(user).to be_role('Customer')
- # create user with admin role (not allowed for signup, take customer role)
- role = Role.lookup(name: 'Admin')
- params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin@example.com', role_ids: [ role.id ], signup: true, password: '1asdASDasd' }
- post '/api/v1/users', params: params, headers: headers, as: :json
- expect(response).to have_http_status(:created)
- expect(json_response).to be_truthy
- user = User.find_by email: 'new_admin@example.com'
- expect(user).not_to be_role('Admin')
- expect(user).not_to be_role('Agent')
- expect(user).to be_role('Customer')
- # create user with agent role (not allowed for signup, take customer role)
- role = Role.lookup(name: 'Agent')
- params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent@example.com', role_ids: [ role.id ], signup: true, password: '1asdASDasd' }
- post '/api/v1/users', params: params, headers: headers, as: :json
- expect(response).to have_http_status(:created)
- expect(json_response).to be_truthy
- user = User.find_by email: 'new_agent@example.com'
- expect(user).not_to be_role('Admin')
- expect(user).not_to be_role('Agent')
- expect(user).to be_role('Customer')
- # no user (because of no session)
- get '/api/v1/users', params: {}, headers: headers, as: :json
- expect(response).to have_http_status(:unauthorized)
- expect(json_response['error']).to eq('authentication failed')
- # me
- get '/api/v1/users/me', params: {}, headers: headers, as: :json
- expect(response).to have_http_status(:unauthorized)
- expect(json_response['error']).to eq('authentication failed')
- end
- context 'password security' do
- it 'verified with no current user' do
- params = { email: 'some_new_customer@example.com', password: 'asdasdasdasd', signup: true }
- post '/api/v1/users', params: params, headers: headers, as: :json
- expect(response).to have_http_status(:unprocessable_entity)
- expect(json_response['error']).to be_truthy
- expect(json_response['error']).to include('Invalid password')
- end
- it 'verified with no current user', authenticated_as: :admin do
- params = { email: 'some_new_customer@example.com', password: 'asd' }
- post '/api/v1/users', params: params, headers: headers, as: :json
- expect(response).to have_http_status(:created)
- end
- end
- it 'does auth tests - not existing user' do
- authenticated_as(nil, login: 'not_existing@example.com', password: 'adminpw')
- get '/api/v1/users/me', params: {}, as: :json
- expect(response).to have_http_status(:unauthorized)
- expect(json_response['error']).to eq('authentication failed')
- get '/api/v1/users', params: {}, as: :json
- expect(response).to have_http_status(:unauthorized)
- expect(json_response['error']).to eq('authentication failed')
- end
- it 'does auth tests - username auth, wrong pw' do
- authenticated_as(admin, password: 'not_existing')
- get '/api/v1/users', params: {}, as: :json
- expect(response).to have_http_status(:unauthorized)
- expect(json_response['error']).to eq('authentication failed')
- end
- it 'does auth tests - email auth, wrong pw' do
- authenticated_as(nil, login: 'rest-admin@example.com', password: 'not_existing')
- get '/api/v1/users', params: {}, as: :json
- expect(response).to have_http_status(:unauthorized)
- expect(json_response['error']).to eq('authentication failed')
- end
- it 'does auth tests - username auth' do
- authenticated_as(nil, login: 'rest-admin-pw', password: 'adminpw')
- get '/api/v1/users', params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_truthy
- end
- it 'does auth tests - email auth' do
- authenticated_as(nil, login: 'rest-admin-pw@example.com', password: 'adminpw')
- get '/api/v1/users', params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_truthy
- end
- it 'does user index and create with admin' do
- authenticated_as(admin)
- get '/api/v1/users/me', params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_truthy
- expect('rest-admin@example.com').to eq(json_response['email'])
- # index
- get '/api/v1/users', params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_truthy
- # index
- get '/api/v1/users', params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_truthy
- expect(Array).to eq(json_response.class)
- expect(json_response.length >= 3).to be_truthy
- # show/:id
- get "/api/v1/users/#{agent.id}", params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_truthy
- expect(Hash).to eq(json_response.class)
- expect('rest-agent@example.com').to eq(json_response['email'])
- get "/api/v1/users/#{customer.id}", params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_truthy
- expect(Hash).to eq(json_response.class)
- expect('rest-customer1@example.com').to eq(json_response['email'])
- # create user with admin role
- role = Role.lookup(name: 'Admin')
- params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_admin@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params, as: :json
- expect(response).to have_http_status(:created)
- expect(json_response).to be_truthy
- user = User.find(json_response['id'])
- expect(user).to be_role('Admin')
- expect(user).not_to be_role('Agent')
- expect(user).not_to be_role('Customer')
- expect(json_response['login']).to eq('new_admin_by_admin@example.com')
- expect(json_response['email']).to eq('new_admin_by_admin@example.com')
- # create user with agent role
- role = Role.lookup(name: 'Agent')
- params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_admin1@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params, as: :json
- expect(response).to have_http_status(:created)
- expect(json_response).to be_truthy
- user = User.find(json_response['id'])
- expect(user).not_to be_role('Admin')
- expect(user).to be_role('Agent')
- expect(user).not_to be_role('Customer')
- expect(json_response['login']).to eq('new_agent_by_admin1@example.com')
- expect(json_response['email']).to eq('new_agent_by_admin1@example.com')
- role = Role.lookup(name: 'Agent')
- params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params, as: :json
- expect(response).to have_http_status(:created)
- expect(json_response).to be_truthy
- user = User.find(json_response['id'])
- expect(user).not_to be_role('Admin')
- expect(user).to be_role('Agent')
- expect(user).not_to be_role('Customer')
- expect(json_response['login']).to eq('new_agent_by_admin2@example.com')
- expect(json_response['email']).to eq('new_agent_by_admin2@example.com')
- expect(json_response['firstname']).to eq('Agent')
- expect(json_response['lastname']).to eq('First')
- role = Role.lookup(name: 'Agent')
- params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params, as: :json
- expect(response).to have_http_status(:unprocessable_entity)
- expect(json_response).to be_truthy
- expect(json_response['error']).to eq("Email address 'new_agent_by_admin2@example.com' is already used for other user.")
- # missing required attributes
- params = { note: 'some note' }
- post '/api/v1/users', params: params, as: :json
- expect(response).to have_http_status(:unprocessable_entity)
- expect(json_response).to be_truthy
- expect(json_response['error']).to eq('Minimum one identifier (login, firstname, lastname, phone or email) for user is required.')
- # invalid email
- params = { firstname: 'newfirstname123', email: 'some_what', note: 'some note' }
- post '/api/v1/users', params: params, as: :json
- expect(response).to have_http_status(:unprocessable_entity)
- expect(json_response).to be_truthy
- expect(json_response['error']).to eq("Invalid email 'some_what'")
- # with valid attributes
- params = { firstname: 'newfirstname123', note: 'some note' }
- post '/api/v1/users', params: params, as: :json
- expect(response).to have_http_status(:created)
- expect(json_response).to be_truthy
- user = User.find(json_response['id'])
- expect(user).not_to be_role('Admin')
- expect(user).not_to be_role('Agent')
- expect(user).to be_role('Customer')
- expect(json_response['login']).to be_start_with('auto-')
- expect(json_response['email']).to eq('')
- expect(json_response['firstname']).to eq('newfirstname123')
- expect(json_response['lastname']).to eq('')
- end
- it 'does user index and create with agent' do
- authenticated_as(agent)
- get '/api/v1/users/me', params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_truthy
- expect('rest-agent@example.com').to eq(json_response['email'])
- # index
- get '/api/v1/users', params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_truthy
- # index
- get '/api/v1/users', params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_truthy
- expect(Array).to eq(json_response.class)
- expect(json_response.length >= 3).to be_truthy
- get '/api/v1/users?limit=40&page=1&per_page=2', params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Array)
- users = User.order(:id).limit(2)
- expect(json_response[0]['id']).to eq(users[0].id)
- expect(json_response[1]['id']).to eq(users[1].id)
- expect(json_response.count).to eq(2)
- get '/api/v1/users?limit=40&page=2&per_page=2', params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Array)
- users = User.order(:id).limit(4)
- expect(json_response[0]['id']).to eq(users[2].id)
- expect(json_response[1]['id']).to eq(users[3].id)
- expect(json_response.count).to eq(2)
- # create user with admin role
- firstname = "First test#{rand(999_999_999)}"
- role = Role.lookup(name: 'Admin')
- params = { firstname: "Admin#{firstname}", lastname: 'Admin Last', email: 'new_admin_by_agent@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params, as: :json
- expect(response).to have_http_status(:created)
- json_response1 = JSON.parse(@response.body)
- expect(json_response1).to be_truthy
- user = User.find(json_response1['id'])
- expect(user).not_to be_role('Admin')
- expect(user).not_to be_role('Agent')
- expect(user).to be_role('Customer')
- expect(json_response1['login']).to eq('new_admin_by_agent@example.com')
- expect(json_response1['email']).to eq('new_admin_by_agent@example.com')
- # create user with agent role
- role = Role.lookup(name: 'Agent')
- params = { firstname: "Agent#{firstname}", lastname: 'Agent Last', email: 'new_agent_by_agent@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params, as: :json
- expect(response).to have_http_status(:created)
- json_response1 = JSON.parse(@response.body)
- expect(json_response1).to be_truthy
- user = User.find(json_response1['id'])
- expect(user).not_to be_role('Admin')
- expect(user).not_to be_role('Agent')
- expect(user).to be_role('Customer')
- expect(json_response1['login']).to eq('new_agent_by_agent@example.com')
- expect(json_response1['email']).to eq('new_agent_by_agent@example.com')
- # create user with customer role
- role = Role.lookup(name: 'Customer')
- params = { firstname: "Customer#{firstname}", lastname: 'Customer Last', email: 'new_customer_by_agent@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params, as: :json
- expect(response).to have_http_status(:created)
- json_response1 = JSON.parse(@response.body)
- expect(json_response1).to be_truthy
- user = User.find(json_response1['id'])
- expect(user).not_to be_role('Admin')
- expect(user).not_to be_role('Agent')
- expect(user).to be_role('Customer')
- expect(json_response1['login']).to eq('new_customer_by_agent@example.com')
- expect(json_response1['email']).to eq('new_customer_by_agent@example.com')
- # search as agent
- Scheduler.worker(true)
- sleep 2 # let es time to come ready
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}", params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Array)
- expect(json_response[0]['id']).to eq(json_response1['id'])
- expect(json_response[0]['firstname']).to eq("Customer#{firstname}")
- expect(json_response[0]['lastname']).to eq('Customer Last')
- expect(json_response[0]['role_ids']).to be_truthy
- expect(json_response[0]['roles']).to be_falsey
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&expand=true", params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Array)
- expect(json_response[0]['id']).to eq(json_response1['id'])
- expect(json_response[0]['firstname']).to eq("Customer#{firstname}")
- expect(json_response[0]['lastname']).to eq('Customer Last')
- expect(json_response[0]['role_ids']).to be_truthy
- expect(json_response[0]['roles']).to be_truthy
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&label=true", params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Array)
- expect(json_response[0]['id']).to eq(json_response1['id'])
- expect(json_response[0]['label']).to eq("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>")
- expect(json_response[0]['value']).to eq("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>")
- expect(json_response[0]['role_ids']).to be_falsey
- expect(json_response[0]['roles']).to be_falsey
- get "/api/v1/users/search?term=#{CGI.escape("Customer#{firstname}")}", params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Array)
- expect(json_response[0]['id']).to eq(json_response1['id'])
- expect(json_response[0]['label']).to eq("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>")
- expect(json_response[0]['value']).to eq('new_customer_by_agent@example.com')
- expect(json_response[0]['role_ids']).to be_falsey
- expect(json_response[0]['roles']).to be_falsey
- # Regression test for issue #2539 - search pagination broken in users_controller.rb
- # Get the total number of users N, then search with one result per page, so there should N pages with one result each
- get '/api/v1/users/search', params: { query: '*' }, as: :json
- total_number = json_response.count
- (1..total_number).each do |i|
- get '/api/v1/users/search', params: { query: '*', per_page: 1, page: i }, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Array)
- expect(json_response.count).to eq(1), "Page #{i}/#{total_number} of the user search pagination test have the wrong result!"
- end
- role = Role.find_by(name: 'Agent')
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Array)
- expect(json_response.count).to eq(0)
- role = Role.find_by(name: 'Customer')
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Array)
- expect(json_response[0]['id']).to eq(json_response1['id'])
- expect(json_response[0]['label']).to eq("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>")
- expect(json_response[0]['value']).to eq("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>")
- expect(json_response[0]['role_ids']).to be_falsey
- expect(json_response[0]['roles']).to be_falsey
- permission = Permission.find_by(name: 'ticket.agent')
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Array)
- expect(json_response.count).to eq(0)
- permission = Permission.find_by(name: 'ticket.customer')
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Array)
- expect(json_response[0]['id']).to eq(json_response1['id'])
- expect(json_response[0]['label']).to eq("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>")
- expect(json_response[0]['value']).to eq("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>")
- expect(json_response[0]['role_ids']).to be_falsey
- expect(json_response[0]['roles']).to be_falsey
- end
- it 'does user index and create with customer1' do
- authenticated_as(customer)
- get '/api/v1/users/me', params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_truthy
- expect('rest-customer1@example.com').to eq(json_response['email'])
- # index
- get '/api/v1/users', params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(Array).to eq(json_response.class)
- expect(1).to eq(json_response.length)
- # show/:id
- get "/api/v1/users/#{customer.id}", params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(Hash).to eq(json_response.class)
- expect('rest-customer1@example.com').to eq(json_response['email'])
- get "/api/v1/users/#{customer2.id}", params: {}, as: :json
- expect(response).to have_http_status(:unauthorized)
- expect(Hash).to eq(json_response.class)
- expect(json_response['error']).to be_truthy
- # create user with admin role
- role = Role.lookup(name: 'Admin')
- params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_customer1@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params, as: :json
- expect(response).to have_http_status(:unauthorized)
- # create user with agent role
- role = Role.lookup(name: 'Agent')
- params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_customer1@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params, as: :json
- expect(response).to have_http_status(:unauthorized)
- # search
- Scheduler.worker(true)
- get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, as: :json
- expect(response).to have_http_status(:unauthorized)
- end
- it 'does user index with customer2' do
- authenticated_as(customer2)
- get '/api/v1/users/me', params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_truthy
- expect('rest-customer2@example.com').to eq(json_response['email'])
- # index
- get '/api/v1/users', params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(Array).to eq(json_response.class)
- expect(1).to eq(json_response.length)
- # show/:id
- get "/api/v1/users/#{customer2.id}", params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(Hash).to eq(json_response.class)
- expect('rest-customer2@example.com').to eq(json_response['email'])
- get "/api/v1/users/#{customer.id}", params: {}, as: :json
- expect(response).to have_http_status(:unauthorized)
- expect(Hash).to eq(json_response.class)
- expect(json_response['error']).to be_truthy
- # search
- Scheduler.worker(true)
- get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, as: :json
- expect(response).to have_http_status(:unauthorized)
- end
- it 'does users show and response format (04.01)' do
- user = create(
- :customer,
- login: 'rest-customer3@example.com',
- firstname: 'Rest',
- lastname: 'Customer3',
- email: 'rest-customer3@example.com',
- password: 'customer3pw',
- active: true,
- organization: organization,
- updated_by_id: admin.id,
- created_by_id: admin.id,
- )
- authenticated_as(admin)
- get "/api/v1/users/#{user.id}", params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Hash)
- expect(json_response['id']).to eq(user.id)
- expect(json_response['firstname']).to eq(user.firstname)
- expect(json_response['organization']).to be_falsey
- expect(json_response['organization_id']).to eq(user.organization_id)
- expect(json_response['password']).to be_falsey
- expect(json_response['role_ids']).to eq(user.role_ids)
- expect(json_response['updated_by_id']).to eq(admin.id)
- expect(json_response['created_by_id']).to eq(admin.id)
- get "/api/v1/users/#{user.id}?expand=true", params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Hash)
- expect(json_response['id']).to eq(user.id)
- expect(json_response['firstname']).to eq(user.firstname)
- expect(json_response['organization_id']).to eq(user.organization_id)
- expect(json_response['organization']).to eq(user.organization.name)
- expect(json_response['role_ids']).to eq(user.role_ids)
- expect(json_response['password']).to be_falsey
- expect(json_response['updated_by_id']).to eq(admin.id)
- expect(json_response['created_by_id']).to eq(admin.id)
- get "/api/v1/users/#{user.id}?expand=false", params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Hash)
- expect(json_response['id']).to eq(user.id)
- expect(json_response['firstname']).to eq(user.firstname)
- expect(json_response['organization']).to be_falsey
- expect(json_response['organization_id']).to eq(user.organization_id)
- expect(json_response['password']).to be_falsey
- expect(json_response['role_ids']).to eq(user.role_ids)
- expect(json_response['updated_by_id']).to eq(admin.id)
- expect(json_response['created_by_id']).to eq(admin.id)
- get "/api/v1/users/#{user.id}?full=true", params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Hash)
- expect(json_response['id']).to eq(user.id)
- expect(json_response['assets']).to be_truthy
- expect(json_response['assets']['User']).to be_truthy
- expect(json_response['assets']['User'][user.id.to_s]).to be_truthy
- expect(json_response['assets']['User'][user.id.to_s]['id']).to eq(user.id)
- expect(json_response['assets']['User'][user.id.to_s]['firstname']).to eq(user.firstname)
- expect(json_response['assets']['User'][user.id.to_s]['organization_id']).to eq(user.organization_id)
- expect(json_response['assets']['User'][user.id.to_s]['role_ids']).to eq(user.role_ids)
- get "/api/v1/users/#{user.id}?full=false", params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Hash)
- expect(json_response['id']).to eq(user.id)
- expect(json_response['firstname']).to eq(user.firstname)
- expect(json_response['organization']).to be_falsey
- expect(json_response['organization_id']).to eq(user.organization_id)
- expect(json_response['password']).to be_falsey
- expect(json_response['role_ids']).to eq(user.role_ids)
- expect(json_response['updated_by_id']).to eq(admin.id)
- expect(json_response['created_by_id']).to eq(admin.id)
- end
- it 'does user index and response format (04.02)' do
- user = create(
- :customer,
- login: 'rest-customer3@example.com',
- firstname: 'Rest',
- lastname: 'Customer3',
- email: 'rest-customer3@example.com',
- password: 'customer3pw',
- active: true,
- organization: organization,
- updated_by_id: admin.id,
- created_by_id: admin.id,
- )
- authenticated_as(admin)
- get '/api/v1/users', params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Array)
- expect(json_response[0].class).to eq(Hash)
- expect(json_response.last['id']).to eq(user.id)
- expect(json_response.last['lastname']).to eq(user.lastname)
- expect(json_response.last['organization']).to be_falsey
- expect(json_response.last['role_ids']).to eq(user.role_ids)
- expect(json_response.last['organization_id']).to eq(user.organization_id)
- expect(json_response.last['password']).to be_falsey
- expect(json_response.last['updated_by_id']).to eq(admin.id)
- expect(json_response.last['created_by_id']).to eq(admin.id)
- get '/api/v1/users?expand=true', params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Array)
- expect(json_response[0].class).to eq(Hash)
- expect(json_response.last['id']).to eq(user.id)
- expect(json_response.last['lastname']).to eq(user.lastname)
- expect(json_response.last['organization_id']).to eq(user.organization_id)
- expect(json_response.last['organization']).to eq(user.organization.name)
- expect(json_response.last['password']).to be_falsey
- expect(json_response.last['updated_by_id']).to eq(admin.id)
- expect(json_response.last['created_by_id']).to eq(admin.id)
- get '/api/v1/users?expand=false', params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Array)
- expect(json_response[0].class).to eq(Hash)
- expect(json_response.last['id']).to eq(user.id)
- expect(json_response.last['lastname']).to eq(user.lastname)
- expect(json_response.last['organization']).to be_falsey
- expect(json_response.last['role_ids']).to eq(user.role_ids)
- expect(json_response.last['organization_id']).to eq(user.organization_id)
- expect(json_response.last['password']).to be_falsey
- expect(json_response.last['updated_by_id']).to eq(admin.id)
- expect(json_response.last['created_by_id']).to eq(admin.id)
- get '/api/v1/users?full=true', params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Hash)
- expect(json_response['record_ids'].class).to eq(Array)
- expect(json_response['record_ids'][0]).to eq(1)
- expect(json_response['record_ids'].last).to eq(user.id)
- expect(json_response['assets']).to be_truthy
- expect(json_response['assets']['User']).to be_truthy
- expect(json_response['assets']['User'][user.id.to_s]).to be_truthy
- expect(json_response['assets']['User'][user.id.to_s]['id']).to eq(user.id)
- expect(json_response['assets']['User'][user.id.to_s]['lastname']).to eq(user.lastname)
- expect(json_response['assets']['User'][user.id.to_s]['organization_id']).to eq(user.organization_id)
- expect(json_response['assets']['User'][user.id.to_s]['password']).to be_falsey
- get '/api/v1/users?full=false', params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Array)
- expect(json_response[0].class).to eq(Hash)
- expect(json_response.last['id']).to eq(user.id)
- expect(json_response.last['lastname']).to eq(user.lastname)
- expect(json_response.last['organization']).to be_falsey
- expect(json_response.last['role_ids']).to eq(user.role_ids)
- expect(json_response.last['organization_id']).to eq(user.organization_id)
- expect(json_response.last['password']).to be_falsey
- expect(json_response.last['updated_by_id']).to eq(admin.id)
- expect(json_response.last['created_by_id']).to eq(admin.id)
- end
- it 'does ticket create and response format (04.03)' do
- organization = Organization.first
- params = {
- firstname: 'newfirstname123',
- note: 'some note',
- organization: organization.name,
- }
- authenticated_as(admin)
- post '/api/v1/users', params: params, as: :json
- expect(response).to have_http_status(:created)
- expect(json_response).to be_a_kind_of(Hash)
- user = User.find(json_response['id'])
- expect(json_response['firstname']).to eq(user.firstname)
- expect(json_response['organization_id']).to eq(user.organization_id)
- expect(json_response['organization']).to be_falsey
- expect(json_response['password']).to be_falsey
- expect(json_response['updated_by_id']).to eq(admin.id)
- expect(json_response['created_by_id']).to eq(admin.id)
- post '/api/v1/users?expand=true', params: params, as: :json
- expect(response).to have_http_status(:created)
- expect(json_response).to be_a_kind_of(Hash)
- user = User.find(json_response['id'])
- expect(json_response['firstname']).to eq(user.firstname)
- expect(json_response['organization_id']).to eq(user.organization_id)
- expect(json_response['organization']).to eq(user.organization.name)
- expect(json_response['password']).to be_falsey
- expect(json_response['updated_by_id']).to eq(admin.id)
- expect(json_response['created_by_id']).to eq(admin.id)
- post '/api/v1/users?full=true', params: params, as: :json
- expect(response).to have_http_status(:created)
- expect(json_response).to be_a_kind_of(Hash)
- user = User.find(json_response['id'])
- expect(json_response['assets']).to be_truthy
- expect(json_response['assets']['User']).to be_truthy
- expect(json_response['assets']['User'][user.id.to_s]).to be_truthy
- expect(json_response['assets']['User'][user.id.to_s]['id']).to eq(user.id)
- expect(json_response['assets']['User'][user.id.to_s]['firstname']).to eq(user.firstname)
- expect(json_response['assets']['User'][user.id.to_s]['lastname']).to eq(user.lastname)
- expect(json_response['assets']['User'][user.id.to_s]['password']).to be_falsey
- expect(json_response['assets']['User'][admin.id.to_s]).to be_truthy
- expect(json_response['assets']['User'][admin.id.to_s]['id']).to eq(admin.id)
- expect(json_response['assets']['User'][admin.id.to_s]['firstname']).to eq(admin.firstname)
- expect(json_response['assets']['User'][admin.id.to_s]['lastname']).to eq(admin.lastname)
- expect(json_response['assets']['User'][admin.id.to_s]['password']).to be_falsey
- end
- it 'does ticket update and response formats (04.04)' do
- user = create(
- :customer,
- login: 'rest-customer3@example.com',
- firstname: 'Rest',
- lastname: 'Customer3',
- email: 'rest-customer3@example.com',
- password: 'customer3pw',
- active: true,
- organization: organization,
- updated_by_id: admin.id,
- created_by_id: admin.id,
- )
- authenticated_as(admin)
- params = {
- firstname: 'a update firstname #1',
- }
- put "/api/v1/users/#{user.id}", params: params, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Hash)
- user = User.find(json_response['id'])
- expect(json_response['lastname']).to eq(user.lastname)
- expect(json_response['firstname']).to eq(params[:firstname])
- expect(json_response['organization_id']).to eq(user.organization_id)
- expect(json_response['organization']).to be_falsey
- expect(json_response['password']).to be_falsey
- expect(json_response['updated_by_id']).to eq(admin.id)
- expect(json_response['created_by_id']).to eq(admin.id)
- params = {
- firstname: 'a update firstname #2',
- }
- put "/api/v1/users/#{user.id}?expand=true", params: params, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Hash)
- user = User.find(json_response['id'])
- expect(json_response['lastname']).to eq(user.lastname)
- expect(json_response['firstname']).to eq(params[:firstname])
- expect(json_response['organization_id']).to eq(user.organization_id)
- expect(json_response['organization']).to eq(user.organization.name)
- expect(json_response['password']).to be_falsey
- expect(json_response['updated_by_id']).to eq(admin.id)
- expect(json_response['created_by_id']).to eq(admin.id)
- params = {
- firstname: 'a update firstname #3',
- }
- put "/api/v1/users/#{user.id}?full=true", params: params, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Hash)
- user = User.find(json_response['id'])
- expect(json_response['assets']).to be_truthy
- expect(json_response['assets']['User']).to be_truthy
- expect(json_response['assets']['User'][user.id.to_s]).to be_truthy
- expect(json_response['assets']['User'][user.id.to_s]['id']).to eq(user.id)
- expect(json_response['assets']['User'][user.id.to_s]['firstname']).to eq(params[:firstname])
- expect(json_response['assets']['User'][user.id.to_s]['lastname']).to eq(user.lastname)
- expect(json_response['assets']['User'][user.id.to_s]['password']).to be_falsey
- expect(json_response['assets']['User'][admin.id.to_s]).to be_truthy
- expect(json_response['assets']['User'][admin.id.to_s]['id']).to eq(admin.id)
- expect(json_response['assets']['User'][admin.id.to_s]['firstname']).to eq(admin.firstname)
- expect(json_response['assets']['User'][admin.id.to_s]['lastname']).to eq(admin.lastname)
- expect(json_response['assets']['User'][admin.id.to_s]['password']).to be_falsey
- end
- it 'does csv example - customer no access (05.01)' do
- authenticated_as(customer)
- get '/api/v1/users/import_example', params: {}, as: :json
- expect(response).to have_http_status(:unauthorized)
- expect(json_response['error']).to eq('Not authorized (user)!')
- end
- it 'does csv example - admin access (05.02)' do
- authenticated_as(admin)
- get '/api/v1/users/import_example', params: {}, as: :json
- expect(response).to have_http_status(:ok)
- rows = CSV.parse(@response.body)
- header = rows.shift
- expect(header[0]).to eq('id')
- expect(header[1]).to eq('login')
- expect(header[2]).to eq('firstname')
- expect(header[3]).to eq('lastname')
- expect(header[4]).to eq('email')
- expect(header).to include('organization')
- end
- it 'does csv import - admin access (05.03)' do
- # invalid file
- csv_file = fixture_file_upload('csv_import/user/simple_col_not_existing.csv', 'text/csv')
- authenticated_as(admin)
- post '/api/v1/users/import?try=true', params: { file: csv_file, col_sep: ';' }
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Hash)
- expect(json_response['try']).to eq(true)
- expect(json_response['records']).to be_empty
- expect(json_response['result']).to eq('failed')
- expect(json_response['errors'].count).to eq(2)
- expect(json_response['errors'][0]).to eq("Line 1: Unable to create record - unknown attribute 'firstname2' for User.")
- expect(json_response['errors'][1]).to eq("Line 2: Unable to create record - unknown attribute 'firstname2' for User.")
- # valid file try
- csv_file = fixture_file_upload('csv_import/user/simple.csv', 'text/csv')
- post '/api/v1/users/import?try=true', params: { file: csv_file, col_sep: ';' }
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Hash)
- expect(json_response['try']).to eq(true)
- expect(json_response['records'].count).to eq(2)
- expect(json_response['result']).to eq('success')
- expect(User.find_by(login: 'user-simple-import1')).to be_nil
- expect(User.find_by(login: 'user-simple-import2')).to be_nil
- # valid file
- csv_file = fixture_file_upload('csv_import/user/simple.csv', 'text/csv')
- post '/api/v1/users/import', params: { file: csv_file, col_sep: ';' }
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Hash)
- expect(json_response['try']).to eq(false)
- expect(json_response['records'].count).to eq(2)
- expect(json_response['result']).to eq('success')
- user1 = User.find_by(login: 'user-simple-import1')
- expect(user1).to be_truthy
- expect(user1.login).to eq('user-simple-import1')
- expect(user1.firstname).to eq('firstname-simple-import1')
- expect(user1.lastname).to eq('lastname-simple-import1')
- expect(user1.email).to eq('user-simple-import1@example.com')
- expect(user1.active).to eq(true)
- user2 = User.find_by(login: 'user-simple-import2')
- expect(user2).to be_truthy
- expect(user2.login).to eq('user-simple-import2')
- expect(user2.firstname).to eq('firstname-simple-import2')
- expect(user2.lastname).to eq('lastname-simple-import2')
- expect(user2.email).to eq('user-simple-import2@example.com')
- expect(user2.active).to eq(false)
- user1.destroy!
- user2.destroy!
- end
- it 'does user history' do
- user1 = create(
- :customer,
- login: 'history@example.com',
- firstname: 'History',
- lastname: 'Customer1',
- email: 'history@example.com',
- )
- authenticated_as(agent)
- get "/api/v1/users/history/#{user1.id}", params: {}, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Hash)
- expect(json_response['history'].class).to eq(Array)
- expect(json_response['assets'].class).to eq(Hash)
- expect(json_response['assets']['Ticket']).to be_nil
- expect(json_response['assets']['User'][user1.id.to_s]).not_to be_nil
- end
- it 'does user search sortable' do
- firstname = "user_search_sortable #{rand(999_999_999)}"
- user1 = create(
- :customer,
- login: 'rest-user_search_sortableA@example.com',
- firstname: "#{firstname} A",
- lastname: 'user_search_sortableA',
- email: 'rest-user_search_sortableA@example.com',
- password: 'user_search_sortableA',
- active: true,
- organization_id: organization.id,
- out_of_office: false,
- created_at: '2016-02-05 17:42:00',
- )
- user2 = create(
- :customer,
- login: 'rest-user_search_sortableB@example.com',
- firstname: "#{firstname} B",
- lastname: 'user_search_sortableB',
- email: 'rest-user_search_sortableB@example.com',
- password: 'user_search_sortableB',
- active: true,
- organization_id: organization.id,
- out_of_office_start_at: '2016-02-06 19:42:00',
- out_of_office_end_at: '2016-02-07 19:42:00',
- out_of_office_replacement_id: 1,
- out_of_office: true,
- created_at: '2016-02-05 19:42:00',
- )
- Scheduler.worker(true)
- sleep 2 # let es time to come ready
- authenticated_as(admin)
- get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'created_at', order_by: 'asc' }, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Array)
- result = json_response
- result.collect! { |v| v['id'] }
- expect(result).to eq([user1.id, user2.id])
- get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'firstname', order_by: 'asc' }, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Array)
- result = json_response
- result.collect! { |v| v['id'] }
- expect(result).to eq([user1.id, user2.id])
- get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'firstname', order_by: 'desc' }, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Array)
- result = json_response
- result.collect! { |v| v['id'] }
- expect(result).to eq([user2.id, user1.id])
- get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[firstname created_at], order_by: %w[desc asc] }, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Array)
- result = json_response
- result.collect! { |v| v['id'] }
- expect(result).to eq([user2.id, user1.id])
- get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[firstname created_at], order_by: %w[desc asc] }, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Array)
- result = json_response
- result.collect! { |v| v['id'] }
- expect(result).to eq([user2.id, user1.id])
- get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'out_of_office', order_by: 'asc' }, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Array)
- result = json_response
- result.collect! { |v| v['id'] }
- expect(result).to eq([user1.id, user2.id])
- get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'out_of_office', order_by: 'desc' }, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Array)
- result = json_response
- result.collect! { |v| v['id'] }
- expect(result).to eq([user2.id, user1.id])
- get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[created_by_id created_at], order_by: %w[asc asc] }, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Array)
- result = json_response
- result.collect! { |v| v['id'] }
- expect(result).to eq([user1.id, user2.id])
- end
- context 'does password reset send work' do
- let(:user) { create(:customer, login: 'somebody', email: 'somebody@example.com') }
- context 'for user without email address' do
- let(:user) { create(:customer, login: 'somebody', email: '') }
- it 'return failed' do
- post '/api/v1/users/password_reset', params: { username: user.login }, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Hash)
- expect(json_response['message']).to eq('failed')
- end
- end
- context 'for user with email address' do
- it 'return ok' do
- post '/api/v1/users/password_reset', params: { username: user.login }, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Hash)
- expect(json_response['message']).to eq('ok')
- end
- end
- context 'for user with email address but disabled feature' do
- before { Setting.set('user_lost_password', false) }
- it 'raise 422' do
- post '/api/v1/users/password_reset', params: { username: user.login }, as: :json
- expect(response).to have_http_status(:unprocessable_entity)
- expect(json_response['error']).to be_truthy
- expect(json_response['error']).to eq('Feature not enabled!')
- end
- end
- end
- context 'does password reset by token work' do
- let(:user) { create(:customer, login: 'somebody', email: 'somebody@example.com') }
- let(:token) { create(:token, action: 'PasswordReset', user_id: user.id) }
- context 'for user without email address' do
- let(:user) { create(:customer, login: 'somebody', email: '') }
- it 'return failed' do
- post '/api/v1/users/password_reset_verify', params: { username: user.login, token: token.name, password: 'Test1234#.' }, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Hash)
- expect(json_response['message']).to eq('failed')
- end
- end
- context 'for user with email address' do
- it 'return ok' do
- post '/api/v1/users/password_reset_verify', params: { username: user.login, token: token.name, password: 'TEst1234#.' }, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Hash)
- expect(json_response['message']).to eq('ok')
- end
- end
- context 'for user with email address but disabled feature' do
- before { Setting.set('user_lost_password', false) }
- it 'raise 422' do
- post '/api/v1/users/password_reset_verify', params: { username: user.login, token: token.name, password: 'Test1234#.' }, as: :json
- expect(response).to have_http_status(:unprocessable_entity)
- expect(json_response['error']).to be_truthy
- expect(json_response['error']).to eq('Feature not enabled!')
- end
- end
- end
- context 'password change' do
- let(:user) { create(:customer, login: 'somebody', email: 'somebody@example.com', password: 'Test1234#.') }
- before { authenticated_as(user, login: 'somebody', password: 'Test1234#.') }
- context 'user without email address' do
- let(:user) { create(:customer, login: 'somebody', email: '', password: 'Test1234#.') }
- it 'return ok' do
- post '/api/v1/users/password_change', params: { password_old: 'Test1234#.', password_new: 'TEst12345#.' }, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Hash)
- expect(json_response['message']).to eq('ok')
- end
- end
- context 'user with email address' do
- it 'return ok' do
- post '/api/v1/users/password_change', params: { password_old: 'Test1234#.', password_new: 'TEst12345#.' }, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response).to be_a_kind_of(Hash)
- expect(json_response['message']).to eq('ok')
- end
- end
- end
- end
- describe 'POST /api/v1/users', authenticated_as: -> { create(:admin) }, searchindex: false do
- def make_request(params)
- post '/api/v1/users', params: params, as: :json
- end
- let(:successful_params) { { email: attributes_for(:admin)[:email] } }
- let(:params_with_role) { successful_params.merge({ role_ids: [Role.find_by(name: 'Admin').id] } ) }
- let(:params_with_invite) { successful_params.merge({ invite: true } ) }
- it 'succeeds' do
- make_request successful_params
- expect(response).to have_http_status(:created)
- end
- it 'returns user data' do
- make_request successful_params
- expect(json_response).to have_key('email').and(have_value(successful_params[:email]))
- end
- it 'no session treated as signup', authenticated_as: false do
- make_request successful_params
- expect(response).to have_http_status(:unprocessable_entity)
- end
- it 'does not accept requests from customers', authenticated_as: -> { create(:customer) } do
- make_request successful_params
- expect(response).to have_http_status(:unauthorized)
- end
- it 'admins can give any role', authenticated_as: -> { create(:admin) } do
- make_request params_with_role
- expect(User.last).to be_role 'Admin'
- end
- it 'agents can not give roles', authenticated_as: -> { create(:agent) } do
- make_request params_with_role
- expect(User.last).not_to be_role 'Admin'
- end
- it 'does not send email verification notifications' do
- allow(NotificationFactory::Mailer).to receive(:notification)
- make_request successful_params
- expect(NotificationFactory::Mailer).not_to have_received(:notification) { |arguments| arguments[:template] == 'signup' }
- end
- it 'does not send invitation notification by default' do
- allow(NotificationFactory::Mailer).to receive(:notification)
- make_request successful_params
- expect(NotificationFactory::Mailer).not_to have_received(:notification) { |arguments| arguments[:template] == 'user_invite' }
- end
- it 'sends invitation notification when required' do
- allow(NotificationFactory::Mailer).to receive(:notification)
- make_request params_with_invite
- expect(NotificationFactory::Mailer).to have_received(:notification) { |arguments| arguments[:template] == 'user_invite' }
- end
- it 'requires at least one identifier' do
- make_request({ web: 'example.com' })
- expect(json_response['error']).to start_with('Minimum one identifier')
- end
- it 'takes first name as identifier' do
- make_request({ firstname: 'name' })
- expect(response).to have_http_status(:created)
- end
- it 'takes last name as identifier' do
- make_request({ lastname: 'name' })
- expect(response).to have_http_status(:created)
- end
- it 'takes login as identifier' do
- make_request({ login: 'name' })
- expect(response).to have_http_status(:created)
- end
- it 'requires valid email if present' do
- make_request({ email: 'not_valid_email' })
- expect(response).to have_http_status(:unprocessable_entity)
- end
- end
- describe 'POST /api/v1/users processed by #create_admin', authenticated_as: false do
- before do
- User.all[2...].each(&:destroy) # destroy previously created users
- end
- def make_request(params)
- post '/api/v1/users', params: params, as: :json
- end
- let(:successful_params) do
- email = attributes_for(:admin)[:email]
- { firstname: 'Admin First', lastname: 'Admin Last', email: email, password: 'asd1ASDasd!' }
- end
- it 'succeds' do
- make_request successful_params
- expect(response).to have_http_status(:created)
- end
- it 'returns success message' do
- make_request successful_params
- expect(json_response).to have_key('message').and(have_value('ok'))
- end
- it 'does not allow to create 2nd administrator account' do
- create(:admin)
- make_request successful_params
- expect(response).to have_http_status(:unprocessable_entity)
- end
- it 'requires email' do
- make_request successful_params.merge(email: nil)
- expect(response).to have_http_status(:unprocessable_entity)
- end
- it 'requires valid email' do
- make_request successful_params.merge(email: 'invalid_email')
- expect(response).to have_http_status(:unprocessable_entity)
- end
- it 'loads calendar' do
- allow(Calendar).to receive(:init_setup)
- make_request successful_params
- expect(Calendar).to have_received(:init_setup)
- end
- it 'loads text module' do
- allow(TextModule).to receive(:load)
- make_request successful_params
- expect(TextModule).to have_received(:load)
- end
- it 'does not send any notifications' do
- allow(NotificationFactory::Mailer).to receive(:notification)
- make_request successful_params
- expect(NotificationFactory::Mailer).not_to have_received(:notification)
- end
- end
- describe 'POST /api/v1/users processed by #create_signup', authenticated_as: false do
- def make_request(params)
- post '/api/v1/users', params: params, as: :json
- end
- let(:successful_params) do
- email = attributes_for(:admin)[:email]
- { firstname: 'Customer First', lastname: 'Customer Last', email: email, password: 'gsd1ASDasd!', signup: true }
- end
- before do
- create(:admin) # simulate functional system with admin created
- end
- it 'succeeds' do
- make_request successful_params
- expect(response).to have_http_status(:created)
- end
- it 'requires csrf', allow_forgery_protection: true do
- make_request successful_params
- expect(response).to have_http_status(:unauthorized)
- end
- it 'requires honeypot attribute' do
- params = successful_params.clone
- params.delete :signup
- make_request params
- expect(response).to have_http_status(:unprocessable_entity)
- end
- it 'requires signup to be enabled' do
- Setting.set('user_create_account', false)
- make_request successful_params
- expect(response).to have_http_status(:unprocessable_entity)
- end
- it 'requires email' do
- make_request successful_params.merge(email: nil)
- expect(response).to have_http_status(:unprocessable_entity)
- end
- it 'requires valid email' do
- make_request successful_params.merge(email: 'not_valid_email')
- expect(response).to have_http_status(:unprocessable_entity)
- end
- it 'returns false positive when email already used' do
- create(:customer, email: successful_params[:email])
- make_request successful_params
- expect(response).to have_http_status(:created)
- end
- it 'sends email verification notifications' do
- allow(NotificationFactory::Mailer).to receive(:notification)
- make_request successful_params
- expect(NotificationFactory::Mailer).to have_received(:notification) { |arguments| arguments[:template] == 'signup' }
- end
- it 'sends password reset notification when email already used' do
- create(:customer, email: successful_params[:email])
- allow(NotificationFactory::Mailer).to receive(:notification)
- make_request successful_params
- expect(NotificationFactory::Mailer).to have_received(:notification) { |arguments| arguments[:template] == 'signup_taken_reset' }
- end
- it 'sets role to Customer' do
- make_request successful_params
- expect(User.last).to be_role('Customer')
- end
- it 'ignores given Agent role' do
- make_request successful_params.merge(role_ids: [Role.find_by(name: 'Agent').id])
- expect(User.last).not_to be_role('Agent')
- end
- end
- end
|