user_spec.rb 59 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371
  1. require 'rails_helper'
  2. RSpec.describe 'User', type: :request do
  3. describe 'request handling', searchindex: true do
  4. let!(:admin) do
  5. create(
  6. :admin,
  7. groups: Group.all,
  8. login: 'rest-admin',
  9. firstname: 'Rest',
  10. lastname: 'Agent',
  11. email: 'rest-admin@example.com',
  12. )
  13. end
  14. let!(:admin_with_pw) do
  15. create(
  16. :admin,
  17. groups: Group.all,
  18. login: 'rest-admin-pw',
  19. firstname: 'Rest',
  20. lastname: 'Agent',
  21. email: 'rest-admin-pw@example.com',
  22. password: 'adminpw',
  23. )
  24. end
  25. let!(:agent) do
  26. create(
  27. :agent,
  28. groups: Group.all,
  29. login: 'rest-agent@example.com',
  30. firstname: 'Rest',
  31. lastname: 'Agent',
  32. email: 'rest-agent@example.com',
  33. )
  34. end
  35. let!(:customer) do
  36. create(
  37. :customer,
  38. login: 'rest-customer1@example.com',
  39. firstname: 'Rest',
  40. lastname: 'Customer1',
  41. email: 'rest-customer1@example.com',
  42. )
  43. end
  44. let!(:organization) do
  45. create(:organization, name: 'Rest Org')
  46. end
  47. let!(:organization2) do
  48. create(:organization, name: 'Rest Org #2')
  49. end
  50. let!(:organization3) do
  51. create(:organization, name: 'Rest Org #3')
  52. end
  53. let!(:customer2) do
  54. create(
  55. :customer,
  56. organization: organization,
  57. login: 'rest-customer2@example.com',
  58. firstname: 'Rest',
  59. lastname: 'Customer2',
  60. email: 'rest-customer2@example.com',
  61. )
  62. end
  63. before do
  64. configure_elasticsearch(rebuild: true)
  65. end
  66. it 'does user create tests - no user' do
  67. post '/api/v1/signshow', params: {}, as: :json
  68. # create user with disabled feature
  69. Setting.set('user_create_account', false)
  70. token = @response.headers['CSRF-TOKEN']
  71. # token based on form
  72. params = { email: 'some_new_customer@example.com', signup: true, authenticity_token: token }
  73. post '/api/v1/users', params: params, as: :json
  74. expect(response).to have_http_status(:unprocessable_entity)
  75. expect(json_response['error']).to be_truthy
  76. expect(json_response['error']).to eq('Feature not enabled!')
  77. # token based on headers
  78. headers = { 'X-CSRF-Token' => token }
  79. params = { email: 'some_new_customer@example.com', signup: true }
  80. post '/api/v1/users', params: params, headers: headers, as: :json
  81. expect(response).to have_http_status(:unprocessable_entity)
  82. expect(json_response['error']).to be_truthy
  83. expect(json_response['error']).to eq('Feature not enabled!')
  84. Setting.set('user_create_account', true)
  85. # no signup param without password
  86. params = { email: 'some_new_customer@example.com', signup: true }
  87. post '/api/v1/users', params: params, headers: headers, as: :json
  88. expect(response).to have_http_status(:unprocessable_entity)
  89. expect(json_response['error']).to be_truthy
  90. # already existing user with enabled feature, pretend signup is successful
  91. params = { email: 'rest-customer1@example.com', password: 'asd1ASDasd!', signup: true }
  92. post '/api/v1/users', params: params, headers: headers, as: :json
  93. expect(response).to have_http_status(:created)
  94. expect(json_response).to be_truthy
  95. # email missing with enabled feature
  96. params = { firstname: 'some firstname', signup: true }
  97. post '/api/v1/users', params: params, headers: headers, as: :json
  98. expect(response).to have_http_status(:unprocessable_entity)
  99. expect(json_response['error']).to be_truthy
  100. expect(json_response['error']).to eq('Attribute \'email\' required!')
  101. # email missing with enabled feature
  102. params = { firstname: 'some firstname', signup: true }
  103. post '/api/v1/users', params: params, headers: headers, as: :json
  104. expect(response).to have_http_status(:unprocessable_entity)
  105. expect(json_response['error']).to be_truthy
  106. expect(json_response['error']).to eq('Attribute \'email\' required!')
  107. # create user with enabled feature (take customer role)
  108. params = { firstname: 'Me First', lastname: 'Me Last', email: 'new_here@example.com', password: '1asdASDasd', signup: true }
  109. post '/api/v1/users', params: params, headers: headers, as: :json
  110. expect(response).to have_http_status(:created)
  111. expect(json_response).to be_truthy
  112. expect(json_response['message']).to eq('ok')
  113. user = User.find_by email: 'new_here@example.com'
  114. expect(user).not_to be_role('Admin')
  115. expect(user).not_to be_role('Agent')
  116. expect(user).to be_role('Customer')
  117. # create user with admin role (not allowed for signup, take customer role)
  118. role = Role.lookup(name: 'Admin')
  119. params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin@example.com', role_ids: [ role.id ], signup: true, password: '1asdASDasd' }
  120. post '/api/v1/users', params: params, headers: headers, as: :json
  121. expect(response).to have_http_status(:created)
  122. expect(json_response).to be_truthy
  123. user = User.find_by email: 'new_admin@example.com'
  124. expect(user).not_to be_role('Admin')
  125. expect(user).not_to be_role('Agent')
  126. expect(user).to be_role('Customer')
  127. # create user with agent role (not allowed for signup, take customer role)
  128. role = Role.lookup(name: 'Agent')
  129. params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent@example.com', role_ids: [ role.id ], signup: true, password: '1asdASDasd' }
  130. post '/api/v1/users', params: params, headers: headers, as: :json
  131. expect(response).to have_http_status(:created)
  132. expect(json_response).to be_truthy
  133. user = User.find_by email: 'new_agent@example.com'
  134. expect(user).not_to be_role('Admin')
  135. expect(user).not_to be_role('Agent')
  136. expect(user).to be_role('Customer')
  137. # no user (because of no session)
  138. get '/api/v1/users', params: {}, headers: headers, as: :json
  139. expect(response).to have_http_status(:unauthorized)
  140. expect(json_response['error']).to eq('authentication failed')
  141. # me
  142. get '/api/v1/users/me', params: {}, headers: headers, as: :json
  143. expect(response).to have_http_status(:unauthorized)
  144. expect(json_response['error']).to eq('authentication failed')
  145. end
  146. context 'password security' do
  147. it 'verified with no current user' do
  148. params = { email: 'some_new_customer@example.com', password: 'asdasdasdasd', signup: true }
  149. post '/api/v1/users', params: params, headers: headers, as: :json
  150. expect(response).to have_http_status(:unprocessable_entity)
  151. expect(json_response['error']).to be_truthy
  152. expect(json_response['error']).to include('Invalid password')
  153. end
  154. it 'verified with no current user', authenticated_as: :admin do
  155. params = { email: 'some_new_customer@example.com', password: 'asd' }
  156. post '/api/v1/users', params: params, headers: headers, as: :json
  157. expect(response).to have_http_status(:created)
  158. end
  159. end
  160. it 'does auth tests - not existing user' do
  161. authenticated_as(nil, login: 'not_existing@example.com', password: 'adminpw')
  162. get '/api/v1/users/me', params: {}, as: :json
  163. expect(response).to have_http_status(:unauthorized)
  164. expect(json_response['error']).to eq('authentication failed')
  165. get '/api/v1/users', params: {}, as: :json
  166. expect(response).to have_http_status(:unauthorized)
  167. expect(json_response['error']).to eq('authentication failed')
  168. end
  169. it 'does auth tests - username auth, wrong pw' do
  170. authenticated_as(admin, password: 'not_existing')
  171. get '/api/v1/users', params: {}, as: :json
  172. expect(response).to have_http_status(:unauthorized)
  173. expect(json_response['error']).to eq('authentication failed')
  174. end
  175. it 'does auth tests - email auth, wrong pw' do
  176. authenticated_as(nil, login: 'rest-admin@example.com', password: 'not_existing')
  177. get '/api/v1/users', params: {}, as: :json
  178. expect(response).to have_http_status(:unauthorized)
  179. expect(json_response['error']).to eq('authentication failed')
  180. end
  181. it 'does auth tests - username auth' do
  182. authenticated_as(nil, login: 'rest-admin-pw', password: 'adminpw')
  183. get '/api/v1/users', params: {}, as: :json
  184. expect(response).to have_http_status(:ok)
  185. expect(json_response).to be_truthy
  186. end
  187. it 'does auth tests - email auth' do
  188. authenticated_as(nil, login: 'rest-admin-pw@example.com', password: 'adminpw')
  189. get '/api/v1/users', params: {}, as: :json
  190. expect(response).to have_http_status(:ok)
  191. expect(json_response).to be_truthy
  192. end
  193. it 'does user index and create with admin' do
  194. authenticated_as(admin)
  195. get '/api/v1/users/me', params: {}, as: :json
  196. expect(response).to have_http_status(:ok)
  197. expect(json_response).to be_truthy
  198. expect('rest-admin@example.com').to eq(json_response['email'])
  199. # index
  200. get '/api/v1/users', params: {}, as: :json
  201. expect(response).to have_http_status(:ok)
  202. expect(json_response).to be_truthy
  203. # index
  204. get '/api/v1/users', params: {}, as: :json
  205. expect(response).to have_http_status(:ok)
  206. expect(json_response).to be_truthy
  207. expect(Array).to eq(json_response.class)
  208. expect(json_response.length >= 3).to be_truthy
  209. # show/:id
  210. get "/api/v1/users/#{agent.id}", params: {}, as: :json
  211. expect(response).to have_http_status(:ok)
  212. expect(json_response).to be_truthy
  213. expect(Hash).to eq(json_response.class)
  214. expect('rest-agent@example.com').to eq(json_response['email'])
  215. get "/api/v1/users/#{customer.id}", params: {}, as: :json
  216. expect(response).to have_http_status(:ok)
  217. expect(json_response).to be_truthy
  218. expect(Hash).to eq(json_response.class)
  219. expect('rest-customer1@example.com').to eq(json_response['email'])
  220. # create user with admin role
  221. role = Role.lookup(name: 'Admin')
  222. params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_admin@example.com', role_ids: [ role.id ] }
  223. post '/api/v1/users', params: params, as: :json
  224. expect(response).to have_http_status(:created)
  225. expect(json_response).to be_truthy
  226. user = User.find(json_response['id'])
  227. expect(user).to be_role('Admin')
  228. expect(user).not_to be_role('Agent')
  229. expect(user).not_to be_role('Customer')
  230. expect(json_response['login']).to eq('new_admin_by_admin@example.com')
  231. expect(json_response['email']).to eq('new_admin_by_admin@example.com')
  232. # create user with agent role
  233. role = Role.lookup(name: 'Agent')
  234. params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_admin1@example.com', role_ids: [ role.id ] }
  235. post '/api/v1/users', params: params, as: :json
  236. expect(response).to have_http_status(:created)
  237. expect(json_response).to be_truthy
  238. user = User.find(json_response['id'])
  239. expect(user).not_to be_role('Admin')
  240. expect(user).to be_role('Agent')
  241. expect(user).not_to be_role('Customer')
  242. expect(json_response['login']).to eq('new_agent_by_admin1@example.com')
  243. expect(json_response['email']).to eq('new_agent_by_admin1@example.com')
  244. role = Role.lookup(name: 'Agent')
  245. params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
  246. post '/api/v1/users', params: params, as: :json
  247. expect(response).to have_http_status(:created)
  248. expect(json_response).to be_truthy
  249. user = User.find(json_response['id'])
  250. expect(user).not_to be_role('Admin')
  251. expect(user).to be_role('Agent')
  252. expect(user).not_to be_role('Customer')
  253. expect(json_response['login']).to eq('new_agent_by_admin2@example.com')
  254. expect(json_response['email']).to eq('new_agent_by_admin2@example.com')
  255. expect(json_response['firstname']).to eq('Agent')
  256. expect(json_response['lastname']).to eq('First')
  257. role = Role.lookup(name: 'Agent')
  258. params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
  259. post '/api/v1/users', params: params, as: :json
  260. expect(response).to have_http_status(:unprocessable_entity)
  261. expect(json_response).to be_truthy
  262. expect(json_response['error']).to eq("Email address 'new_agent_by_admin2@example.com' is already used for other user.")
  263. # missing required attributes
  264. params = { note: 'some note' }
  265. post '/api/v1/users', params: params, as: :json
  266. expect(response).to have_http_status(:unprocessable_entity)
  267. expect(json_response).to be_truthy
  268. expect(json_response['error']).to eq('Minimum one identifier (login, firstname, lastname, phone or email) for user is required.')
  269. # invalid email
  270. params = { firstname: 'newfirstname123', email: 'some_what', note: 'some note' }
  271. post '/api/v1/users', params: params, as: :json
  272. expect(response).to have_http_status(:unprocessable_entity)
  273. expect(json_response).to be_truthy
  274. expect(json_response['error']).to eq("Invalid email 'some_what'")
  275. # with valid attributes
  276. params = { firstname: 'newfirstname123', note: 'some note' }
  277. post '/api/v1/users', params: params, as: :json
  278. expect(response).to have_http_status(:created)
  279. expect(json_response).to be_truthy
  280. user = User.find(json_response['id'])
  281. expect(user).not_to be_role('Admin')
  282. expect(user).not_to be_role('Agent')
  283. expect(user).to be_role('Customer')
  284. expect(json_response['login']).to be_start_with('auto-')
  285. expect(json_response['email']).to eq('')
  286. expect(json_response['firstname']).to eq('newfirstname123')
  287. expect(json_response['lastname']).to eq('')
  288. end
  289. it 'does user index and create with agent' do
  290. authenticated_as(agent)
  291. get '/api/v1/users/me', params: {}, as: :json
  292. expect(response).to have_http_status(:ok)
  293. expect(json_response).to be_truthy
  294. expect('rest-agent@example.com').to eq(json_response['email'])
  295. # index
  296. get '/api/v1/users', params: {}, as: :json
  297. expect(response).to have_http_status(:ok)
  298. expect(json_response).to be_truthy
  299. # index
  300. get '/api/v1/users', params: {}, as: :json
  301. expect(response).to have_http_status(:ok)
  302. expect(json_response).to be_truthy
  303. expect(Array).to eq(json_response.class)
  304. expect(json_response.length >= 3).to be_truthy
  305. get '/api/v1/users?limit=40&page=1&per_page=2', params: {}, as: :json
  306. expect(response).to have_http_status(:ok)
  307. expect(json_response).to be_a_kind_of(Array)
  308. users = User.order(:id).limit(2)
  309. expect(json_response[0]['id']).to eq(users[0].id)
  310. expect(json_response[1]['id']).to eq(users[1].id)
  311. expect(json_response.count).to eq(2)
  312. get '/api/v1/users?limit=40&page=2&per_page=2', params: {}, as: :json
  313. expect(response).to have_http_status(:ok)
  314. expect(json_response).to be_a_kind_of(Array)
  315. users = User.order(:id).limit(4)
  316. expect(json_response[0]['id']).to eq(users[2].id)
  317. expect(json_response[1]['id']).to eq(users[3].id)
  318. expect(json_response.count).to eq(2)
  319. # create user with admin role
  320. firstname = "First test#{rand(999_999_999)}"
  321. role = Role.lookup(name: 'Admin')
  322. params = { firstname: "Admin#{firstname}", lastname: 'Admin Last', email: 'new_admin_by_agent@example.com', role_ids: [ role.id ] }
  323. post '/api/v1/users', params: params, as: :json
  324. expect(response).to have_http_status(:created)
  325. json_response1 = JSON.parse(@response.body)
  326. expect(json_response1).to be_truthy
  327. user = User.find(json_response1['id'])
  328. expect(user).not_to be_role('Admin')
  329. expect(user).not_to be_role('Agent')
  330. expect(user).to be_role('Customer')
  331. expect(json_response1['login']).to eq('new_admin_by_agent@example.com')
  332. expect(json_response1['email']).to eq('new_admin_by_agent@example.com')
  333. # create user with agent role
  334. role = Role.lookup(name: 'Agent')
  335. params = { firstname: "Agent#{firstname}", lastname: 'Agent Last', email: 'new_agent_by_agent@example.com', role_ids: [ role.id ] }
  336. post '/api/v1/users', params: params, as: :json
  337. expect(response).to have_http_status(:created)
  338. json_response1 = JSON.parse(@response.body)
  339. expect(json_response1).to be_truthy
  340. user = User.find(json_response1['id'])
  341. expect(user).not_to be_role('Admin')
  342. expect(user).not_to be_role('Agent')
  343. expect(user).to be_role('Customer')
  344. expect(json_response1['login']).to eq('new_agent_by_agent@example.com')
  345. expect(json_response1['email']).to eq('new_agent_by_agent@example.com')
  346. # create user with customer role
  347. role = Role.lookup(name: 'Customer')
  348. params = { firstname: "Customer#{firstname}", lastname: 'Customer Last', email: 'new_customer_by_agent@example.com', role_ids: [ role.id ] }
  349. post '/api/v1/users', params: params, as: :json
  350. expect(response).to have_http_status(:created)
  351. json_response1 = JSON.parse(@response.body)
  352. expect(json_response1).to be_truthy
  353. user = User.find(json_response1['id'])
  354. expect(user).not_to be_role('Admin')
  355. expect(user).not_to be_role('Agent')
  356. expect(user).to be_role('Customer')
  357. expect(json_response1['login']).to eq('new_customer_by_agent@example.com')
  358. expect(json_response1['email']).to eq('new_customer_by_agent@example.com')
  359. # search as agent
  360. Scheduler.worker(true)
  361. sleep 2 # let es time to come ready
  362. get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}", params: {}, as: :json
  363. expect(response).to have_http_status(:ok)
  364. expect(json_response).to be_a_kind_of(Array)
  365. expect(json_response[0]['id']).to eq(json_response1['id'])
  366. expect(json_response[0]['firstname']).to eq("Customer#{firstname}")
  367. expect(json_response[0]['lastname']).to eq('Customer Last')
  368. expect(json_response[0]['role_ids']).to be_truthy
  369. expect(json_response[0]['roles']).to be_falsey
  370. get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&expand=true", params: {}, as: :json
  371. expect(response).to have_http_status(:ok)
  372. expect(json_response).to be_a_kind_of(Array)
  373. expect(json_response[0]['id']).to eq(json_response1['id'])
  374. expect(json_response[0]['firstname']).to eq("Customer#{firstname}")
  375. expect(json_response[0]['lastname']).to eq('Customer Last')
  376. expect(json_response[0]['role_ids']).to be_truthy
  377. expect(json_response[0]['roles']).to be_truthy
  378. get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&label=true", params: {}, as: :json
  379. expect(response).to have_http_status(:ok)
  380. expect(json_response).to be_a_kind_of(Array)
  381. expect(json_response[0]['id']).to eq(json_response1['id'])
  382. expect(json_response[0]['label']).to eq("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>")
  383. expect(json_response[0]['value']).to eq("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>")
  384. expect(json_response[0]['role_ids']).to be_falsey
  385. expect(json_response[0]['roles']).to be_falsey
  386. get "/api/v1/users/search?term=#{CGI.escape("Customer#{firstname}")}", params: {}, as: :json
  387. expect(response).to have_http_status(:ok)
  388. expect(json_response).to be_a_kind_of(Array)
  389. expect(json_response[0]['id']).to eq(json_response1['id'])
  390. expect(json_response[0]['label']).to eq("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>")
  391. expect(json_response[0]['value']).to eq('new_customer_by_agent@example.com')
  392. expect(json_response[0]['role_ids']).to be_falsey
  393. expect(json_response[0]['roles']).to be_falsey
  394. # Regression test for issue #2539 - search pagination broken in users_controller.rb
  395. # Get the total number of users N, then search with one result per page, so there should N pages with one result each
  396. get '/api/v1/users/search', params: { query: '*' }, as: :json
  397. total_number = json_response.count
  398. (1..total_number).each do |i|
  399. get '/api/v1/users/search', params: { query: '*', per_page: 1, page: i }, as: :json
  400. expect(response).to have_http_status(:ok)
  401. expect(json_response).to be_a_kind_of(Array)
  402. expect(json_response.count).to eq(1), "Page #{i}/#{total_number} of the user search pagination test have the wrong result!"
  403. end
  404. role = Role.find_by(name: 'Agent')
  405. get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, as: :json
  406. expect(response).to have_http_status(:ok)
  407. expect(json_response).to be_a_kind_of(Array)
  408. expect(json_response.count).to eq(0)
  409. role = Role.find_by(name: 'Customer')
  410. get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, as: :json
  411. expect(response).to have_http_status(:ok)
  412. expect(json_response).to be_a_kind_of(Array)
  413. expect(json_response[0]['id']).to eq(json_response1['id'])
  414. expect(json_response[0]['label']).to eq("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>")
  415. expect(json_response[0]['value']).to eq("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>")
  416. expect(json_response[0]['role_ids']).to be_falsey
  417. expect(json_response[0]['roles']).to be_falsey
  418. permission = Permission.find_by(name: 'ticket.agent')
  419. get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, as: :json
  420. expect(response).to have_http_status(:ok)
  421. expect(json_response).to be_a_kind_of(Array)
  422. expect(json_response.count).to eq(0)
  423. permission = Permission.find_by(name: 'ticket.customer')
  424. get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, as: :json
  425. expect(response).to have_http_status(:ok)
  426. expect(json_response).to be_a_kind_of(Array)
  427. expect(json_response[0]['id']).to eq(json_response1['id'])
  428. expect(json_response[0]['label']).to eq("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>")
  429. expect(json_response[0]['value']).to eq("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>")
  430. expect(json_response[0]['role_ids']).to be_falsey
  431. expect(json_response[0]['roles']).to be_falsey
  432. end
  433. it 'does user index and create with customer1' do
  434. authenticated_as(customer)
  435. get '/api/v1/users/me', params: {}, as: :json
  436. expect(response).to have_http_status(:ok)
  437. expect(json_response).to be_truthy
  438. expect('rest-customer1@example.com').to eq(json_response['email'])
  439. # index
  440. get '/api/v1/users', params: {}, as: :json
  441. expect(response).to have_http_status(:ok)
  442. expect(Array).to eq(json_response.class)
  443. expect(1).to eq(json_response.length)
  444. # show/:id
  445. get "/api/v1/users/#{customer.id}", params: {}, as: :json
  446. expect(response).to have_http_status(:ok)
  447. expect(Hash).to eq(json_response.class)
  448. expect('rest-customer1@example.com').to eq(json_response['email'])
  449. get "/api/v1/users/#{customer2.id}", params: {}, as: :json
  450. expect(response).to have_http_status(:unauthorized)
  451. expect(Hash).to eq(json_response.class)
  452. expect(json_response['error']).to be_truthy
  453. # create user with admin role
  454. role = Role.lookup(name: 'Admin')
  455. params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_customer1@example.com', role_ids: [ role.id ] }
  456. post '/api/v1/users', params: params, as: :json
  457. expect(response).to have_http_status(:unauthorized)
  458. # create user with agent role
  459. role = Role.lookup(name: 'Agent')
  460. params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_customer1@example.com', role_ids: [ role.id ] }
  461. post '/api/v1/users', params: params, as: :json
  462. expect(response).to have_http_status(:unauthorized)
  463. # search
  464. Scheduler.worker(true)
  465. get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, as: :json
  466. expect(response).to have_http_status(:unauthorized)
  467. end
  468. it 'does user index with customer2' do
  469. authenticated_as(customer2)
  470. get '/api/v1/users/me', params: {}, as: :json
  471. expect(response).to have_http_status(:ok)
  472. expect(json_response).to be_truthy
  473. expect('rest-customer2@example.com').to eq(json_response['email'])
  474. # index
  475. get '/api/v1/users', params: {}, as: :json
  476. expect(response).to have_http_status(:ok)
  477. expect(Array).to eq(json_response.class)
  478. expect(1).to eq(json_response.length)
  479. # show/:id
  480. get "/api/v1/users/#{customer2.id}", params: {}, as: :json
  481. expect(response).to have_http_status(:ok)
  482. expect(Hash).to eq(json_response.class)
  483. expect('rest-customer2@example.com').to eq(json_response['email'])
  484. get "/api/v1/users/#{customer.id}", params: {}, as: :json
  485. expect(response).to have_http_status(:unauthorized)
  486. expect(Hash).to eq(json_response.class)
  487. expect(json_response['error']).to be_truthy
  488. # search
  489. Scheduler.worker(true)
  490. get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, as: :json
  491. expect(response).to have_http_status(:unauthorized)
  492. end
  493. it 'does users show and response format (04.01)' do
  494. user = create(
  495. :customer,
  496. login: 'rest-customer3@example.com',
  497. firstname: 'Rest',
  498. lastname: 'Customer3',
  499. email: 'rest-customer3@example.com',
  500. password: 'customer3pw',
  501. active: true,
  502. organization: organization,
  503. updated_by_id: admin.id,
  504. created_by_id: admin.id,
  505. )
  506. authenticated_as(admin)
  507. get "/api/v1/users/#{user.id}", params: {}, as: :json
  508. expect(response).to have_http_status(:ok)
  509. expect(json_response).to be_a_kind_of(Hash)
  510. expect(json_response['id']).to eq(user.id)
  511. expect(json_response['firstname']).to eq(user.firstname)
  512. expect(json_response['organization']).to be_falsey
  513. expect(json_response['organization_id']).to eq(user.organization_id)
  514. expect(json_response['password']).to be_falsey
  515. expect(json_response['role_ids']).to eq(user.role_ids)
  516. expect(json_response['updated_by_id']).to eq(admin.id)
  517. expect(json_response['created_by_id']).to eq(admin.id)
  518. get "/api/v1/users/#{user.id}?expand=true", params: {}, as: :json
  519. expect(response).to have_http_status(:ok)
  520. expect(json_response).to be_a_kind_of(Hash)
  521. expect(json_response['id']).to eq(user.id)
  522. expect(json_response['firstname']).to eq(user.firstname)
  523. expect(json_response['organization_id']).to eq(user.organization_id)
  524. expect(json_response['organization']).to eq(user.organization.name)
  525. expect(json_response['role_ids']).to eq(user.role_ids)
  526. expect(json_response['password']).to be_falsey
  527. expect(json_response['updated_by_id']).to eq(admin.id)
  528. expect(json_response['created_by_id']).to eq(admin.id)
  529. get "/api/v1/users/#{user.id}?expand=false", params: {}, as: :json
  530. expect(response).to have_http_status(:ok)
  531. expect(json_response).to be_a_kind_of(Hash)
  532. expect(json_response['id']).to eq(user.id)
  533. expect(json_response['firstname']).to eq(user.firstname)
  534. expect(json_response['organization']).to be_falsey
  535. expect(json_response['organization_id']).to eq(user.organization_id)
  536. expect(json_response['password']).to be_falsey
  537. expect(json_response['role_ids']).to eq(user.role_ids)
  538. expect(json_response['updated_by_id']).to eq(admin.id)
  539. expect(json_response['created_by_id']).to eq(admin.id)
  540. get "/api/v1/users/#{user.id}?full=true", params: {}, as: :json
  541. expect(response).to have_http_status(:ok)
  542. expect(json_response).to be_a_kind_of(Hash)
  543. expect(json_response['id']).to eq(user.id)
  544. expect(json_response['assets']).to be_truthy
  545. expect(json_response['assets']['User']).to be_truthy
  546. expect(json_response['assets']['User'][user.id.to_s]).to be_truthy
  547. expect(json_response['assets']['User'][user.id.to_s]['id']).to eq(user.id)
  548. expect(json_response['assets']['User'][user.id.to_s]['firstname']).to eq(user.firstname)
  549. expect(json_response['assets']['User'][user.id.to_s]['organization_id']).to eq(user.organization_id)
  550. expect(json_response['assets']['User'][user.id.to_s]['role_ids']).to eq(user.role_ids)
  551. get "/api/v1/users/#{user.id}?full=false", params: {}, as: :json
  552. expect(response).to have_http_status(:ok)
  553. expect(json_response).to be_a_kind_of(Hash)
  554. expect(json_response['id']).to eq(user.id)
  555. expect(json_response['firstname']).to eq(user.firstname)
  556. expect(json_response['organization']).to be_falsey
  557. expect(json_response['organization_id']).to eq(user.organization_id)
  558. expect(json_response['password']).to be_falsey
  559. expect(json_response['role_ids']).to eq(user.role_ids)
  560. expect(json_response['updated_by_id']).to eq(admin.id)
  561. expect(json_response['created_by_id']).to eq(admin.id)
  562. end
  563. it 'does user index and response format (04.02)' do
  564. user = create(
  565. :customer,
  566. login: 'rest-customer3@example.com',
  567. firstname: 'Rest',
  568. lastname: 'Customer3',
  569. email: 'rest-customer3@example.com',
  570. password: 'customer3pw',
  571. active: true,
  572. organization: organization,
  573. updated_by_id: admin.id,
  574. created_by_id: admin.id,
  575. )
  576. authenticated_as(admin)
  577. get '/api/v1/users', params: {}, as: :json
  578. expect(response).to have_http_status(:ok)
  579. expect(json_response).to be_a_kind_of(Array)
  580. expect(json_response[0].class).to eq(Hash)
  581. expect(json_response.last['id']).to eq(user.id)
  582. expect(json_response.last['lastname']).to eq(user.lastname)
  583. expect(json_response.last['organization']).to be_falsey
  584. expect(json_response.last['role_ids']).to eq(user.role_ids)
  585. expect(json_response.last['organization_id']).to eq(user.organization_id)
  586. expect(json_response.last['password']).to be_falsey
  587. expect(json_response.last['updated_by_id']).to eq(admin.id)
  588. expect(json_response.last['created_by_id']).to eq(admin.id)
  589. get '/api/v1/users?expand=true', params: {}, as: :json
  590. expect(response).to have_http_status(:ok)
  591. expect(json_response).to be_a_kind_of(Array)
  592. expect(json_response[0].class).to eq(Hash)
  593. expect(json_response.last['id']).to eq(user.id)
  594. expect(json_response.last['lastname']).to eq(user.lastname)
  595. expect(json_response.last['organization_id']).to eq(user.organization_id)
  596. expect(json_response.last['organization']).to eq(user.organization.name)
  597. expect(json_response.last['password']).to be_falsey
  598. expect(json_response.last['updated_by_id']).to eq(admin.id)
  599. expect(json_response.last['created_by_id']).to eq(admin.id)
  600. get '/api/v1/users?expand=false', params: {}, as: :json
  601. expect(response).to have_http_status(:ok)
  602. expect(json_response).to be_a_kind_of(Array)
  603. expect(json_response[0].class).to eq(Hash)
  604. expect(json_response.last['id']).to eq(user.id)
  605. expect(json_response.last['lastname']).to eq(user.lastname)
  606. expect(json_response.last['organization']).to be_falsey
  607. expect(json_response.last['role_ids']).to eq(user.role_ids)
  608. expect(json_response.last['organization_id']).to eq(user.organization_id)
  609. expect(json_response.last['password']).to be_falsey
  610. expect(json_response.last['updated_by_id']).to eq(admin.id)
  611. expect(json_response.last['created_by_id']).to eq(admin.id)
  612. get '/api/v1/users?full=true', params: {}, as: :json
  613. expect(response).to have_http_status(:ok)
  614. expect(json_response).to be_a_kind_of(Hash)
  615. expect(json_response['record_ids'].class).to eq(Array)
  616. expect(json_response['record_ids'][0]).to eq(1)
  617. expect(json_response['record_ids'].last).to eq(user.id)
  618. expect(json_response['assets']).to be_truthy
  619. expect(json_response['assets']['User']).to be_truthy
  620. expect(json_response['assets']['User'][user.id.to_s]).to be_truthy
  621. expect(json_response['assets']['User'][user.id.to_s]['id']).to eq(user.id)
  622. expect(json_response['assets']['User'][user.id.to_s]['lastname']).to eq(user.lastname)
  623. expect(json_response['assets']['User'][user.id.to_s]['organization_id']).to eq(user.organization_id)
  624. expect(json_response['assets']['User'][user.id.to_s]['password']).to be_falsey
  625. get '/api/v1/users?full=false', params: {}, as: :json
  626. expect(response).to have_http_status(:ok)
  627. expect(json_response).to be_a_kind_of(Array)
  628. expect(json_response[0].class).to eq(Hash)
  629. expect(json_response.last['id']).to eq(user.id)
  630. expect(json_response.last['lastname']).to eq(user.lastname)
  631. expect(json_response.last['organization']).to be_falsey
  632. expect(json_response.last['role_ids']).to eq(user.role_ids)
  633. expect(json_response.last['organization_id']).to eq(user.organization_id)
  634. expect(json_response.last['password']).to be_falsey
  635. expect(json_response.last['updated_by_id']).to eq(admin.id)
  636. expect(json_response.last['created_by_id']).to eq(admin.id)
  637. end
  638. it 'does ticket create and response format (04.03)' do
  639. organization = Organization.first
  640. params = {
  641. firstname: 'newfirstname123',
  642. note: 'some note',
  643. organization: organization.name,
  644. }
  645. authenticated_as(admin)
  646. post '/api/v1/users', params: params, as: :json
  647. expect(response).to have_http_status(:created)
  648. expect(json_response).to be_a_kind_of(Hash)
  649. user = User.find(json_response['id'])
  650. expect(json_response['firstname']).to eq(user.firstname)
  651. expect(json_response['organization_id']).to eq(user.organization_id)
  652. expect(json_response['organization']).to be_falsey
  653. expect(json_response['password']).to be_falsey
  654. expect(json_response['updated_by_id']).to eq(admin.id)
  655. expect(json_response['created_by_id']).to eq(admin.id)
  656. post '/api/v1/users?expand=true', params: params, as: :json
  657. expect(response).to have_http_status(:created)
  658. expect(json_response).to be_a_kind_of(Hash)
  659. user = User.find(json_response['id'])
  660. expect(json_response['firstname']).to eq(user.firstname)
  661. expect(json_response['organization_id']).to eq(user.organization_id)
  662. expect(json_response['organization']).to eq(user.organization.name)
  663. expect(json_response['password']).to be_falsey
  664. expect(json_response['updated_by_id']).to eq(admin.id)
  665. expect(json_response['created_by_id']).to eq(admin.id)
  666. post '/api/v1/users?full=true', params: params, as: :json
  667. expect(response).to have_http_status(:created)
  668. expect(json_response).to be_a_kind_of(Hash)
  669. user = User.find(json_response['id'])
  670. expect(json_response['assets']).to be_truthy
  671. expect(json_response['assets']['User']).to be_truthy
  672. expect(json_response['assets']['User'][user.id.to_s]).to be_truthy
  673. expect(json_response['assets']['User'][user.id.to_s]['id']).to eq(user.id)
  674. expect(json_response['assets']['User'][user.id.to_s]['firstname']).to eq(user.firstname)
  675. expect(json_response['assets']['User'][user.id.to_s]['lastname']).to eq(user.lastname)
  676. expect(json_response['assets']['User'][user.id.to_s]['password']).to be_falsey
  677. expect(json_response['assets']['User'][admin.id.to_s]).to be_truthy
  678. expect(json_response['assets']['User'][admin.id.to_s]['id']).to eq(admin.id)
  679. expect(json_response['assets']['User'][admin.id.to_s]['firstname']).to eq(admin.firstname)
  680. expect(json_response['assets']['User'][admin.id.to_s]['lastname']).to eq(admin.lastname)
  681. expect(json_response['assets']['User'][admin.id.to_s]['password']).to be_falsey
  682. end
  683. it 'does ticket update and response formats (04.04)' do
  684. user = create(
  685. :customer,
  686. login: 'rest-customer3@example.com',
  687. firstname: 'Rest',
  688. lastname: 'Customer3',
  689. email: 'rest-customer3@example.com',
  690. password: 'customer3pw',
  691. active: true,
  692. organization: organization,
  693. updated_by_id: admin.id,
  694. created_by_id: admin.id,
  695. )
  696. authenticated_as(admin)
  697. params = {
  698. firstname: 'a update firstname #1',
  699. }
  700. put "/api/v1/users/#{user.id}", params: params, as: :json
  701. expect(response).to have_http_status(:ok)
  702. expect(json_response).to be_a_kind_of(Hash)
  703. user = User.find(json_response['id'])
  704. expect(json_response['lastname']).to eq(user.lastname)
  705. expect(json_response['firstname']).to eq(params[:firstname])
  706. expect(json_response['organization_id']).to eq(user.organization_id)
  707. expect(json_response['organization']).to be_falsey
  708. expect(json_response['password']).to be_falsey
  709. expect(json_response['updated_by_id']).to eq(admin.id)
  710. expect(json_response['created_by_id']).to eq(admin.id)
  711. params = {
  712. firstname: 'a update firstname #2',
  713. }
  714. put "/api/v1/users/#{user.id}?expand=true", params: params, as: :json
  715. expect(response).to have_http_status(:ok)
  716. expect(json_response).to be_a_kind_of(Hash)
  717. user = User.find(json_response['id'])
  718. expect(json_response['lastname']).to eq(user.lastname)
  719. expect(json_response['firstname']).to eq(params[:firstname])
  720. expect(json_response['organization_id']).to eq(user.organization_id)
  721. expect(json_response['organization']).to eq(user.organization.name)
  722. expect(json_response['password']).to be_falsey
  723. expect(json_response['updated_by_id']).to eq(admin.id)
  724. expect(json_response['created_by_id']).to eq(admin.id)
  725. params = {
  726. firstname: 'a update firstname #3',
  727. }
  728. put "/api/v1/users/#{user.id}?full=true", params: params, as: :json
  729. expect(response).to have_http_status(:ok)
  730. expect(json_response).to be_a_kind_of(Hash)
  731. user = User.find(json_response['id'])
  732. expect(json_response['assets']).to be_truthy
  733. expect(json_response['assets']['User']).to be_truthy
  734. expect(json_response['assets']['User'][user.id.to_s]).to be_truthy
  735. expect(json_response['assets']['User'][user.id.to_s]['id']).to eq(user.id)
  736. expect(json_response['assets']['User'][user.id.to_s]['firstname']).to eq(params[:firstname])
  737. expect(json_response['assets']['User'][user.id.to_s]['lastname']).to eq(user.lastname)
  738. expect(json_response['assets']['User'][user.id.to_s]['password']).to be_falsey
  739. expect(json_response['assets']['User'][admin.id.to_s]).to be_truthy
  740. expect(json_response['assets']['User'][admin.id.to_s]['id']).to eq(admin.id)
  741. expect(json_response['assets']['User'][admin.id.to_s]['firstname']).to eq(admin.firstname)
  742. expect(json_response['assets']['User'][admin.id.to_s]['lastname']).to eq(admin.lastname)
  743. expect(json_response['assets']['User'][admin.id.to_s]['password']).to be_falsey
  744. end
  745. it 'does csv example - customer no access (05.01)' do
  746. authenticated_as(customer)
  747. get '/api/v1/users/import_example', params: {}, as: :json
  748. expect(response).to have_http_status(:unauthorized)
  749. expect(json_response['error']).to eq('Not authorized (user)!')
  750. end
  751. it 'does csv example - admin access (05.02)' do
  752. authenticated_as(admin)
  753. get '/api/v1/users/import_example', params: {}, as: :json
  754. expect(response).to have_http_status(:ok)
  755. rows = CSV.parse(@response.body)
  756. header = rows.shift
  757. expect(header[0]).to eq('id')
  758. expect(header[1]).to eq('login')
  759. expect(header[2]).to eq('firstname')
  760. expect(header[3]).to eq('lastname')
  761. expect(header[4]).to eq('email')
  762. expect(header).to include('organization')
  763. end
  764. it 'does csv import - admin access (05.03)' do
  765. # invalid file
  766. csv_file = fixture_file_upload('csv_import/user/simple_col_not_existing.csv', 'text/csv')
  767. authenticated_as(admin)
  768. post '/api/v1/users/import?try=true', params: { file: csv_file, col_sep: ';' }
  769. expect(response).to have_http_status(:ok)
  770. expect(json_response).to be_a_kind_of(Hash)
  771. expect(json_response['try']).to eq(true)
  772. expect(json_response['records']).to be_empty
  773. expect(json_response['result']).to eq('failed')
  774. expect(json_response['errors'].count).to eq(2)
  775. expect(json_response['errors'][0]).to eq("Line 1: Unable to create record - unknown attribute 'firstname2' for User.")
  776. expect(json_response['errors'][1]).to eq("Line 2: Unable to create record - unknown attribute 'firstname2' for User.")
  777. # valid file try
  778. csv_file = fixture_file_upload('csv_import/user/simple.csv', 'text/csv')
  779. post '/api/v1/users/import?try=true', params: { file: csv_file, col_sep: ';' }
  780. expect(response).to have_http_status(:ok)
  781. expect(json_response).to be_a_kind_of(Hash)
  782. expect(json_response['try']).to eq(true)
  783. expect(json_response['records'].count).to eq(2)
  784. expect(json_response['result']).to eq('success')
  785. expect(User.find_by(login: 'user-simple-import1')).to be_nil
  786. expect(User.find_by(login: 'user-simple-import2')).to be_nil
  787. # valid file
  788. csv_file = fixture_file_upload('csv_import/user/simple.csv', 'text/csv')
  789. post '/api/v1/users/import', params: { file: csv_file, col_sep: ';' }
  790. expect(response).to have_http_status(:ok)
  791. expect(json_response).to be_a_kind_of(Hash)
  792. expect(json_response['try']).to eq(false)
  793. expect(json_response['records'].count).to eq(2)
  794. expect(json_response['result']).to eq('success')
  795. user1 = User.find_by(login: 'user-simple-import1')
  796. expect(user1).to be_truthy
  797. expect(user1.login).to eq('user-simple-import1')
  798. expect(user1.firstname).to eq('firstname-simple-import1')
  799. expect(user1.lastname).to eq('lastname-simple-import1')
  800. expect(user1.email).to eq('user-simple-import1@example.com')
  801. expect(user1.active).to eq(true)
  802. user2 = User.find_by(login: 'user-simple-import2')
  803. expect(user2).to be_truthy
  804. expect(user2.login).to eq('user-simple-import2')
  805. expect(user2.firstname).to eq('firstname-simple-import2')
  806. expect(user2.lastname).to eq('lastname-simple-import2')
  807. expect(user2.email).to eq('user-simple-import2@example.com')
  808. expect(user2.active).to eq(false)
  809. user1.destroy!
  810. user2.destroy!
  811. end
  812. it 'does user history' do
  813. user1 = create(
  814. :customer,
  815. login: 'history@example.com',
  816. firstname: 'History',
  817. lastname: 'Customer1',
  818. email: 'history@example.com',
  819. )
  820. authenticated_as(agent)
  821. get "/api/v1/users/history/#{user1.id}", params: {}, as: :json
  822. expect(response).to have_http_status(:ok)
  823. expect(json_response).to be_a_kind_of(Hash)
  824. expect(json_response['history'].class).to eq(Array)
  825. expect(json_response['assets'].class).to eq(Hash)
  826. expect(json_response['assets']['Ticket']).to be_nil
  827. expect(json_response['assets']['User'][user1.id.to_s]).not_to be_nil
  828. end
  829. it 'does user search sortable' do
  830. firstname = "user_search_sortable #{rand(999_999_999)}"
  831. user1 = create(
  832. :customer,
  833. login: 'rest-user_search_sortableA@example.com',
  834. firstname: "#{firstname} A",
  835. lastname: 'user_search_sortableA',
  836. email: 'rest-user_search_sortableA@example.com',
  837. password: 'user_search_sortableA',
  838. active: true,
  839. organization_id: organization.id,
  840. out_of_office: false,
  841. created_at: '2016-02-05 17:42:00',
  842. )
  843. user2 = create(
  844. :customer,
  845. login: 'rest-user_search_sortableB@example.com',
  846. firstname: "#{firstname} B",
  847. lastname: 'user_search_sortableB',
  848. email: 'rest-user_search_sortableB@example.com',
  849. password: 'user_search_sortableB',
  850. active: true,
  851. organization_id: organization.id,
  852. out_of_office_start_at: '2016-02-06 19:42:00',
  853. out_of_office_end_at: '2016-02-07 19:42:00',
  854. out_of_office_replacement_id: 1,
  855. out_of_office: true,
  856. created_at: '2016-02-05 19:42:00',
  857. )
  858. Scheduler.worker(true)
  859. sleep 2 # let es time to come ready
  860. authenticated_as(admin)
  861. get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'created_at', order_by: 'asc' }, as: :json
  862. expect(response).to have_http_status(:ok)
  863. expect(json_response).to be_a_kind_of(Array)
  864. result = json_response
  865. result.collect! { |v| v['id'] }
  866. expect(result).to eq([user1.id, user2.id])
  867. get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'firstname', order_by: 'asc' }, as: :json
  868. expect(response).to have_http_status(:ok)
  869. expect(json_response).to be_a_kind_of(Array)
  870. result = json_response
  871. result.collect! { |v| v['id'] }
  872. expect(result).to eq([user1.id, user2.id])
  873. get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'firstname', order_by: 'desc' }, as: :json
  874. expect(response).to have_http_status(:ok)
  875. expect(json_response).to be_a_kind_of(Array)
  876. result = json_response
  877. result.collect! { |v| v['id'] }
  878. expect(result).to eq([user2.id, user1.id])
  879. get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[firstname created_at], order_by: %w[desc asc] }, as: :json
  880. expect(response).to have_http_status(:ok)
  881. expect(json_response).to be_a_kind_of(Array)
  882. result = json_response
  883. result.collect! { |v| v['id'] }
  884. expect(result).to eq([user2.id, user1.id])
  885. get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[firstname created_at], order_by: %w[desc asc] }, as: :json
  886. expect(response).to have_http_status(:ok)
  887. expect(json_response).to be_a_kind_of(Array)
  888. result = json_response
  889. result.collect! { |v| v['id'] }
  890. expect(result).to eq([user2.id, user1.id])
  891. get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'out_of_office', order_by: 'asc' }, as: :json
  892. expect(response).to have_http_status(:ok)
  893. expect(json_response).to be_a_kind_of(Array)
  894. result = json_response
  895. result.collect! { |v| v['id'] }
  896. expect(result).to eq([user1.id, user2.id])
  897. get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'out_of_office', order_by: 'desc' }, as: :json
  898. expect(response).to have_http_status(:ok)
  899. expect(json_response).to be_a_kind_of(Array)
  900. result = json_response
  901. result.collect! { |v| v['id'] }
  902. expect(result).to eq([user2.id, user1.id])
  903. get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[created_by_id created_at], order_by: %w[asc asc] }, as: :json
  904. expect(response).to have_http_status(:ok)
  905. expect(json_response).to be_a_kind_of(Array)
  906. result = json_response
  907. result.collect! { |v| v['id'] }
  908. expect(result).to eq([user1.id, user2.id])
  909. end
  910. context 'does password reset send work' do
  911. let(:user) { create(:customer, login: 'somebody', email: 'somebody@example.com') }
  912. context 'for user without email address' do
  913. let(:user) { create(:customer, login: 'somebody', email: '') }
  914. it 'return failed' do
  915. post '/api/v1/users/password_reset', params: { username: user.login }, as: :json
  916. expect(response).to have_http_status(:ok)
  917. expect(json_response).to be_a_kind_of(Hash)
  918. expect(json_response['message']).to eq('failed')
  919. end
  920. end
  921. context 'for user with email address' do
  922. it 'return ok' do
  923. post '/api/v1/users/password_reset', params: { username: user.login }, as: :json
  924. expect(response).to have_http_status(:ok)
  925. expect(json_response).to be_a_kind_of(Hash)
  926. expect(json_response['message']).to eq('ok')
  927. end
  928. end
  929. context 'for user with email address but disabled feature' do
  930. before { Setting.set('user_lost_password', false) }
  931. it 'raise 422' do
  932. post '/api/v1/users/password_reset', params: { username: user.login }, as: :json
  933. expect(response).to have_http_status(:unprocessable_entity)
  934. expect(json_response['error']).to be_truthy
  935. expect(json_response['error']).to eq('Feature not enabled!')
  936. end
  937. end
  938. end
  939. context 'does password reset by token work' do
  940. let(:user) { create(:customer, login: 'somebody', email: 'somebody@example.com') }
  941. let(:token) { create(:token, action: 'PasswordReset', user_id: user.id) }
  942. context 'for user without email address' do
  943. let(:user) { create(:customer, login: 'somebody', email: '') }
  944. it 'return failed' do
  945. post '/api/v1/users/password_reset_verify', params: { username: user.login, token: token.name, password: 'Test1234#.' }, as: :json
  946. expect(response).to have_http_status(:ok)
  947. expect(json_response).to be_a_kind_of(Hash)
  948. expect(json_response['message']).to eq('failed')
  949. end
  950. end
  951. context 'for user with email address' do
  952. it 'return ok' do
  953. post '/api/v1/users/password_reset_verify', params: { username: user.login, token: token.name, password: 'TEst1234#.' }, as: :json
  954. expect(response).to have_http_status(:ok)
  955. expect(json_response).to be_a_kind_of(Hash)
  956. expect(json_response['message']).to eq('ok')
  957. end
  958. end
  959. context 'for user with email address but disabled feature' do
  960. before { Setting.set('user_lost_password', false) }
  961. it 'raise 422' do
  962. post '/api/v1/users/password_reset_verify', params: { username: user.login, token: token.name, password: 'Test1234#.' }, as: :json
  963. expect(response).to have_http_status(:unprocessable_entity)
  964. expect(json_response['error']).to be_truthy
  965. expect(json_response['error']).to eq('Feature not enabled!')
  966. end
  967. end
  968. end
  969. context 'password change' do
  970. let(:user) { create(:customer, login: 'somebody', email: 'somebody@example.com', password: 'Test1234#.') }
  971. before { authenticated_as(user, login: 'somebody', password: 'Test1234#.') }
  972. context 'user without email address' do
  973. let(:user) { create(:customer, login: 'somebody', email: '', password: 'Test1234#.') }
  974. it 'return ok' do
  975. post '/api/v1/users/password_change', params: { password_old: 'Test1234#.', password_new: 'TEst12345#.' }, as: :json
  976. expect(response).to have_http_status(:ok)
  977. expect(json_response).to be_a_kind_of(Hash)
  978. expect(json_response['message']).to eq('ok')
  979. end
  980. end
  981. context 'user with email address' do
  982. it 'return ok' do
  983. post '/api/v1/users/password_change', params: { password_old: 'Test1234#.', password_new: 'TEst12345#.' }, as: :json
  984. expect(response).to have_http_status(:ok)
  985. expect(json_response).to be_a_kind_of(Hash)
  986. expect(json_response['message']).to eq('ok')
  987. end
  988. end
  989. end
  990. end
  991. describe 'POST /api/v1/users', authenticated_as: -> { create(:admin) }, searchindex: false do
  992. def make_request(params)
  993. post '/api/v1/users', params: params, as: :json
  994. end
  995. let(:successful_params) { { email: attributes_for(:admin)[:email] } }
  996. let(:params_with_role) { successful_params.merge({ role_ids: [Role.find_by(name: 'Admin').id] } ) }
  997. let(:params_with_invite) { successful_params.merge({ invite: true } ) }
  998. it 'succeeds' do
  999. make_request successful_params
  1000. expect(response).to have_http_status(:created)
  1001. end
  1002. it 'returns user data' do
  1003. make_request successful_params
  1004. expect(json_response).to have_key('email').and(have_value(successful_params[:email]))
  1005. end
  1006. it 'no session treated as signup', authenticated_as: false do
  1007. make_request successful_params
  1008. expect(response).to have_http_status(:unprocessable_entity)
  1009. end
  1010. it 'does not accept requests from customers', authenticated_as: -> { create(:customer) } do
  1011. make_request successful_params
  1012. expect(response).to have_http_status(:unauthorized)
  1013. end
  1014. it 'admins can give any role', authenticated_as: -> { create(:admin) } do
  1015. make_request params_with_role
  1016. expect(User.last).to be_role 'Admin'
  1017. end
  1018. it 'agents can not give roles', authenticated_as: -> { create(:agent) } do
  1019. make_request params_with_role
  1020. expect(User.last).not_to be_role 'Admin'
  1021. end
  1022. it 'does not send email verification notifications' do
  1023. allow(NotificationFactory::Mailer).to receive(:notification)
  1024. make_request successful_params
  1025. expect(NotificationFactory::Mailer).not_to have_received(:notification) { |arguments| arguments[:template] == 'signup' }
  1026. end
  1027. it 'does not send invitation notification by default' do
  1028. allow(NotificationFactory::Mailer).to receive(:notification)
  1029. make_request successful_params
  1030. expect(NotificationFactory::Mailer).not_to have_received(:notification) { |arguments| arguments[:template] == 'user_invite' }
  1031. end
  1032. it 'sends invitation notification when required' do
  1033. allow(NotificationFactory::Mailer).to receive(:notification)
  1034. make_request params_with_invite
  1035. expect(NotificationFactory::Mailer).to have_received(:notification) { |arguments| arguments[:template] == 'user_invite' }
  1036. end
  1037. it 'requires at least one identifier' do
  1038. make_request({ web: 'example.com' })
  1039. expect(json_response['error']).to start_with('Minimum one identifier')
  1040. end
  1041. it 'takes first name as identifier' do
  1042. make_request({ firstname: 'name' })
  1043. expect(response).to have_http_status(:created)
  1044. end
  1045. it 'takes last name as identifier' do
  1046. make_request({ lastname: 'name' })
  1047. expect(response).to have_http_status(:created)
  1048. end
  1049. it 'takes login as identifier' do
  1050. make_request({ login: 'name' })
  1051. expect(response).to have_http_status(:created)
  1052. end
  1053. it 'requires valid email if present' do
  1054. make_request({ email: 'not_valid_email' })
  1055. expect(response).to have_http_status(:unprocessable_entity)
  1056. end
  1057. end
  1058. describe 'POST /api/v1/users processed by #create_admin', authenticated_as: false do
  1059. before do
  1060. User.all[2...].each(&:destroy) # destroy previously created users
  1061. end
  1062. def make_request(params)
  1063. post '/api/v1/users', params: params, as: :json
  1064. end
  1065. let(:successful_params) do
  1066. email = attributes_for(:admin)[:email]
  1067. { firstname: 'Admin First', lastname: 'Admin Last', email: email, password: 'asd1ASDasd!' }
  1068. end
  1069. it 'succeds' do
  1070. make_request successful_params
  1071. expect(response).to have_http_status(:created)
  1072. end
  1073. it 'returns success message' do
  1074. make_request successful_params
  1075. expect(json_response).to have_key('message').and(have_value('ok'))
  1076. end
  1077. it 'does not allow to create 2nd administrator account' do
  1078. create(:admin)
  1079. make_request successful_params
  1080. expect(response).to have_http_status(:unprocessable_entity)
  1081. end
  1082. it 'requires email' do
  1083. make_request successful_params.merge(email: nil)
  1084. expect(response).to have_http_status(:unprocessable_entity)
  1085. end
  1086. it 'requires valid email' do
  1087. make_request successful_params.merge(email: 'invalid_email')
  1088. expect(response).to have_http_status(:unprocessable_entity)
  1089. end
  1090. it 'loads calendar' do
  1091. allow(Calendar).to receive(:init_setup)
  1092. make_request successful_params
  1093. expect(Calendar).to have_received(:init_setup)
  1094. end
  1095. it 'loads text module' do
  1096. allow(TextModule).to receive(:load)
  1097. make_request successful_params
  1098. expect(TextModule).to have_received(:load)
  1099. end
  1100. it 'does not send any notifications' do
  1101. allow(NotificationFactory::Mailer).to receive(:notification)
  1102. make_request successful_params
  1103. expect(NotificationFactory::Mailer).not_to have_received(:notification)
  1104. end
  1105. end
  1106. describe 'POST /api/v1/users processed by #create_signup', authenticated_as: false do
  1107. def make_request(params)
  1108. post '/api/v1/users', params: params, as: :json
  1109. end
  1110. let(:successful_params) do
  1111. email = attributes_for(:admin)[:email]
  1112. { firstname: 'Customer First', lastname: 'Customer Last', email: email, password: 'gsd1ASDasd!', signup: true }
  1113. end
  1114. before do
  1115. create(:admin) # simulate functional system with admin created
  1116. end
  1117. it 'succeeds' do
  1118. make_request successful_params
  1119. expect(response).to have_http_status(:created)
  1120. end
  1121. it 'requires csrf', allow_forgery_protection: true do
  1122. make_request successful_params
  1123. expect(response).to have_http_status(:unauthorized)
  1124. end
  1125. it 'requires honeypot attribute' do
  1126. params = successful_params.clone
  1127. params.delete :signup
  1128. make_request params
  1129. expect(response).to have_http_status(:unprocessable_entity)
  1130. end
  1131. it 'requires signup to be enabled' do
  1132. Setting.set('user_create_account', false)
  1133. make_request successful_params
  1134. expect(response).to have_http_status(:unprocessable_entity)
  1135. end
  1136. it 'requires email' do
  1137. make_request successful_params.merge(email: nil)
  1138. expect(response).to have_http_status(:unprocessable_entity)
  1139. end
  1140. it 'requires valid email' do
  1141. make_request successful_params.merge(email: 'not_valid_email')
  1142. expect(response).to have_http_status(:unprocessable_entity)
  1143. end
  1144. it 'returns false positive when email already used' do
  1145. create(:customer, email: successful_params[:email])
  1146. make_request successful_params
  1147. expect(response).to have_http_status(:created)
  1148. end
  1149. it 'sends email verification notifications' do
  1150. allow(NotificationFactory::Mailer).to receive(:notification)
  1151. make_request successful_params
  1152. expect(NotificationFactory::Mailer).to have_received(:notification) { |arguments| arguments[:template] == 'signup' }
  1153. end
  1154. it 'sends password reset notification when email already used' do
  1155. create(:customer, email: successful_params[:email])
  1156. allow(NotificationFactory::Mailer).to receive(:notification)
  1157. make_request successful_params
  1158. expect(NotificationFactory::Mailer).to have_received(:notification) { |arguments| arguments[:template] == 'signup_taken_reset' }
  1159. end
  1160. it 'sets role to Customer' do
  1161. make_request successful_params
  1162. expect(User.last).to be_role('Customer')
  1163. end
  1164. it 'ignores given Agent role' do
  1165. make_request successful_params.merge(role_ids: [Role.find_by(name: 'Agent').id])
  1166. expect(User.last).not_to be_role('Agent')
  1167. end
  1168. end
  1169. end