form_spec.rb 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235
  1. require 'rails_helper'
  2. RSpec.describe 'Form', type: :request, searchindex: true do
  3. before do
  4. configure_elasticsearch
  5. rebuild_searchindex
  6. end
  7. describe 'request handling' do
  8. it 'does get config call' do
  9. post '/api/v1/form_config', params: {}, as: :json
  10. expect(response).to have_http_status(:forbidden)
  11. expect(json_response).to be_a_kind_of(Hash)
  12. expect(json_response['error']).to eq('Not authorized')
  13. end
  14. it 'does get config call' do
  15. Setting.set('form_ticket_create', true)
  16. post '/api/v1/form_config', params: {}, as: :json
  17. expect(response).to have_http_status(:forbidden)
  18. expect(json_response).to be_a_kind_of(Hash)
  19. expect(json_response['error']).to eq('Not authorized')
  20. end
  21. it 'does get config call & do submit' do
  22. Setting.set('form_ticket_create', true)
  23. fingerprint = SecureRandom.hex(40)
  24. post '/api/v1/form_config', params: { fingerprint: fingerprint }, as: :json
  25. expect(response).to have_http_status(:ok)
  26. expect(json_response).to be_a_kind_of(Hash)
  27. expect(json_response['enabled']).to eq(true)
  28. expect(json_response['endpoint']).to eq('http://zammad.example.com/api/v1/form_submit')
  29. expect(json_response['token']).to be_truthy
  30. token = json_response['token']
  31. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: 'invalid' }, as: :json
  32. expect(response).to have_http_status(:unauthorized)
  33. expect(json_response).to be_a_kind_of(Hash)
  34. expect(json_response['error']).to eq('Authorization failed')
  35. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token }, as: :json
  36. expect(response).to have_http_status(:ok)
  37. expect(json_response).to be_a_kind_of(Hash)
  38. expect(json_response['errors']).to be_truthy
  39. expect(json_response['errors']['name']).to eq('required')
  40. expect(json_response['errors']['email']).to eq('required')
  41. expect(json_response['errors']['title']).to eq('required')
  42. expect(json_response['errors']['body']).to eq('required')
  43. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, email: 'some' }, as: :json
  44. expect(response).to have_http_status(:ok)
  45. expect(json_response).to be_a_kind_of(Hash)
  46. expect(json_response['errors']).to be_truthy
  47. expect(json_response['errors']['name']).to eq('required')
  48. expect(json_response['errors']['email']).to eq('invalid')
  49. expect(json_response['errors']['title']).to eq('required')
  50. expect(json_response['errors']['body']).to eq('required')
  51. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }, as: :json
  52. expect(response).to have_http_status(:ok)
  53. expect(json_response).to be_a_kind_of(Hash)
  54. expect(json_response['errors']).to be_falsey
  55. expect(json_response['ticket']).to be_truthy
  56. expect(json_response['ticket']['id']).to be_truthy
  57. expect(json_response['ticket']['number']).to be_truthy
  58. travel 5.hours
  59. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }, as: :json
  60. expect(response).to have_http_status(:ok)
  61. expect(json_response).to be_a_kind_of(Hash)
  62. expect(json_response['errors']).to be_falsey
  63. expect(json_response['ticket']).to be_truthy
  64. expect(json_response['ticket']['id']).to be_truthy
  65. expect(json_response['ticket']['number']).to be_truthy
  66. travel 20.hours
  67. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }, as: :json
  68. expect(response).to have_http_status(:unauthorized)
  69. end
  70. it 'does get config call & do submit' do
  71. Setting.set('form_ticket_create', true)
  72. fingerprint = SecureRandom.hex(40)
  73. post '/api/v1/form_config', params: { fingerprint: fingerprint }, as: :json
  74. expect(response).to have_http_status(:ok)
  75. expect(json_response).to be_a_kind_of(Hash)
  76. expect(json_response['enabled']).to eq(true)
  77. expect(json_response['endpoint']).to eq('http://zammad.example.com/api/v1/form_submit')
  78. expect(json_response['token']).to be_truthy
  79. token = json_response['token']
  80. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: 'invalid' }, as: :json
  81. expect(response).to have_http_status(:unauthorized)
  82. expect(json_response).to be_a_kind_of(Hash)
  83. expect(json_response['error']).to eq('Authorization failed')
  84. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token }, as: :json
  85. expect(response).to have_http_status(:ok)
  86. expect(json_response).to be_a_kind_of(Hash)
  87. expect(json_response['errors']).to be_truthy
  88. expect(json_response['errors']['name']).to eq('required')
  89. expect(json_response['errors']['email']).to eq('required')
  90. expect(json_response['errors']['title']).to eq('required')
  91. expect(json_response['errors']['body']).to eq('required')
  92. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, email: 'some' }, as: :json
  93. expect(response).to have_http_status(:ok)
  94. expect(json_response).to be_a_kind_of(Hash)
  95. expect(json_response['errors']).to be_truthy
  96. expect(json_response['errors']['name']).to eq('required')
  97. expect(json_response['errors']['email']).to eq('invalid')
  98. expect(json_response['errors']['title']).to eq('required')
  99. expect(json_response['errors']['body']).to eq('required')
  100. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'somebody@somedomainthatisinvalid.com', title: 'test', body: 'hello' }, as: :json
  101. expect(response).to have_http_status(:ok)
  102. expect(json_response).to be_a_kind_of(Hash)
  103. expect(json_response['errors']).to be_truthy
  104. expect(json_response['errors']['email']).to eq('invalid')
  105. end
  106. it 'does limits' do
  107. skip('No ES configured') if !SearchIndexBackend.enabled?
  108. Setting.set('form_ticket_create', true)
  109. fingerprint = SecureRandom.hex(40)
  110. post '/api/v1/form_config', params: { fingerprint: fingerprint }, as: :json
  111. expect(response).to have_http_status(:ok)
  112. expect(json_response).to be_a_kind_of(Hash)
  113. expect(json_response['enabled']).to eq(true)
  114. expect(json_response['endpoint']).to eq('http://zammad.example.com/api/v1/form_submit')
  115. expect(json_response['token']).to be_truthy
  116. token = json_response['token']
  117. (1..20).each do |count|
  118. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: "test#{count}", body: 'hello' }, as: :json
  119. expect(response).to have_http_status(:ok)
  120. expect(json_response).to be_a_kind_of(Hash)
  121. expect(json_response['errors']).to be_falsey
  122. expect(json_response['ticket']).to be_truthy
  123. expect(json_response['ticket']['id']).to be_truthy
  124. Scheduler.worker(true)
  125. end
  126. sleep 10 # wait until elasticsearch is index
  127. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test-last', body: 'hello' }, as: :json
  128. expect(response).to have_http_status(:forbidden)
  129. expect(json_response).to be_a_kind_of(Hash)
  130. expect(json_response['error']).to be_truthy
  131. @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json', 'REMOTE_ADDR' => '1.2.3.5' }
  132. (1..20).each do |count|
  133. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: "test-2-#{count}", body: 'hello' }, as: :json
  134. expect(response).to have_http_status(:ok)
  135. expect(json_response).to be_a_kind_of(Hash)
  136. expect(json_response['errors']).to be_falsey
  137. expect(json_response['ticket']).to be_truthy
  138. expect(json_response['ticket']['id']).to be_truthy
  139. Scheduler.worker(true)
  140. end
  141. sleep 10 # wait until elasticsearch is index
  142. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test-2-last', body: 'hello' }, as: :json
  143. expect(response).to have_http_status(:forbidden)
  144. expect(json_response).to be_a_kind_of(Hash)
  145. expect(json_response['error']).to be_truthy
  146. @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json', 'REMOTE_ADDR' => '::1' }
  147. (1..20).each do |count|
  148. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: "test-2-#{count}", body: 'hello' }, as: :json
  149. expect(response).to have_http_status(:ok)
  150. expect(json_response).to be_a_kind_of(Hash)
  151. expect(json_response['errors']).to be_falsey
  152. expect(json_response['ticket']).to be_truthy
  153. expect(json_response['ticket']['id']).to be_truthy
  154. Scheduler.worker(true)
  155. end
  156. sleep 10 # wait until elasticsearch is index
  157. post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test-2-last', body: 'hello' }, as: :json
  158. expect(response).to have_http_status(:forbidden)
  159. expect(json_response).to be_a_kind_of(Hash)
  160. expect(json_response['error']).to be_truthy
  161. end
  162. it 'does customer_ticket_create false disables form' do
  163. Setting.set('form_ticket_create', false)
  164. Setting.set('customer_ticket_create', true)
  165. fingerprint = SecureRandom.hex(40)
  166. post '/api/v1/form_config', params: { fingerprint: fingerprint }, as: :json
  167. token = json_response['token']
  168. params = {
  169. fingerprint: fingerprint,
  170. token: token,
  171. name: 'Bob Smith',
  172. email: 'discard@znuny.com',
  173. title: 'test',
  174. body: 'hello'
  175. }
  176. post '/api/v1/form_submit', params: params, as: :json
  177. expect(response).to have_http_status(:forbidden)
  178. end
  179. end
  180. end