user_device_spec.rb 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702
  1. # Copyright (C) 2012-2023 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe 'User Device', performs_jobs: true, sends_notification_emails: true, type: :request do
  4. let!(:admin) do
  5. create(:admin, login: 'user-device-admin', password: 'adminpw', groups: Group.all)
  6. end
  7. let!(:agent) do
  8. create(:agent, login: 'user-device-agent', password: 'agentpw', groups: Group.all)
  9. end
  10. before do
  11. ENV['TEST_REMOTE_IP'] = '5.9.62.170' # de
  12. ENV['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:46.0) Gecko/20100101 Firefox/46.0'
  13. ENV['SWITCHED_FROM_USER_ID'] = nil
  14. UserDevice.destroy_all
  15. end
  16. describe 'request handling' do
  17. it 'does index with nobody (01)' do
  18. get '/api/v1/signshow'
  19. expect(response).to have_http_status(:ok)
  20. expect(json_response).to be_a(Hash)
  21. expect('no valid session').to eq(json_response['error'])
  22. expect(json_response['config']).to be_truthy
  23. expect(controller.session[:user_device_fingerprint]).to be_falsey
  24. perform_enqueued_jobs
  25. end
  26. it 'does login index with admin without fingerprint (02)' do
  27. params = { without_fingerprint: 'none', username: 'user-device-admin', password: 'adminpw' }
  28. post '/api/v1/signin', params: params, as: :json
  29. expect(response).to have_http_status(:unprocessable_entity)
  30. expect(json_response).to be_a(Hash)
  31. expect(json_response['error']).to eq('Need fingerprint param!')
  32. expect(json_response['config']).to be_falsey
  33. expect(controller.session[:user_device_fingerprint]).to be_falsey
  34. check_notification do
  35. perform_enqueued_jobs
  36. not_sent(
  37. template: 'user_device_new',
  38. user: admin,
  39. )
  40. not_sent(
  41. template: 'user_device_new_location',
  42. user: admin,
  43. )
  44. end
  45. expect(UserDevice.where(user_id: admin.id).count).to eq(0)
  46. end
  47. it 'does login index with admin with fingerprint - I (03)' do
  48. params = { fingerprint: 'my_finger_print', username: 'user-device-admin', password: 'adminpw' }
  49. post '/api/v1/signin', params: params, as: :json
  50. expect(response).to have_http_status(:created)
  51. expect(json_response).to be_a(Hash)
  52. expect(json_response['error']).to be_falsey
  53. expect(json_response['config']).to be_truthy
  54. expect(controller.session[:user_device_fingerprint]).to eq('my_finger_print')
  55. check_notification do
  56. perform_enqueued_jobs
  57. not_sent(
  58. template: 'user_device_new',
  59. user: admin,
  60. )
  61. not_sent(
  62. template: 'user_device_new_location',
  63. user: admin,
  64. )
  65. end
  66. expect(UserDevice.where(user_id: admin.id).count).to eq(1)
  67. user_device_first = UserDevice.last
  68. sleep 2
  69. params = {}
  70. get '/api/v1/users', params: params, as: :json
  71. expect(response).to have_http_status(:ok)
  72. expect(json_response).to be_a(Array)
  73. expect(controller.session[:user_device_fingerprint]).to eq('my_finger_print')
  74. check_notification do
  75. perform_enqueued_jobs
  76. not_sent(
  77. template: 'user_device_new',
  78. user: admin,
  79. )
  80. not_sent(
  81. template: 'user_device_new_location',
  82. user: admin,
  83. )
  84. end
  85. expect(UserDevice.where(user_id: admin.id).count).to eq(1)
  86. user_device_last = UserDevice.last
  87. expect(user_device_first.updated_at.to_s).to eq(user_device_last.updated_at.to_s)
  88. params = { fingerprint: 'my_finger_print' }
  89. get '/api/v1/signshow', params: params, as: :json
  90. expect(response).to have_http_status(:ok)
  91. expect(json_response).to be_a(Hash)
  92. expect(json_response['session']).to be_truthy
  93. expect('user-device-admin').to eq(json_response['session']['login'])
  94. expect(json_response['config']).to be_truthy
  95. check_notification do
  96. perform_enqueued_jobs
  97. not_sent(
  98. template: 'user_device_new',
  99. user: admin,
  100. )
  101. not_sent(
  102. template: 'user_device_new_location',
  103. user: admin,
  104. )
  105. end
  106. expect(UserDevice.where(user_id: admin.id).count).to eq(1)
  107. user_device_last = UserDevice.last
  108. expect(user_device_first.updated_at.to_s).to eq(user_device_last.updated_at.to_s)
  109. ENV['USER_DEVICE_UPDATED_AT'] = 4.hours.ago.to_s
  110. params = {}
  111. get '/api/v1/users', params: params, as: :json
  112. expect(response).to have_http_status(:ok)
  113. expect(json_response).to be_a(Array)
  114. expect(controller.session[:user_device_fingerprint]).to eq('my_finger_print')
  115. check_notification do
  116. perform_enqueued_jobs
  117. not_sent(
  118. template: 'user_device_new',
  119. user: admin,
  120. )
  121. not_sent(
  122. template: 'user_device_new_location',
  123. user: admin,
  124. )
  125. end
  126. expect(UserDevice.where(user_id: admin.id).count).to eq(1)
  127. user_device_last = UserDevice.last
  128. expect(user_device_last.updated_at.to_s).not_to eq(user_device_first.updated_at.to_s)
  129. ENV['USER_DEVICE_UPDATED_AT'] = nil
  130. ENV['TEST_REMOTE_IP'] = '195.65.29.254' # ch
  131. # reset_notification_checks
  132. params = {}
  133. get '/api/v1/users', params: params, as: :json
  134. expect(response).to have_http_status(:ok)
  135. check_notification do
  136. perform_enqueued_jobs
  137. not_sent(
  138. template: 'user_device_new',
  139. user: admin,
  140. )
  141. sent(
  142. template: 'user_device_new_location',
  143. user: admin,
  144. )
  145. end
  146. expect(UserDevice.where(user_id: admin.id).count).to eq(2)
  147. # ip reset
  148. ENV['TEST_REMOTE_IP'] = '5.9.62.170' # de
  149. end
  150. it 'does login index with admin with fingerprint - II (04)' do
  151. create(
  152. :user_device,
  153. user_id: admin.id,
  154. fingerprint: 'fingerprintI',
  155. )
  156. params = { fingerprint: 'my_finger_print_II', username: 'user-device-admin', password: 'adminpw' }
  157. post '/api/v1/signin', params: params, as: :json
  158. expect(response).to have_http_status(:created)
  159. check_notification do
  160. perform_enqueued_jobs
  161. sent(
  162. template: 'user_device_new',
  163. user: admin,
  164. )
  165. not_sent(
  166. template: 'user_device_new_location',
  167. user: admin,
  168. )
  169. end
  170. expect(UserDevice.where(user_id: admin.id).count).to eq(2)
  171. expect(json_response).to be_a(Hash)
  172. expect(json_response['error']).to be_falsey
  173. expect(json_response['config']).to be_truthy
  174. expect(controller.session[:user_device_fingerprint]).to be_truthy
  175. get '/api/v1/users', params: params, as: :json
  176. expect(response).to have_http_status(:ok)
  177. expect(json_response).to be_a(Array)
  178. check_notification do
  179. perform_enqueued_jobs
  180. not_sent(
  181. template: 'user_device_new',
  182. user: admin,
  183. )
  184. not_sent(
  185. template: 'user_device_new_location',
  186. user: admin,
  187. )
  188. end
  189. expect(UserDevice.where(user_id: admin.id).count).to eq(2)
  190. params = { fingerprint: 'my_finger_print_II' }
  191. get '/api/v1/signshow', params: params, as: :json
  192. expect(response).to have_http_status(:ok)
  193. expect(json_response).to be_a(Hash)
  194. expect(json_response['session']).to be_truthy
  195. expect('user-device-admin').to eq(json_response['session']['login'])
  196. expect(json_response['config']).to be_truthy
  197. check_notification do
  198. perform_enqueued_jobs
  199. not_sent(
  200. template: 'user_device_new',
  201. user: admin,
  202. )
  203. not_sent(
  204. template: 'user_device_new_location',
  205. user: admin,
  206. )
  207. end
  208. expect(UserDevice.where(user_id: admin.id).count).to eq(2)
  209. ENV['TEST_REMOTE_IP'] = '195.65.29.254' # ch
  210. params = {}
  211. get '/api/v1/users', params: params, as: :json
  212. expect(response).to have_http_status(:ok)
  213. check_notification do
  214. perform_enqueued_jobs
  215. not_sent(
  216. template: 'user_device_new',
  217. user: admin,
  218. )
  219. sent(
  220. template: 'user_device_new_location',
  221. user: admin,
  222. )
  223. end
  224. expect(UserDevice.where(user_id: admin.id).count).to eq(3)
  225. # ip reset
  226. ENV['TEST_REMOTE_IP'] = '5.9.62.170' # de
  227. end
  228. it 'does login index with admin with fingerprint - II (05)' do
  229. UserDevice.add(
  230. ENV['HTTP_USER_AGENT'],
  231. ENV['TEST_REMOTE_IP'],
  232. admin.id,
  233. 'my_finger_print_II',
  234. 'session', # session|basic_auth|token_auth|sso
  235. )
  236. expect(UserDevice.where(user_id: admin.id).count).to eq(1)
  237. params = { fingerprint: 'my_finger_print_II', username: 'user-device-admin', password: 'adminpw' }
  238. post '/api/v1/signin', params: params, as: :json
  239. expect(response).to have_http_status(:created)
  240. check_notification do
  241. perform_enqueued_jobs
  242. not_sent(
  243. template: 'user_device_new',
  244. user: admin,
  245. )
  246. not_sent(
  247. template: 'user_device_new_location',
  248. user: admin,
  249. )
  250. end
  251. expect(UserDevice.where(user_id: admin.id).count).to eq(1)
  252. expect(json_response).to be_a(Hash)
  253. expect(json_response['error']).to be_falsey
  254. expect(json_response['config']).to be_truthy
  255. expect(controller.session[:user_device_fingerprint]).to be_truthy
  256. end
  257. it 'does login index with admin with basic auth (06)' do
  258. ENV['HTTP_USER_AGENT'] = 'curl 1.0.0'
  259. UserDevice.add(
  260. ENV['HTTP_USER_AGENT'],
  261. '127.0.0.1',
  262. admin.id,
  263. '',
  264. 'basic_auth', # session|basic_auth|token_auth|sso
  265. )
  266. expect(UserDevice.where(user_id: admin.id).count).to eq(1)
  267. ENV['HTTP_USER_AGENT'] = 'curl 1.2.3'
  268. params = {}
  269. authenticated_as(admin, password: 'adminpw')
  270. get '/api/v1/users', params: params, as: :json
  271. expect(response).to have_http_status(:ok)
  272. check_notification do
  273. perform_enqueued_jobs
  274. sent(
  275. template: 'user_device_new',
  276. user: admin,
  277. )
  278. not_sent(
  279. template: 'user_device_new_location',
  280. user: admin,
  281. )
  282. end
  283. expect(UserDevice.where(user_id: admin.id).count).to eq(2)
  284. expect(json_response).to be_a(Array)
  285. user_device_first = UserDevice.last
  286. sleep 2
  287. params = {}
  288. get '/api/v1/users', params: params, as: :json
  289. expect(response).to have_http_status(:ok)
  290. check_notification do
  291. perform_enqueued_jobs
  292. not_sent(
  293. template: 'user_device_new',
  294. user: admin,
  295. )
  296. not_sent(
  297. template: 'user_device_new_location',
  298. user: admin,
  299. )
  300. end
  301. expect(UserDevice.where(user_id: admin.id).count).to eq(2)
  302. expect(json_response).to be_a(Array)
  303. user_device_last = UserDevice.last
  304. expect(user_device_first.id).to eq(user_device_last.id)
  305. expect(user_device_first.updated_at.to_s).to eq(user_device_last.updated_at.to_s)
  306. user_device_last.updated_at = 4.hours.ago
  307. user_device_last.save!
  308. params = {}
  309. get '/api/v1/users', params: params, as: :json
  310. expect(response).to have_http_status(:ok)
  311. check_notification do
  312. perform_enqueued_jobs
  313. not_sent(
  314. template: 'user_device_new',
  315. user: admin,
  316. )
  317. not_sent(
  318. template: 'user_device_new_location',
  319. user: admin,
  320. )
  321. end
  322. expect(UserDevice.where(user_id: admin.id).count).to eq(2)
  323. expect(json_response).to be_a(Array)
  324. user_device_last = UserDevice.last
  325. expect(user_device_first.id).to eq(user_device_last.id)
  326. expect(user_device_last.updated_at > user_device_first.updated_at).to be_truthy
  327. end
  328. it 'does login index with admin with basic auth (07)' do
  329. ENV['HTTP_USER_AGENT'] = 'curl 1.2.3'
  330. UserDevice.add(
  331. ENV['HTTP_USER_AGENT'],
  332. ENV['TEST_REMOTE_IP'],
  333. admin.id,
  334. '',
  335. 'basic_auth', # session|basic_auth|token_auth|sso
  336. )
  337. expect(UserDevice.where(user_id: admin.id).count).to eq(1)
  338. params = {}
  339. authenticated_as(admin, password: 'adminpw')
  340. get '/api/v1/users', params: params, as: :json
  341. expect(response).to have_http_status(:ok)
  342. check_notification do
  343. perform_enqueued_jobs
  344. not_sent(
  345. template: 'user_device_new',
  346. user: admin,
  347. )
  348. not_sent(
  349. template: 'user_device_new_location',
  350. user: admin,
  351. )
  352. end
  353. expect(UserDevice.where(user_id: admin.id).count).to eq(1)
  354. expect(json_response).to be_a(Array)
  355. end
  356. it 'does login index with agent with basic auth (08)' do
  357. ENV['HTTP_USER_AGENT'] = 'curl 1.2.3'
  358. params = {}
  359. authenticated_as(agent, password: 'agentpw')
  360. get '/api/v1/users', params: params, as: :json
  361. expect(response).to have_http_status(:ok)
  362. check_notification do
  363. perform_enqueued_jobs
  364. not_sent(
  365. template: 'user_device_new',
  366. user: agent,
  367. )
  368. not_sent(
  369. template: 'user_device_new_location',
  370. user: agent,
  371. )
  372. end
  373. expect(UserDevice.where(user_id: agent.id).count).to eq(1)
  374. expect(json_response).to be_a(Array)
  375. end
  376. it 'does login index with agent with basic auth (09)' do
  377. ENV['HTTP_USER_AGENT'] = 'curl 1.2.3'
  378. UserDevice.add(
  379. ENV['HTTP_USER_AGENT'],
  380. ENV['TEST_REMOTE_IP'],
  381. agent.id,
  382. '',
  383. 'basic_auth', # session|basic_auth|token_auth|sso
  384. )
  385. expect(UserDevice.where(user_id: agent.id).count).to eq(1)
  386. params = {}
  387. authenticated_as(agent, password: 'agentpw')
  388. get '/api/v1/users', params: params, as: :json
  389. expect(response).to have_http_status(:ok)
  390. check_notification do
  391. perform_enqueued_jobs
  392. not_sent(
  393. template: 'user_device_new',
  394. user: agent,
  395. )
  396. not_sent(
  397. template: 'user_device_new_location',
  398. user: agent,
  399. )
  400. end
  401. expect(UserDevice.where(user_id: agent.id).count).to eq(1)
  402. expect(json_response).to be_a(Array)
  403. end
  404. it 'does login with switched_from_user_id (10)' do
  405. expect(UserDevice.where(user_id: agent.id).count).to eq(0)
  406. ENV['SWITCHED_FROM_USER_ID'] = admin.id.to_s
  407. params = { fingerprint: 'my_finger_print_II', username: 'user-device-agent', password: 'agentpw' }
  408. post '/api/v1/signin', params: params, as: :json
  409. expect(response).to have_http_status(:created)
  410. check_notification do
  411. perform_enqueued_jobs
  412. not_sent(
  413. template: 'user_device_new',
  414. user: agent,
  415. )
  416. not_sent(
  417. template: 'user_device_new_location',
  418. user: agent,
  419. )
  420. end
  421. expect(UserDevice.where(user_id: agent.id).count).to eq(0)
  422. expect(json_response).to be_a(Hash)
  423. expect(json_response['error']).to be_falsey
  424. expect(json_response['config']).to be_truthy
  425. check_notification do
  426. perform_enqueued_jobs
  427. not_sent(
  428. template: 'user_device_new',
  429. user: agent,
  430. )
  431. not_sent(
  432. template: 'user_device_new_location',
  433. user: agent,
  434. )
  435. end
  436. expect(UserDevice.where(user_id: agent.id).count).to eq(0)
  437. ENV['USER_DEVICE_UPDATED_AT'] = 4.hours.ago.to_s
  438. params = {}
  439. get '/api/v1/users', params: params, as: :json
  440. expect(response).to have_http_status(:ok)
  441. expect(json_response).to be_a(Array)
  442. check_notification do
  443. perform_enqueued_jobs
  444. not_sent(
  445. template: 'user_device_new',
  446. user: agent,
  447. )
  448. not_sent(
  449. template: 'user_device_new_location',
  450. user: agent,
  451. )
  452. end
  453. expect(UserDevice.where(user_id: agent.id).count).to eq(0)
  454. ENV['USER_DEVICE_UPDATED_AT'] = nil
  455. ENV['TEST_REMOTE_IP'] = '195.65.29.254' # ch
  456. params = {}
  457. get '/api/v1/users', params: params, as: :json
  458. expect(response).to have_http_status(:ok)
  459. check_notification do
  460. perform_enqueued_jobs
  461. not_sent(
  462. template: 'user_device_new',
  463. user: agent,
  464. )
  465. not_sent(
  466. template: 'user_device_new_location',
  467. user: agent,
  468. )
  469. end
  470. # ip reset
  471. ENV['TEST_REMOTE_IP'] = '5.9.62.170' # de
  472. expect(UserDevice.where(user_id: agent.id).count).to eq(0)
  473. end
  474. it 'does login with invalid fingerprint (11)' do
  475. params = { fingerprint: 'to_long_1234567890to_long_1234567890to_long_1234567890to_long_1234567890to_long_1234567890to_long_1234567890to_long_1234567890to_long_1234567890to_long_1234567890to_long_1234567890to_long_1234567890', username: 'user-device-admin', password: 'adminpw' }
  476. post '/api/v1/signin', params: params, as: :json
  477. expect(response).to have_http_status(:unprocessable_entity)
  478. expect(json_response).to be_a(Hash)
  479. expect(json_response['error']).to eq('fingerprint is 198 chars but can only be 160 chars!')
  480. expect(json_response['config']).to be_falsey
  481. expect(controller.session[:user_device_fingerprint]).to be_falsey
  482. check_notification do
  483. perform_enqueued_jobs
  484. not_sent(
  485. template: 'user_device_new',
  486. user: admin,
  487. )
  488. not_sent(
  489. template: 'user_device_new_location',
  490. user: admin,
  491. )
  492. end
  493. expect(UserDevice.where(user_id: admin.id).count).to eq(0)
  494. end
  495. it 'does login with integer as fingerprint (12)' do
  496. params = { fingerprint: 123_456_789, username: 'user-device-admin', password: 'adminpw' }
  497. post '/api/v1/signin', params: params, as: :json
  498. expect(response).to have_http_status(:created)
  499. expect(controller.session[:user_device_fingerprint]).to be_truthy
  500. check_notification do
  501. perform_enqueued_jobs
  502. not_sent(
  503. template: 'user_device_new',
  504. user: admin,
  505. )
  506. not_sent(
  507. template: 'user_device_new_location',
  508. user: admin,
  509. )
  510. end
  511. expect(UserDevice.where(user_id: admin.id).count).to eq(1)
  512. expect(json_response).to be_a(Hash)
  513. expect(json_response['error']).to be_nil
  514. end
  515. it 'does login form controller - check no user device logging (13)' do
  516. Setting.set('form_ticket_create', true)
  517. params = {
  518. fingerprint: 'long_1234567890long_1234567890long_1234567890long_1234567890long_1234567890long_1234567890long_1234567890long_1234567890long_1234567890long_1234567890long_1234567890'
  519. }
  520. authenticated_as(admin, password: 'adminpw')
  521. post '/api/v1/form_config', params: params, as: :json
  522. expect(response).to have_http_status(:ok)
  523. expect(json_response).to be_a(Hash)
  524. expect(json_response['error']).to be_falsey
  525. expect(json_response['endpoint']).to be_truthy
  526. expect(controller.session[:user_device_fingerprint]).to be_falsey
  527. check_notification do
  528. perform_enqueued_jobs
  529. not_sent(
  530. template: 'user_device_new',
  531. user: admin,
  532. )
  533. not_sent(
  534. template: 'user_device_new_location',
  535. user: admin,
  536. )
  537. end
  538. expect(UserDevice.where(user_id: admin.id).count).to eq(0)
  539. end
  540. end
  541. end