Project

General

Profile

Download (14.9 KB) Statistics
| Branch: | Tag: | Revision:

foreman/test/controllers/api/v2/users_controller_test.rb @ 9d43fc71

require 'test_helper'

class Api::V2::UsersControllerTest < ActionController::TestCase
def valid_attrs
{ :mail => 'john@example.com',
:auth_source_id => auth_sources(:internal), :password => '123456' }
end

def min_valid_attrs
{ :login => "foo", :auth_source_id => auth_sources(:internal).id, :password => '123456' }
end

# List of invalid emails.
def invalid_usernames_list
[
'',
"space #{RFauxFactory.gen_alpha}",
RFauxFactory.gen_alpha(101),
RFauxFactory.gen_html
]
end

def setup
setup_users
end

test "should get index" do
get :index
assert_response :success
end

test "should handle taxonomy with wrong id" do
get :index, params: { :location_id => taxonomies(:location1).id, :organization_id => 'missing' }
assert_response :not_found
end

test "should show individual record by ID" do
get :show, params: { :id => users(:one).id }
assert_response :success
show_response = ActiveSupport::JSON.decode(@response.body)
assert_not show_response.empty?
end

test "should show individual record by login name" do
get :show, params: { :id => users(:one).login }
assert_response :success
show_response = ActiveSupport::JSON.decode(@response.body)
assert_not show_response.empty?
end

test "shows default taxonomies on show response" do
users(:one).update_attribute :locations, [taxonomies(:location1)]
users(:one).update_attribute :default_location, taxonomies(:location1)
get :show, params: { :id => users(:one).id }
show_response = ActiveSupport::JSON.decode(@response.body)

assert_equal taxonomies(:location1).id, show_response['default_location']['id']
assert_nil show_response['default_organization']
end

test "effective_admin is true if group admin is enabled" do
user = users(:one)
get :show, params: { :id => user.id }
response = ActiveSupport::JSON.decode(@response.body)
refute response["effective_admin"]

as_admin { FactoryBot.create(:usergroup, :admin => true, :users => [user]) }
get :show, params: { :id => user.id }
response = ActiveSupport::JSON.decode(@response.body)
assert response["effective_admin"]
end

test "should update user" do
user = User.create :login => "foo", :mail => "foo@bar.com", :auth_source => auth_sources(:one)
put :update, params: { :id => user.id, :user => valid_attrs }
assert_response :success

mod_user = User.unscoped.find_by_id(user.id)
assert mod_user.mail == "john@example.com"
end

test "should update admin flag" do
user = users(:one)
put :update, params: { :id => user.id, :user => { :admin => true } }

assert_response :success
assert User.unscoped.find_by_id(user.id).admin?
end

test "should not remove the default role" do
user = User.create :login => "foo", :mail => "foo@bar.com", :auth_source => auth_sources(:one)

assert user.roles = [roles(:default_role)]

put :update, params: { :id => user.id, :user => { :mail => "bar@foo.com" } }
assert_response :success

mod_user = User.unscoped.find_by_id(user.id)

assert mod_user.roles = [roles(:default_role)]
end

test "should set password" do
user = User.new :login => "foo", :mail => "foo@bar.com", :firstname => "john", :lastname => "smith", :auth_source => auth_sources(:internal)
user.password = "changeme"
assert user.save

put :update, params: { :id => user.id, :user => { :login => "johnsmith", :password => "dummy", :password_confirmation => "dummy" } }
assert_response :success

mod_user = User.unscoped.find_by_id(user.id)
assert mod_user.matching_password?("dummy")
end

test "should detect password validation mismatches" do
user = User.new :login => "foo", :mail => "foo@bar.com", :firstname => "john", :lastname => "smith", :auth_source => auth_sources(:internal)
user.password = "changeme"
assert user.save

put :update, params: { :id => user.id, :user => { :login => "johnsmith", :password => "dummy", :password_confirmation => "DUMMY" } }
assert_response :unprocessable_entity

mod_user = User.unscoped.find_by_id(user.id)
assert mod_user.matching_password?("changeme")
end

test "should delete different user" do
user = users(:one)

delete :destroy, params: { :id => user.id }
assert_response :success

refute User.unscoped.exists?(user.id)
end

test "should not delete same user" do
user = users(:one)
user.update_attribute :admin, true

as_user :one do
delete :destroy, params: { :id => user.id }
assert_response :forbidden

response = ActiveSupport::JSON.decode(@response.body)
assert_equal "You are trying to delete your own account", response['error']['details']
assert_equal "Access denied", response['error']['message']
assert User.unscoped.exists?(user.id)
end
end

def user_one_as_anonymous_viewer
users(:one).roles = [Role.default, Role.find_by_name('Viewer')]
end

test 'user with viewer rights should fail to edit a user' do
user_one_as_anonymous_viewer
user = nil
as_admin do
user = User.create :login => "foo", :mail => "foo@bar.com", :auth_source => auth_sources(:one)
user.save
end
as_user :one do
put :update, params: { :id => user.id, :user => { :login => "johnsmith" } }
assert_response :forbidden
end
end

test 'user with viewer rights should succeed in viewing users' do
user_one_as_anonymous_viewer
as_user :one do
get :index
assert_response :success
end
end

test 'admin user can be created' do
user = users(:one)
user.update_attribute :admin, true

as_user :one do
post :create, params: { :user => {
:admin => true, :login => 'new_admin', :auth_source_id => auth_sources(:one).id }
}
assert_response :created
assert User.unscoped.find_by_login('new_admin').admin?
end
end

test "#index should not show hidden users" do
get :index, params: { :search => "login == #{users(:anonymous).login}" }
results = ActiveSupport::JSON.decode(@response.body)
assert results['results'].empty?, results.inspect
end

test "#find_resource should not return hidden users" do
get :show, params: { :id => users(:anonymous).id }
assert_response :not_found
end

test "#show should not allow displaying other users without proper permission" do
as_user :two do
get :show, params: { :id => users(:one).id }
end
assert_response :forbidden
end

test "#show should allow displaying myself without any special permissions" do
as_user :two do
get :show, params: { :id => users(:two).id }
end
assert_response :success
end

test "#update should not update other users without proper permission" do
user = User.create :login => "foo", :mail => "foo@bar.com", :auth_source => auth_sources(:one)
as_user :two do
put :update, params: { :id => user.id, :user => valid_attrs }
end
assert_response :forbidden
end

test "#update should allow updating myself without any special permissions with changing password" do
user = User.create :login => "foo", :mail => "foo@bar.com", :auth_source => auth_sources(:one), :password => '123'
as_user user do
put :update, params: { :id => user.id, :user => valid_attrs.merge(:current_password => '123') }
end
assert_response :success
user.reload
assert user.matching_password?("123456")
end

test "#update should allow updating myself without any special permissions without changing password" do
user = User.create :login => "foo", :mail => "foo@bar.com", :auth_source => auth_sources(:one)
as_user user do
put :update, params: { :id => user.id, :user => valid_attrs.except(:password) }
end
assert_response :success
end

test '#update should not be editing User.current with changing password' do
user = User.create :login => "foo", :mail => "foo@bar.com", :auth_source => auth_sources(:one), :password => '123'

as_user user do
put :update, params: { :id => user.id, :user => valid_attrs.merge(:current_password => '123') }
end
assert_equal user, assigns(:user)
refute_equal user.object_id, assigns(:user).object_id
assert_response :success
user.reload
assert user.matching_password?('123456')
end

test '#update should not be editing User.current without changing password' do
user = User.create :login => "foo", :mail => "foo@bar.com", :auth_source => auth_sources(:one)
as_user user do
put :update, params: { :id => user.id, :user => valid_attrs.except(:password) }
end
assert_equal user, assigns(:user)
refute_equal user.object_id, assigns(:user).object_id
assert_response :success
end

test "should not create with invalid email" do
mail = 'foreman@'
post :create, params: { :user => min_valid_attrs.clone.update(:mail => mail) }
assert_response :unprocessable_entity, "Can create user with invalid mail #{mail}"
end

test "should not create with invalid firstname" do
firstname = RFauxFactory.gen_alpha(51)
post :create, params: { :user => min_valid_attrs.clone.update(:firstname => firstname) }
assert_response :unprocessable_entity, "Can create user with invalid firstname #{firstname}"
end

test "should not create with invalid lastname" do
lastname = RFauxFactory.gen_alpha(51)
post :create, params: { :user => min_valid_attrs.clone.update(:lastname => lastname) }
assert_response :unprocessable_entity, "Can create user with invalid lastname #{lastname}"
end

test "should not create with invalid username" do
login = ""
post :create, params: { :user => min_valid_attrs.clone.update(:login => login) }
assert_response :unprocessable_entity, "Can create user with invalid login #{login}"
end

test "should create with valid description" do
description = RFauxFactory.gen_alpha
post :create, params: { :user => min_valid_attrs.clone.update(:description => description) }
assert_response :success, "creation with description #{description} failed with code #{response.code}"
assert_equal JSON.parse(@response.body)['description'], description, "Can't create user with valid description #{description}"
end

test "should create with valid email" do
mail = "#{RFauxFactory.gen_alpha}@example.com"
post :create, params: { :user => min_valid_attrs.clone.update(:mail => mail) }
assert_response :success, "creation with mail #{mail} failed with code #{response.code}"
assert_equal JSON.parse(@response.body)['mail'], mail, "Can't create user with valid mail #{mail}"
end

test "should create with valid firstname" do
firstname = RFauxFactory.gen_alpha
post :create, params: { :user => min_valid_attrs.clone.update(:firstname => firstname) }
assert_response :success, "creation with firstname #{firstname} failed with code #{response.code}"
assert_equal JSON.parse(@response.body)['firstname'], firstname, "Can't create user with valid firstname #{firstname}"
end

test "should create with valid lastname" do
lastname = RFauxFactory.gen_alpha
post :create, params: { :user => min_valid_attrs.clone.update(:lastname => lastname) }
assert_response :success, "creation with lastname #{lastname} failed with code #{response.code}"
assert_equal JSON.parse(@response.body)['lastname'], lastname, "Can't create user with valid lastname #{lastname}"
end

test "should create with valid password" do
password = RFauxFactory.gen_alpha
post :create, params: { :user => min_valid_attrs.clone.update(:password => password) }
assert_response :success, "creation with password #{password} failed with code #{response.code}"
end

test "should create with valid username" do
login = RFauxFactory.gen_alpha
post :create, params: { :user => min_valid_attrs.clone.update(:login => login) }
assert_response :success, "creation with login #{login} failed with code #{response.code}"
assert_equal JSON.parse(@response.body)['login'], login, "Can't create user with valid login #{login}"
end

test "should update with valid username" do
login = RFauxFactory.gen_alpha
put :update, params: { :id => users(:apiadmin).id, :user => {:login => login } }
assert_response :success
assert_equal JSON.parse(@response.body)['login'], login, "Can't update user with valid login #{login}"
end

test "should update with admin attribute true" do
admin = true
put :update, params: { :id => users(:one).id, :user => {:admin => admin } }
assert_response :success
assert_equal JSON.parse(@response.body)['admin'], admin, "Can't update user with valid admin attribute #{admin}"
end

test "should update with admin attribute false" do
admin = false
put :update, params: { :id => users(:apiadmin).id, :user => {:admin => admin } }
assert_response :success
assert_equal JSON.parse(@response.body)['admin'], admin, "Can't update user with valid admin attribute #{admin}"
end

test "should update with valid description" do
description = RFauxFactory.gen_alpha
put :update, params: { :id => users(:one).id, :user => {:description => description } }
assert_response :success
assert_equal JSON.parse(@response.body)['description'], description, "Can't update user with valid description #{description}"
end

test "should update with valid mail" do
mail = "#{RFauxFactory.gen_alpha}@example.com"
put :update, params: { :id => users(:one).id, :user => {:mail => mail } }
assert_response :success
assert_equal JSON.parse(@response.body)['mail'], mail, "Can't update user with valid mail #{mail}"
end

test "should update with valid firstname" do
firstname = RFauxFactory.gen_alpha
put :update, params: { :id => users(:one).id, :user => {:firstname => firstname } }
assert_response :success
assert_equal JSON.parse(@response.body)['firstname'], firstname, "Can't update user with valid firstname #{firstname}"
end

test "should update with valid firstname" do
lastname = RFauxFactory.gen_alpha
put :update, params: { :id => users(:one).id, :user => {:lastname => lastname } }
assert_response :success
assert_equal JSON.parse(@response.body)['lastname'], lastname, "Can't update user with valid lastname #{lastname}"
end

test "should create with roles" do
roles = [Role.find_by_name('Manager'), Role.find_by_name('View hosts')]
post :create, params: { :user => min_valid_attrs.clone.update(:role_ids => roles.map { |role| role.id }) }
assert_response :success
assert_equal JSON.parse(@response.body)['roles'].map { |role| role["id"] }, roles.map { |role| role.id }, "Can't create user with valid roles #{roles}"
end

test "should update with roles" do
roles = [Role.find_by_name('Manager'), Role.find_by_name('View hosts')]
put :update, params: { :id => users(:two).id, :user => {:role_ids => roles.map { |role| role.id } } }
assert_response :success
assert_equal JSON.parse(@response.body)['roles'].map { |role| role["id"] }, roles.map { |role| role.id }, "Can't update user with valid roles #{roles}"
end
end
(61-61/61)