BigW Consortium Gitlab

users_spec.rb 16.9 KB
Newer Older
Nihad Abbasov committed
1 2
require 'spec_helper'

3
describe API::API, api: true  do
4 5
  include ApiHelpers

6 7 8
  let(:user)  { create(:user) }
  let(:admin) { create(:admin) }
  let(:key)   { create(:key, user: user) }
Nihad Abbasov committed
9 10

  describe "GET /users" do
11 12 13
    context "when unauthenticated" do
      it "should return authentication error" do
        get api("/users")
14
        expect(response.status).to eq(401)
15
      end
Nihad Abbasov committed
16 17
    end

18
    context "when authenticated" do
Nihad Abbasov committed
19
      it "should return an array of users" do
Robert Speicher committed
20
        get api("/users", user)
21 22
        expect(response.status).to eq(200)
        expect(json_response).to be_an Array
Marin Jankovski committed
23
        username = user.username
24
        expect(json_response.detect {
Marin Jankovski committed
25
          |user| user['username'] == username
26
          }['username']).to eq(username)
Nihad Abbasov committed
27 28
      end
    end
29 30 31 32

    context "when admin" do
      it "should return an array of users" do
        get api("/users", admin)
33 34 35 36 37
        expect(response.status).to eq(200)
        expect(json_response).to be_an Array
        expect(json_response.first.keys).to include 'email'
        expect(json_response.first.keys).to include 'identities'
        expect(json_response.first.keys).to include 'can_create_project'
38 39
      end
    end
Nihad Abbasov committed
40 41 42 43
  end

  describe "GET /users/:id" do
    it "should return a user by id" do
Robert Speicher committed
44
      get api("/users/#{user.id}", user)
45 46
      expect(response.status).to eq(200)
      expect(json_response['username']).to eq(user.username)
Nihad Abbasov committed
47 48
    end

49 50
    it "should return a 401 if unauthenticated" do
      get api("/users/9998")
51
      expect(response.status).to eq(401)
52
    end
53

54 55
    it "should return a 404 error if user id not found" do
      get api("/users/9999", user)
56 57
      expect(response.status).to eq(404)
      expect(json_response['message']).to eq('404 Not found')
58
    end
59 60 61 62
  end

  describe "POST /users" do
    before{ admin }
63 64

    it "should create user" do
65
      expect {
66
        post api("/users", admin), attributes_for(:user, projects_limit: 3)
67
      }.to change { User.count }.by(1)
68 69
    end

70 71
    it "should create user with correct attributes" do
      post api('/users', admin), attributes_for(:user, admin: true, can_create_group: true)
72
      expect(response.status).to eq(201)
73 74
      user_id = json_response['id']
      new_user = User.find(user_id)
75 76 77
      expect(new_user).not_to eq(nil)
      expect(new_user.admin).to eq(true)
      expect(new_user.can_create_group).to eq(true)
78 79
    end

80 81
    it "should create non-admin user" do
      post api('/users', admin), attributes_for(:user, admin: false, can_create_group: false)
82
      expect(response.status).to eq(201)
83 84
      user_id = json_response['id']
      new_user = User.find(user_id)
85 86 87
      expect(new_user).not_to eq(nil)
      expect(new_user.admin).to eq(false)
      expect(new_user.can_create_group).to eq(false)
88 89 90 91
    end

    it "should create non-admin users by default" do
      post api('/users', admin), attributes_for(:user)
92
      expect(response.status).to eq(201)
93 94
      user_id = json_response['id']
      new_user = User.find(user_id)
95 96
      expect(new_user).not_to eq(nil)
      expect(new_user.admin).to eq(false)
97 98
    end

99 100
    it "should return 201 Created on success" do
      post api("/users", admin), attributes_for(:user, projects_limit: 3)
101
      expect(response.status).to eq(201)
102 103 104
    end

    it "should not create user with invalid email" do
105 106 107 108
      post api('/users', admin),
           email: 'invalid email',
           password: 'password',
           name: 'test'
109
      expect(response.status).to eq(400)
110 111
    end

112
    it 'should return 400 error if name not given' do
113
      post api('/users', admin), attributes_for(:user).except(:name)
114
      expect(response.status).to eq(400)
115 116 117
    end

    it 'should return 400 error if password not given' do
118
      post api('/users', admin), attributes_for(:user).except(:password)
119
      expect(response.status).to eq(400)
120 121
    end

122 123 124 125 126 127 128
    it 'should return 400 error if email not given' do
      post api('/users', admin), attributes_for(:user).except(:email)
      expect(response.status).to eq(400)
    end

    it 'should return 400 error if username not given' do
      post api('/users', admin), attributes_for(:user).except(:username)
129
      expect(response.status).to eq(400)
130 131 132 133 134 135 136 137 138 139
    end

    it 'should return 400 error if user does not validate' do
      post api('/users', admin),
           password: 'pass',
           email: 'test@example.com',
           username: 'test!',
           name: 'test',
           bio: 'g' * 256,
           projects_limit: -1
140 141 142 143 144 145 146 147
      expect(response.status).to eq(400)
      expect(json_response['message']['password']).
          to eq(['is too short (minimum is 8 characters)'])
      expect(json_response['message']['bio']).
          to eq(['is too long (maximum is 255 characters)'])
      expect(json_response['message']['projects_limit']).
          to eq(['must be greater than or equal to 0'])
      expect(json_response['message']['username']).
Douwe Maan committed
148
          to eq([Gitlab::Regex.send(:namespace_regex_message)])
149 150
    end

151
    it "shouldn't available for non admin users" do
152
      post api("/users", user), attributes_for(:user)
153
      expect(response.status).to eq(403)
154
    end
155

156 157 158 159 160 161 162 163
    context 'with existing user' do
      before do
        post api('/users', admin),
             email: 'test@example.com',
             password: 'password',
             username: 'test',
             name: 'foo'
      end
164

165
      it 'should return 409 conflict error if user with same email exists' do
166
        expect {
167 168 169 170 171
          post api('/users', admin),
               name: 'foo',
               email: 'test@example.com',
               password: 'password',
               username: 'foo'
172
        }.to change { User.count }.by(0)
173 174
        expect(response.status).to eq(409)
        expect(json_response['message']).to eq('Email has already been taken')
175 176
      end

177 178 179 180 181 182 183 184
      it 'should return 409 conflict error if same username exists' do
        expect do
          post api('/users', admin),
               name: 'foo',
               email: 'foo@example.com',
               password: 'password',
               username: 'test'
        end.to change { User.count }.by(0)
185 186
        expect(response.status).to eq(409)
        expect(json_response['message']).to eq('Username has already been taken')
187 188
      end
    end
189 190
  end

Marin Jankovski committed
191
  describe "GET /users/sign_up" do
192

193 194
    it "should redirect to sign in page" do
      get "/users/sign_up"
195 196
      expect(response.status).to eq(302)
      expect(response).to redirect_to(new_user_session_path)
Marin Jankovski committed
197 198 199
    end
  end

200
  describe "PUT /users/:id" do
201 202
    let!(:admin_user) { create(:admin) }

203 204
    before { admin }

205
    it "should update user with new bio" do
206
      put api("/users/#{user.id}", admin), {bio: 'new test bio'}
207 208 209
      expect(response.status).to eq(200)
      expect(json_response['bio']).to eq('new test bio')
      expect(user.reload.bio).to eq('new test bio')
210 211
    end

212 213
    it 'should update user with his own email' do
      put api("/users/#{user.id}", admin), email: user.email
214 215 216
      expect(response.status).to eq(200)
      expect(json_response['email']).to eq(user.email)
      expect(user.reload.email).to eq(user.email)
217 218 219 220
    end

    it 'should update user with his own username' do
      put api("/users/#{user.id}", admin), username: user.username
221 222 223
      expect(response.status).to eq(200)
      expect(json_response['username']).to eq(user.username)
      expect(user.reload.username).to eq(user.username)
224 225
    end

226 227
    it "should update admin status" do
      put api("/users/#{user.id}", admin), {admin: true}
228 229 230
      expect(response.status).to eq(200)
      expect(json_response['is_admin']).to eq(true)
      expect(user.reload.admin).to eq(true)
231 232 233 234
    end

    it "should not update admin status" do
      put api("/users/#{admin_user.id}", admin), {can_create_group: false}
235 236 237 238
      expect(response.status).to eq(200)
      expect(json_response['is_admin']).to eq(true)
      expect(admin_user.reload.admin).to eq(true)
      expect(admin_user.can_create_group).to eq(false)
239 240
    end

241 242
    it "should not allow invalid update" do
      put api("/users/#{user.id}", admin), {email: 'invalid email'}
243 244
      expect(response.status).to eq(400)
      expect(user.reload.email).not_to eq('invalid email')
245 246 247 248
    end

    it "shouldn't available for non admin users" do
      put api("/users/#{user.id}", user), attributes_for(:user)
249
      expect(response.status).to eq(403)
250 251 252 253
    end

    it "should return 404 for non-existing user" do
      put api("/users/999999", admin), {bio: 'update should fail'}
254 255
      expect(response.status).to eq(404)
      expect(json_response['message']).to eq('404 Not found')
256 257 258 259 260 261 262 263 264 265
    end

    it 'should return 400 error if user does not validate' do
      put api("/users/#{user.id}", admin),
          password: 'pass',
          email: 'test@example.com',
          username: 'test!',
          name: 'test',
          bio: 'g' * 256,
          projects_limit: -1
266 267 268 269 270 271 272 273
      expect(response.status).to eq(400)
      expect(json_response['message']['password']).
          to eq(['is too short (minimum is 8 characters)'])
      expect(json_response['message']['bio']).
          to eq(['is too long (maximum is 255 characters)'])
      expect(json_response['message']['projects_limit']).
          to eq(['must be greater than or equal to 0'])
      expect(json_response['message']['username']).
Douwe Maan committed
274
          to eq([Gitlab::Regex.send(:namespace_regex_message)])
275
    end
276 277 278 279 280

    context "with existing user" do
      before {
        post api("/users", admin), { email: 'test@example.com', password: 'password', username: 'test', name: 'test' }
        post api("/users", admin), { email: 'foo@bar.com', password: 'password', username: 'john', name: 'john' }
281
        @user = User.all.last
282 283
      }

284 285
      it 'should return 409 conflict error if email address exists' do
        put api("/users/#{@user.id}", admin), email: 'test@example.com'
286 287
        expect(response.status).to eq(409)
        expect(@user.reload.email).to eq(@user.email)
288 289 290 291 292
      end

      it 'should return 409 conflict error if username taken' do
        @user_id = User.all.last.id
        put api("/users/#{@user.id}", admin), username: 'test'
293 294
        expect(response.status).to eq(409)
        expect(@user.reload.username).to eq(@user.username)
295
      end
296
    end
297 298
  end

Angus MacArthur committed
299 300 301 302 303
  describe "POST /users/:id/keys" do
    before { admin }

    it "should not create invalid ssh key" do
      post api("/users/#{user.id}/keys", admin), { title: "invalid key" }
304 305
      expect(response.status).to eq(400)
      expect(json_response['message']).to eq('400 (Bad request) "key" not given')
306 307 308 309
    end

    it 'should not create key without title' do
      post api("/users/#{user.id}/keys", admin), key: 'some key'
310 311
      expect(response.status).to eq(400)
      expect(json_response['message']).to eq('400 (Bad request) "title" not given')
Angus MacArthur committed
312 313 314 315 316 317 318 319 320 321
    end

    it "should create ssh key" do
      key_attrs = attributes_for :key
      expect {
        post api("/users/#{user.id}/keys", admin), key_attrs
      }.to change{ user.keys.count }.by(1)
    end
  end

322 323 324 325 326 327
  describe 'GET /user/:uid/keys' do
    before { admin }

    context 'when unauthenticated' do
      it 'should return authentication error' do
        get api("/users/#{user.id}/keys")
328
        expect(response.status).to eq(401)
329 330 331 332 333 334
      end
    end

    context 'when authenticated' do
      it 'should return 404 for non-existing user' do
        get api('/users/999999/keys', admin)
335 336
        expect(response.status).to eq(404)
        expect(json_response['message']).to eq('404 User Not Found')
337 338 339 340 341 342
      end

      it 'should return array of ssh keys' do
        user.keys << key
        user.save
        get api("/users/#{user.id}/keys", admin)
343 344 345
        expect(response.status).to eq(200)
        expect(json_response).to be_an Array
        expect(json_response.first['title']).to eq(key.title)
346 347 348 349 350 351 352 353 354 355
      end
    end
  end

  describe 'DELETE /user/:uid/keys/:id' do
    before { admin }

    context 'when unauthenticated' do
      it 'should return authentication error' do
        delete api("/users/#{user.id}/keys/42")
356
        expect(response.status).to eq(401)
357 358 359 360 361 362 363 364 365 366
      end
    end

    context 'when authenticated' do
      it 'should delete existing key' do
        user.keys << key
        user.save
        expect {
          delete api("/users/#{user.id}/keys/#{key.id}", admin)
        }.to change { user.keys.count }.by(-1)
367
        expect(response.status).to eq(200)
368 369 370 371 372 373
      end

      it 'should return 404 error if user not found' do
        user.keys << key
        user.save
        delete api("/users/999999/keys/#{key.id}", admin)
374 375
        expect(response.status).to eq(404)
        expect(json_response['message']).to eq('404 User Not Found')
376 377 378 379
      end

      it 'should return 404 error if key not foud' do
        delete api("/users/#{user.id}/keys/42", admin)
380 381
        expect(response.status).to eq(404)
        expect(json_response['message']).to eq('404 Key Not Found')
382 383 384 385
      end
    end
  end

386 387 388 389 390
  describe "DELETE /users/:id" do
    before { admin }

    it "should delete user" do
      delete api("/users/#{user.id}", admin)
391
      expect(response.status).to eq(200)
392
      expect { User.find(user.id) }.to raise_error ActiveRecord::RecordNotFound
393
      expect(json_response['email']).to eq(user.email)
394 395
    end

396 397
    it "should not delete for unauthenticated user" do
      delete api("/users/#{user.id}")
398
      expect(response.status).to eq(401)
399 400
    end

401 402
    it "shouldn't available for non admin users" do
      delete api("/users/#{user.id}", user)
403
      expect(response.status).to eq(403)
404 405 406 407
    end

    it "should return 404 for non-existing user" do
      delete api("/users/999999", admin)
408 409
      expect(response.status).to eq(404)
      expect(json_response['message']).to eq('404 User Not Found')
410 411 412
    end
  end

Nihad Abbasov committed
413 414
  describe "GET /user" do
    it "should return current user" do
Robert Speicher committed
415
      get api("/user", user)
416 417 418 419 420 421
      expect(response.status).to eq(200)
      expect(json_response['email']).to eq(user.email)
      expect(json_response['is_admin']).to eq(user.is_admin?)
      expect(json_response['can_create_project']).to eq(user.can_create_project?)
      expect(json_response['can_create_group']).to eq(user.can_create_group?)
      expect(json_response['projects_limit']).to eq(user.projects_limit)
Nihad Abbasov committed
422
    end
423 424 425

    it "should return 401 error if user is unauthenticated" do
      get api("/user")
426
      expect(response.status).to eq(401)
427
    end
Nihad Abbasov committed
428
  end
429 430 431 432 433

  describe "GET /user/keys" do
    context "when unauthenticated" do
      it "should return authentication error" do
        get api("/user/keys")
434
        expect(response.status).to eq(401)
435 436
      end
    end
Nihad Abbasov committed
437

438 439 440 441 442
    context "when authenticated" do
      it "should return array of ssh keys" do
        user.keys << key
        user.save
        get api("/user/keys", user)
443 444 445
        expect(response.status).to eq(200)
        expect(json_response).to be_an Array
        expect(json_response.first["title"]).to eq(key.title)
446 447 448 449 450
      end
    end
  end

  describe "GET /user/keys/:id" do
Johannes Schleifenbaum committed
451
    it "should return single key" do
452 453 454
      user.keys << key
      user.save
      get api("/user/keys/#{key.id}", user)
455 456
      expect(response.status).to eq(200)
      expect(json_response["title"]).to eq(key.title)
457
    end
Nihad Abbasov committed
458

459 460
    it "should return 404 Not Found within invalid ID" do
      get api("/user/keys/42", user)
461 462
      expect(response.status).to eq(404)
      expect(json_response['message']).to eq('404 Not found')
463 464
    end

465 466 467 468 469
    it "should return 404 error if admin accesses user's ssh key" do
      user.keys << key
      user.save
      admin
      get api("/user/keys/#{key.id}", admin)
470 471
      expect(response.status).to eq(404)
      expect(json_response['message']).to eq('404 Not found')
472
    end
473
  end
Nihad Abbasov committed
474

475
  describe "POST /user/keys" do
476
    it "should create ssh key" do
477
      key_attrs = attributes_for :key
478 479 480
      expect {
        post api("/user/keys", user), key_attrs
      }.to change{ user.keys.count }.by(1)
481
      expect(response.status).to eq(201)
482 483 484 485
    end

    it "should return a 401 error if unauthorized" do
      post api("/user/keys"), title: 'some title', key: 'some key'
486
      expect(response.status).to eq(401)
487 488 489 490
    end

    it "should not create ssh key without key" do
      post api("/user/keys", user), title: 'title'
491 492
      expect(response.status).to eq(400)
      expect(json_response['message']).to eq('400 (Bad request) "key" not given')
493 494 495 496
    end

    it 'should not create ssh key without title' do
      post api('/user/keys', user), key: 'some key'
497 498
      expect(response.status).to eq(400)
      expect(json_response['message']).to eq('400 (Bad request) "title" not given')
499 500 501 502
    end

    it "should not create ssh key without title" do
      post api("/user/keys", user), key: "somekey"
503
      expect(response.status).to eq(400)
504 505 506 507 508 509 510 511 512 513
    end
  end

  describe "DELETE /user/keys/:id" do
    it "should delete existed key" do
      user.keys << key
      user.save
      expect {
        delete api("/user/keys/#{key.id}", user)
      }.to change{user.keys.count}.by(-1)
514
      expect(response.status).to eq(200)
515
    end
Nihad Abbasov committed
516

Kevin Lyda committed
517
    it "should return success if key ID not found" do
518
      delete api("/user/keys/42", user)
519
      expect(response.status).to eq(200)
520 521 522 523 524 525
    end

    it "should return 401 error if unauthorized" do
      user.keys << key
      user.save
      delete api("/user/keys/#{key.id}")
526
      expect(response.status).to eq(401)
527 528
    end
  end
Nihad Abbasov committed
529
end