BigW Consortium Gitlab

users_spec.rb 13.2 KB
Newer Older
Nihad Abbasov committed
1 2
require 'spec_helper'

3
describe API::API, api: true  do
4 5
  include ApiHelpers

6 7 8
  let(:user)  { create(:user) }
  let(:admin) { create(:admin) }
  let(:key)   { create(:key, user: user) }
Nihad Abbasov committed
9 10

  describe "GET /users" do
11 12 13 14 15
    context "when unauthenticated" do
      it "should return authentication error" do
        get api("/users")
        response.status.should == 401
      end
Nihad Abbasov committed
16 17
    end

18
    context "when authenticated" do
Nihad Abbasov committed
19
      it "should return an array of users" do
Robert Speicher committed
20
        get api("/users", user)
Nihad Abbasov committed
21
        response.status.should == 200
Nihad Abbasov committed
22
        json_response.should be_an Array
23
        json_response.first['username'].should == user.username
Nihad Abbasov committed
24 25
      end
    end
26 27 28 29 30 31 32 33 34 35 36

    context "when admin" do
      it "should return an array of users" do
        get api("/users", admin)
        response.status.should == 200
        json_response.should be_an Array
        json_response.first.keys.should include 'email'
        json_response.first.keys.should include 'extern_uid'
        json_response.first.keys.should include 'can_create_project'
      end
    end
Nihad Abbasov committed
37 38 39 40
  end

  describe "GET /users/:id" do
    it "should return a user by id" do
Robert Speicher committed
41
      get api("/users/#{user.id}", user)
Nihad Abbasov committed
42
      response.status.should == 200
43
      json_response['username'].should == user.username
Nihad Abbasov committed
44 45
    end

46 47 48 49
    it "should return a 401 if unauthenticated" do
      get api("/users/9998")
      response.status.should == 401
    end
50

51 52
    it "should return a 404 error if user id not found" do
      get api("/users/9999", user)
53 54
      response.status.should == 404
    end
55 56 57 58
  end

  describe "POST /users" do
    before{ admin }
59 60

    it "should create user" do
61
      expect {
62
        post api("/users", admin), attributes_for(:user, projects_limit: 3)
63
      }.to change { User.count }.by(1)
64 65
    end

66 67 68 69 70 71 72 73 74 75
    it "should create user with correct attributes" do
      post api('/users', admin), attributes_for(:user, admin: true, can_create_group: true)
      response.status.should == 201
      user_id = json_response['id']
      new_user = User.find(user_id)
      new_user.should_not == nil
      new_user.admin.should == true
      new_user.can_create_group.should == true
    end

76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94
    it "should create non-admin user" do
      post api('/users', admin), attributes_for(:user, admin: false, can_create_group: false)
      response.status.should == 201
      user_id = json_response['id']
      new_user = User.find(user_id)
      new_user.should_not == nil
      new_user.admin.should == false
      new_user.can_create_group.should == false
    end

    it "should create non-admin users by default" do
      post api('/users', admin), attributes_for(:user)
      response.status.should == 201
      user_id = json_response['id']
      new_user = User.find(user_id)
      new_user.should_not == nil
      new_user.admin.should == false
    end

95 96 97 98 99
    it "should return 201 Created on success" do
      post api("/users", admin), attributes_for(:user, projects_limit: 3)
      response.status.should == 201
    end

100 101 102 103 104 105 106
    it "creating a user should respect default project limit" do
      limit = 123456
      Gitlab.config.gitlab.stub(:default_projects_limit).and_return(limit)
      attr = attributes_for(:user )
      expect {
        post api("/users", admin), attr
      }.to change { User.count }.by(1)
skv committed
107
      user = User.find_by(username: attr[:username])
108
      user.projects_limit.should == limit
Dmitriy Zaporozhets committed
109
      user.theme_id.should == Gitlab::Theme::MARS
110 111 112
      Gitlab.config.gitlab.unstub(:default_projects_limit)
    end

113 114 115 116 117 118 119 120 121 122 123 124 125 126 127
    it "should not create user with invalid email" do
      post api("/users", admin), { email: "invalid email", password: 'password' }
      response.status.should == 400
    end

    it "should return 400 error if password not given" do
      post api("/users", admin), { email: 'test@example.com' }
      response.status.should == 400
    end

    it "should return 400 error if email not given" do
      post api("/users", admin), { password: 'pass1234' }
      response.status.should == 400
    end

128
    it "shouldn't available for non admin users" do
129
      post api("/users", user), attributes_for(:user)
130 131
      response.status.should == 403
    end
132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149

    context "with existing user" do
      before { post api("/users", admin), { email: 'test@example.com', password: 'password', username: 'test' } }

      it "should not create user with same email" do
        expect {
          post api("/users", admin), { email: 'test@example.com', password: 'password' }
        }.to change { User.count }.by(0)
      end

      it "should return 409 conflict error if user with email exists" do
        post api("/users", admin), { email: 'test@example.com', password: 'password' }
      end

      it "should return 409 conflict error if same username exists" do
        post api("/users", admin), { email: 'foo@example.com', password: 'pass', username: 'test' }
      end
    end
150 151
  end

Marin Jankovski committed
152
  describe "GET /users/sign_up" do
153 154 155 156
    context 'enabled' do
      before do
        Gitlab.config.gitlab.stub(:signup_enabled).and_return(true)
      end
Marin Jankovski committed
157

158 159 160 161
      it "should return sign up page if signup is enabled" do
        get "/users/sign_up"
        response.status.should == 200
      end
Marin Jankovski committed
162
    end
163 164 165 166 167 168 169 170 171 172 173

    context 'disabled' do
      before do
        Gitlab.config.gitlab.stub(:signup_enabled).and_return(false)
      end

      it "should redirect to sign in page if signup is disabled" do
        get "/users/sign_up"
        response.status.should == 302
        response.should redirect_to(new_user_session_path)
      end
Marin Jankovski committed
174 175 176
    end
  end

177
  describe "PUT /users/:id" do
178 179
    let!(:admin_user) { create(:admin) }

180 181
    before { admin }

182
    it "should update user with new bio" do
183 184 185 186 187 188
      put api("/users/#{user.id}", admin), {bio: 'new test bio'}
      response.status.should == 200
      json_response['bio'].should == 'new test bio'
      user.reload.bio.should == 'new test bio'
    end

189 190 191 192 193 194 195 196 197 198 199 200 201 202 203
    it "should update admin status" do
      put api("/users/#{user.id}", admin), {admin: true}
      response.status.should == 200
      json_response['is_admin'].should == true
      user.reload.admin.should == true
    end

    it "should not update admin status" do
      put api("/users/#{admin_user.id}", admin), {can_create_group: false}
      response.status.should == 200
      json_response['is_admin'].should == true
      admin_user.reload.admin.should == true
      admin_user.can_create_group.should == false
    end

204 205 206 207 208 209 210 211 212 213 214 215 216 217 218
    it "should not allow invalid update" do
      put api("/users/#{user.id}", admin), {email: 'invalid email'}
      response.status.should == 404
      user.reload.email.should_not == 'invalid email'
    end

    it "shouldn't available for non admin users" do
      put api("/users/#{user.id}", user), attributes_for(:user)
      response.status.should == 403
    end

    it "should return 404 for non-existing user" do
      put api("/users/999999", admin), {bio: 'update should fail'}
      response.status.should == 404
    end
219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237

    context "with existing user" do
      before {
        post api("/users", admin), { email: 'test@example.com', password: 'password', username: 'test', name: 'test' }
        post api("/users", admin), { email: 'foo@bar.com', password: 'password', username: 'john', name: 'john' }
        @user_id = User.all.last.id
      }

#      it "should return 409 conflict error if email address exists" do
#        put api("/users/#{@user_id}", admin), { email: 'test@example.com' }
#        response.status.should == 409
#      end
#
#      it "should return 409 conflict error if username taken" do
#        @user_id = User.all.last.id
#        put api("/users/#{@user_id}", admin), { username: 'test' }
#        response.status.should == 409
#      end
    end
238 239
  end

Angus MacArthur committed
240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255
  describe "POST /users/:id/keys" do
    before { admin }

    it "should not create invalid ssh key" do
      post api("/users/#{user.id}/keys", admin), { title: "invalid key" }
      response.status.should == 404
    end

    it "should create ssh key" do
      key_attrs = attributes_for :key
      expect {
        post api("/users/#{user.id}/keys", admin), key_attrs
      }.to change{ user.keys.count }.by(1)
    end
  end

256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316
  describe 'GET /user/:uid/keys' do
    before { admin }

    context 'when unauthenticated' do
      it 'should return authentication error' do
        get api("/users/#{user.id}/keys")
        response.status.should == 401
      end
    end

    context 'when authenticated' do
      it 'should return 404 for non-existing user' do
        get api('/users/999999/keys', admin)
        response.status.should == 404
      end

      it 'should return array of ssh keys' do
        user.keys << key
        user.save
        get api("/users/#{user.id}/keys", admin)
        response.status.should == 200
        json_response.should be_an Array
        json_response.first['title'].should == key.title
      end
    end
  end

  describe 'DELETE /user/:uid/keys/:id' do
    before { admin }

    context 'when unauthenticated' do
      it 'should return authentication error' do
        delete api("/users/#{user.id}/keys/42")
        response.status.should == 401
      end
    end

    context 'when authenticated' do
      it 'should delete existing key' do
        user.keys << key
        user.save
        expect {
          delete api("/users/#{user.id}/keys/#{key.id}", admin)
        }.to change { user.keys.count }.by(-1)
        response.status.should == 200
      end

      it 'should return 404 error if user not found' do
        user.keys << key
        user.save
        delete api("/users/999999/keys/#{key.id}", admin)
        response.status.should == 404
      end

      it 'should return 404 error if key not foud' do
        delete api("/users/#{user.id}/keys/42", admin)
        response.status.should == 404
      end
    end
  end

317 318 319 320 321 322 323 324 325 326
  describe "DELETE /users/:id" do
    before { admin }

    it "should delete user" do
      delete api("/users/#{user.id}", admin)
      response.status.should == 200
      expect { User.find(user.id) }.to raise_error ActiveRecord::RecordNotFound
      json_response['email'].should == user.email
    end

327 328 329 330 331
    it "should not delete for unauthenticated user" do
      delete api("/users/#{user.id}")
      response.status.should == 401
    end

332 333 334 335 336 337 338 339 340 341 342
    it "shouldn't available for non admin users" do
      delete api("/users/#{user.id}", user)
      response.status.should == 403
    end

    it "should return 404 for non-existing user" do
      delete api("/users/999999", admin)
      response.status.should == 404
    end
  end

Nihad Abbasov committed
343 344
  describe "GET /user" do
    it "should return current user" do
Robert Speicher committed
345
      get api("/user", user)
Nihad Abbasov committed
346
      response.status.should == 200
Nihad Abbasov committed
347
      json_response['email'].should == user.email
348 349 350
      json_response['is_admin'].should == user.is_admin?
      json_response['can_create_project'].should == user.can_create_project?
      json_response['can_create_group'].should == user.can_create_group?
Nihad Abbasov committed
351
    end
352 353 354 355 356

    it "should return 401 error if user is unauthenticated" do
      get api("/user")
      response.status.should == 401
    end
Nihad Abbasov committed
357
  end
358 359 360 361 362 363 364 365

  describe "GET /user/keys" do
    context "when unauthenticated" do
      it "should return authentication error" do
        get api("/user/keys")
        response.status.should == 401
      end
    end
Nihad Abbasov committed
366

367 368 369 370 371 372 373 374 375 376 377 378 379
    context "when authenticated" do
      it "should return array of ssh keys" do
        user.keys << key
        user.save
        get api("/user/keys", user)
        response.status.should == 200
        json_response.should be_an Array
        json_response.first["title"].should == key.title
      end
    end
  end

  describe "GET /user/keys/:id" do
Johannes Schleifenbaum committed
380
    it "should return single key" do
381 382 383 384 385 386
      user.keys << key
      user.save
      get api("/user/keys/#{key.id}", user)
      response.status.should == 200
      json_response["title"].should == key.title
    end
Nihad Abbasov committed
387

388 389 390 391 392
    it "should return 404 Not Found within invalid ID" do
      get api("/user/keys/42", user)
      response.status.should == 404
    end

393 394 395 396 397
    it "should return 404 error if admin accesses user's ssh key" do
      user.keys << key
      user.save
      admin
      get api("/user/keys/#{key.id}", admin)
398 399
      response.status.should == 404
    end
400
  end
Nihad Abbasov committed
401

402
  describe "POST /user/keys" do
403
    it "should create ssh key" do
404
      key_attrs = attributes_for :key
405 406 407
      expect {
        post api("/user/keys", user), key_attrs
      }.to change{ user.keys.count }.by(1)
408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423
      response.status.should == 201
    end

    it "should return a 401 error if unauthorized" do
      post api("/user/keys"), title: 'some title', key: 'some key'
      response.status.should == 401
    end

    it "should not create ssh key without key" do
      post api("/user/keys", user), title: 'title'
      response.status.should == 400
    end

    it "should not create ssh key without title" do
      post api("/user/keys", user), key: "somekey"
      response.status.should == 400
424 425 426 427 428 429 430 431 432 433
    end
  end

  describe "DELETE /user/keys/:id" do
    it "should delete existed key" do
      user.keys << key
      user.save
      expect {
        delete api("/user/keys/#{key.id}", user)
      }.to change{user.keys.count}.by(-1)
434
      response.status.should == 200
435
    end
Nihad Abbasov committed
436

Kevin Lyda committed
437
    it "should return success if key ID not found" do
438
      delete api("/user/keys/42", user)
439 440 441 442 443 444 445 446
      response.status.should == 200
    end

    it "should return 401 error if unauthorized" do
      user.keys << key
      user.save
      delete api("/user/keys/#{key.id}")
      response.status.should == 401
447 448
    end
  end
Nihad Abbasov committed
449
end