BigW Consortium Gitlab

users_spec.rb 29.1 KB
Newer Older
Nihad Abbasov committed
1 2
require 'spec_helper'

3
describe API::API, api: true  do
4 5
  include ApiHelpers

6 7 8
  let(:user)  { create(:user) }
  let(:admin) { create(:admin) }
  let(:key)   { create(:key, user: user) }
9
  let(:email)   { create(:email, user: user) }
10
  let(:omniauth_user) { create(:omniauth_user) }
11 12
  let(:ldap_user) { create(:omniauth_user, provider: 'ldapmain') }
  let(:ldap_blocked_user) { create(:omniauth_user, provider: 'ldapmain', state: 'ldap_blocked') }
Nihad Abbasov committed
13 14

  describe "GET /users" do
15 16 17
    context "when unauthenticated" do
      it "should return authentication error" do
        get api("/users")
18
        expect(response).to have_http_status(401)
19
      end
Nihad Abbasov committed
20 21
    end

22
    context "when authenticated" do
23
      # These specs are written just in case API authentication is not required anymore
24 25 26 27 28 29 30 31
      context "when public level is restricted" do
        before do
          stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
          allow_any_instance_of(API::Helpers).to receive(:authenticate!).and_return(true)
        end

        it "renders 403" do
          get api("/users")
32
          expect(response).to have_http_status(403)
33 34 35 36
        end

        it "renders 404" do
          get api("/users/#{user.id}")
37
          expect(response).to have_http_status(404)
38 39 40
        end
      end

Nihad Abbasov committed
41
      it "should return an array of users" do
Robert Speicher committed
42
        get api("/users", user)
43
        expect(response).to have_http_status(200)
44
        expect(json_response).to be_an Array
Marin Jankovski committed
45
        username = user.username
46 47 48
        expect(json_response.detect do |user|
          user['username'] == username
        end['username']).to eq(username)
Nihad Abbasov committed
49
      end
50 51 52

      it "should return one user" do
        get api("/users?username=#{omniauth_user.username}", user)
53
        expect(response).to have_http_status(200)
54 55 56
        expect(json_response).to be_an Array
        expect(json_response.first['username']).to eq(omniauth_user.username)
      end
Nihad Abbasov committed
57
    end
58 59 60 61

    context "when admin" do
      it "should return an array of users" do
        get api("/users", admin)
62
        expect(response).to have_http_status(200)
63 64 65 66
        expect(json_response).to be_an Array
        expect(json_response.first.keys).to include 'email'
        expect(json_response.first.keys).to include 'identities'
        expect(json_response.first.keys).to include 'can_create_project'
67
        expect(json_response.first.keys).to include 'two_factor_enabled'
68 69
        expect(json_response.first.keys).to include 'last_sign_in_at'
        expect(json_response.first.keys).to include 'confirmed_at'
70 71
      end
    end
Nihad Abbasov committed
72 73 74 75
  end

  describe "GET /users/:id" do
    it "should return a user by id" do
Robert Speicher committed
76
      get api("/users/#{user.id}", user)
77
      expect(response).to have_http_status(200)
78
      expect(json_response['username']).to eq(user.username)
Nihad Abbasov committed
79 80
    end

81 82
    it "should return a 401 if unauthenticated" do
      get api("/users/9998")
83
      expect(response).to have_http_status(401)
84
    end
85

86 87
    it "should return a 404 error if user id not found" do
      get api("/users/9999", user)
88
      expect(response).to have_http_status(404)
89
      expect(json_response['message']).to eq('404 Not found')
90
    end
91 92 93

    it "should return a 404 if invalid ID" do
      get api("/users/1ASDF", user)
94
      expect(response).to have_http_status(404)
95
    end
96 97 98 99
  end

  describe "POST /users" do
    before{ admin }
100 101

    it "should create user" do
102
      expect do
103
        post api("/users", admin), attributes_for(:user, projects_limit: 3)
104
      end.to change { User.count }.by(1)
105 106
    end

107 108
    it "should create user with correct attributes" do
      post api('/users', admin), attributes_for(:user, admin: true, can_create_group: true)
109
      expect(response).to have_http_status(201)
110 111
      user_id = json_response['id']
      new_user = User.find(user_id)
112 113 114
      expect(new_user).not_to eq(nil)
      expect(new_user.admin).to eq(true)
      expect(new_user.can_create_group).to eq(true)
115 116
    end

117 118
    it "should create non-admin user" do
      post api('/users', admin), attributes_for(:user, admin: false, can_create_group: false)
119
      expect(response).to have_http_status(201)
120 121
      user_id = json_response['id']
      new_user = User.find(user_id)
122 123 124
      expect(new_user).not_to eq(nil)
      expect(new_user.admin).to eq(false)
      expect(new_user.can_create_group).to eq(false)
125 126 127 128
    end

    it "should create non-admin users by default" do
      post api('/users', admin), attributes_for(:user)
129
      expect(response).to have_http_status(201)
130 131
      user_id = json_response['id']
      new_user = User.find(user_id)
132 133
      expect(new_user).not_to eq(nil)
      expect(new_user.admin).to eq(false)
134 135
    end

136 137
    it "should return 201 Created on success" do
      post api("/users", admin), attributes_for(:user, projects_limit: 3)
138
      expect(response).to have_http_status(201)
139 140
    end

Zeger-Jan van de Weg committed
141 142
    it 'creates non-external users by default' do
      post api("/users", admin), attributes_for(:user)
143
      expect(response).to have_http_status(201)
Zeger-Jan van de Weg committed
144 145 146 147 148 149 150 151 152

      user_id = json_response['id']
      new_user = User.find(user_id)
      expect(new_user).not_to eq nil
      expect(new_user.external).to be_falsy
    end

    it 'should allow an external user to be created' do
      post api("/users", admin), attributes_for(:user, external: true)
153
      expect(response).to have_http_status(201)
Zeger-Jan van de Weg committed
154 155 156 157 158 159 160

      user_id = json_response['id']
      new_user = User.find(user_id)
      expect(new_user).not_to eq nil
      expect(new_user.external).to be_truthy
    end

161
    it "should not create user with invalid email" do
162
      post api('/users', admin),
163 164 165
        email: 'invalid email',
        password: 'password',
        name: 'test'
166
      expect(response).to have_http_status(400)
167 168
    end

169
    it 'should return 400 error if name not given' do
170
      post api('/users', admin), attributes_for(:user).except(:name)
171
      expect(response).to have_http_status(400)
172 173 174
    end

    it 'should return 400 error if password not given' do
175
      post api('/users', admin), attributes_for(:user).except(:password)
176
      expect(response).to have_http_status(400)
177 178
    end

179 180
    it 'should return 400 error if email not given' do
      post api('/users', admin), attributes_for(:user).except(:email)
181
      expect(response).to have_http_status(400)
182 183 184 185
    end

    it 'should return 400 error if username not given' do
      post api('/users', admin), attributes_for(:user).except(:username)
186
      expect(response).to have_http_status(400)
187 188 189 190
    end

    it 'should return 400 error if user does not validate' do
      post api('/users', admin),
191 192 193 194 195 196
        password: 'pass',
        email: 'test@example.com',
        username: 'test!',
        name: 'test',
        bio: 'g' * 256,
        projects_limit: -1
197
      expect(response).to have_http_status(400)
198
      expect(json_response['message']['password']).
199
        to eq(['is too short (minimum is 8 characters)'])
200
      expect(json_response['message']['bio']).
201
        to eq(['is too long (maximum is 255 characters)'])
202
      expect(json_response['message']['projects_limit']).
203
        to eq(['must be greater than or equal to 0'])
204
      expect(json_response['message']['username']).
205
        to eq([Gitlab::Regex.namespace_regex_message])
206 207
    end

208
    it "shouldn't available for non admin users" do
209
      post api("/users", user), attributes_for(:user)
210
      expect(response).to have_http_status(403)
211
    end
212

213 214 215
    context 'with existing user' do
      before do
        post api('/users', admin),
216 217 218 219
          email: 'test@example.com',
          password: 'password',
          username: 'test',
          name: 'foo'
220
      end
221

222
      it 'should return 409 conflict error if user with same email exists' do
223
        expect do
224
          post api('/users', admin),
225 226 227 228 229
            name: 'foo',
            email: 'test@example.com',
            password: 'password',
            username: 'foo'
        end.to change { User.count }.by(0)
230
        expect(response).to have_http_status(409)
231
        expect(json_response['message']).to eq('Email has already been taken')
232 233
      end

234 235 236
      it 'should return 409 conflict error if same username exists' do
        expect do
          post api('/users', admin),
237 238 239 240
            name: 'foo',
            email: 'foo@example.com',
            password: 'password',
            username: 'test'
241
        end.to change { User.count }.by(0)
242
        expect(response).to have_http_status(409)
243
        expect(json_response['message']).to eq('Username has already been taken')
244 245
      end
    end
246 247
  end

Marin Jankovski committed
248
  describe "GET /users/sign_up" do
249 250
    it "should redirect to sign in page" do
      get "/users/sign_up"
251
      expect(response).to have_http_status(302)
252
      expect(response).to redirect_to(new_user_session_path)
Marin Jankovski committed
253 254 255
    end
  end

256
  describe "PUT /users/:id" do
257 258
    let!(:admin_user) { create(:admin) }

259 260
    before { admin }

261
    it "should update user with new bio" do
262
      put api("/users/#{user.id}", admin), { bio: 'new test bio' }
263
      expect(response).to have_http_status(200)
264 265
      expect(json_response['bio']).to eq('new test bio')
      expect(user.reload.bio).to eq('new test bio')
266 267
    end

268 269
    it 'should update user with his own email' do
      put api("/users/#{user.id}", admin), email: user.email
270
      expect(response).to have_http_status(200)
271 272
      expect(json_response['email']).to eq(user.email)
      expect(user.reload.email).to eq(user.email)
273 274 275 276
    end

    it 'should update user with his own username' do
      put api("/users/#{user.id}", admin), username: user.username
277
      expect(response).to have_http_status(200)
278 279
      expect(json_response['username']).to eq(user.username)
      expect(user.reload.username).to eq(user.username)
280 281
    end

282 283
    it "should update user's existing identity" do
      put api("/users/#{omniauth_user.id}", admin), provider: 'ldapmain', extern_uid: '654321'
284
      expect(response).to have_http_status(200)
285 286 287 288 289
      expect(omniauth_user.reload.identities.first.extern_uid).to eq('654321')
    end

    it 'should update user with new identity' do
      put api("/users/#{user.id}", admin), provider: 'github', extern_uid: '67890'
290
      expect(response).to have_http_status(200)
291 292 293 294
      expect(user.reload.identities.first.extern_uid).to eq('67890')
      expect(user.reload.identities.first.provider).to eq('github')
    end

295
    it "should update admin status" do
296
      put api("/users/#{user.id}", admin), { admin: true }
297
      expect(response).to have_http_status(200)
298 299
      expect(json_response['is_admin']).to eq(true)
      expect(user.reload.admin).to eq(true)
300 301
    end

302 303 304 305 306 307 308
    it "should update external status" do
      put api("/users/#{user.id}", admin), { external: true }
      expect(response.status).to eq 200
      expect(json_response['external']).to eq(true)
      expect(user.reload.external?).to be_truthy
    end

309
    it "should not update admin status" do
310
      put api("/users/#{admin_user.id}", admin), { can_create_group: false }
311
      expect(response).to have_http_status(200)
312 313 314
      expect(json_response['is_admin']).to eq(true)
      expect(admin_user.reload.admin).to eq(true)
      expect(admin_user.can_create_group).to eq(false)
315 316
    end

317
    it "should not allow invalid update" do
318
      put api("/users/#{user.id}", admin), { email: 'invalid email' }
319
      expect(response).to have_http_status(400)
320
      expect(user.reload.email).not_to eq('invalid email')
321 322 323 324
    end

    it "shouldn't available for non admin users" do
      put api("/users/#{user.id}", user), attributes_for(:user)
325
      expect(response).to have_http_status(403)
326 327 328
    end

    it "should return 404 for non-existing user" do
329
      put api("/users/999999", admin), { bio: 'update should fail' }
330
      expect(response).to have_http_status(404)
331
      expect(json_response['message']).to eq('404 Not found')
332 333
    end

334 335 336 337
    it "should raise error for invalid ID" do
      expect{put api("/users/ASDF", admin) }.to raise_error(ActionController::RoutingError)
    end

338 339
    it 'should return 400 error if user does not validate' do
      put api("/users/#{user.id}", admin),
340 341 342 343 344 345
        password: 'pass',
        email: 'test@example.com',
        username: 'test!',
        name: 'test',
        bio: 'g' * 256,
        projects_limit: -1
346
      expect(response).to have_http_status(400)
347
      expect(json_response['message']['password']).
348
        to eq(['is too short (minimum is 8 characters)'])
349
      expect(json_response['message']['bio']).
350
        to eq(['is too long (maximum is 255 characters)'])
351
      expect(json_response['message']['projects_limit']).
352
        to eq(['must be greater than or equal to 0'])
353
      expect(json_response['message']['username']).
354
        to eq([Gitlab::Regex.namespace_regex_message])
355
    end
356 357

    context "with existing user" do
358
      before do
359 360
        post api("/users", admin), { email: 'test@example.com', password: 'password', username: 'test', name: 'test' }
        post api("/users", admin), { email: 'foo@bar.com', password: 'password', username: 'john', name: 'john' }
361
        @user = User.all.last
362
      end
363

364 365
      it 'should return 409 conflict error if email address exists' do
        put api("/users/#{@user.id}", admin), email: 'test@example.com'
366
        expect(response).to have_http_status(409)
367
        expect(@user.reload.email).to eq(@user.email)
368 369 370 371 372
      end

      it 'should return 409 conflict error if username taken' do
        @user_id = User.all.last.id
        put api("/users/#{@user.id}", admin), username: 'test'
373
        expect(response).to have_http_status(409)
374
        expect(@user.reload.username).to eq(@user.username)
375
      end
376
    end
377 378
  end

Angus MacArthur committed
379 380 381 382 383
  describe "POST /users/:id/keys" do
    before { admin }

    it "should not create invalid ssh key" do
      post api("/users/#{user.id}/keys", admin), { title: "invalid key" }
384
      expect(response).to have_http_status(400)
385
      expect(json_response['message']).to eq('400 (Bad request) "key" not given')
386 387 388 389
    end

    it 'should not create key without title' do
      post api("/users/#{user.id}/keys", admin), key: 'some key'
390
      expect(response).to have_http_status(400)
391
      expect(json_response['message']).to eq('400 (Bad request) "title" not given')
Angus MacArthur committed
392 393 394 395
    end

    it "should create ssh key" do
      key_attrs = attributes_for :key
396
      expect do
Angus MacArthur committed
397
        post api("/users/#{user.id}/keys", admin), key_attrs
398
      end.to change{ user.keys.count }.by(1)
Angus MacArthur committed
399
    end
400

401 402
    it "should return 405 for invalid ID" do
      post api("/users/ASDF/keys", admin)
403
      expect(response).to have_http_status(405)
404
    end
Angus MacArthur committed
405 406
  end

407 408 409 410 411 412
  describe 'GET /user/:uid/keys' do
    before { admin }

    context 'when unauthenticated' do
      it 'should return authentication error' do
        get api("/users/#{user.id}/keys")
413
        expect(response).to have_http_status(401)
414 415 416 417 418 419
      end
    end

    context 'when authenticated' do
      it 'should return 404 for non-existing user' do
        get api('/users/999999/keys', admin)
420
        expect(response).to have_http_status(404)
421
        expect(json_response['message']).to eq('404 User Not Found')
422 423 424 425 426 427
      end

      it 'should return array of ssh keys' do
        user.keys << key
        user.save
        get api("/users/#{user.id}/keys", admin)
428
        expect(response).to have_http_status(200)
429 430
        expect(json_response).to be_an Array
        expect(json_response.first['title']).to eq(key.title)
431
      end
432

433
      it "should return 405 for invalid ID" do
434
        get api("/users/ASDF/keys", admin)
435
        expect(response).to have_http_status(405)
436
      end
437 438 439 440 441 442 443 444 445
    end
  end

  describe 'DELETE /user/:uid/keys/:id' do
    before { admin }

    context 'when unauthenticated' do
      it 'should return authentication error' do
        delete api("/users/#{user.id}/keys/42")
446
        expect(response).to have_http_status(401)
447 448 449 450 451 452 453
      end
    end

    context 'when authenticated' do
      it 'should delete existing key' do
        user.keys << key
        user.save
454
        expect do
455
          delete api("/users/#{user.id}/keys/#{key.id}", admin)
456
        end.to change { user.keys.count }.by(-1)
457
        expect(response).to have_http_status(200)
458 459 460 461 462 463
      end

      it 'should return 404 error if user not found' do
        user.keys << key
        user.save
        delete api("/users/999999/keys/#{key.id}", admin)
464
        expect(response).to have_http_status(404)
465
        expect(json_response['message']).to eq('404 User Not Found')
466 467 468 469
      end

      it 'should return 404 error if key not foud' do
        delete api("/users/#{user.id}/keys/42", admin)
470
        expect(response).to have_http_status(404)
471
        expect(json_response['message']).to eq('404 Key Not Found')
472 473 474 475
      end
    end
  end

476 477 478 479
  describe "POST /users/:id/emails" do
    before { admin }

    it "should not create invalid email" do
Douwe Maan committed
480
      post api("/users/#{user.id}/emails", admin), {}
481
      expect(response).to have_http_status(400)
482 483 484 485 486 487 488 489 490
      expect(json_response['message']).to eq('400 (Bad request) "email" not given')
    end

    it "should create email" do
      email_attrs = attributes_for :email
      expect do
        post api("/users/#{user.id}/emails", admin), email_attrs
      end.to change{ user.emails.count }.by(1)
    end
491 492

    it "should raise error for invalid ID" do
493
      post api("/users/ASDF/emails", admin)
494
      expect(response).to have_http_status(405)
495
    end
496 497 498 499 500 501 502 503
  end

  describe 'GET /user/:uid/emails' do
    before { admin }

    context 'when unauthenticated' do
      it 'should return authentication error' do
        get api("/users/#{user.id}/emails")
504
        expect(response).to have_http_status(401)
505 506 507 508 509 510
      end
    end

    context 'when authenticated' do
      it 'should return 404 for non-existing user' do
        get api('/users/999999/emails', admin)
511
        expect(response).to have_http_status(404)
512 513 514 515 516 517 518
        expect(json_response['message']).to eq('404 User Not Found')
      end

      it 'should return array of emails' do
        user.emails << email
        user.save
        get api("/users/#{user.id}/emails", admin)
519
        expect(response).to have_http_status(200)
520 521 522
        expect(json_response).to be_an Array
        expect(json_response.first['email']).to eq(email.email)
      end
523 524

      it "should raise error for invalid ID" do
525
        put api("/users/ASDF/emails", admin)
526
        expect(response).to have_http_status(405)
527
      end
528 529 530 531 532 533 534 535 536
    end
  end

  describe 'DELETE /user/:uid/emails/:id' do
    before { admin }

    context 'when unauthenticated' do
      it 'should return authentication error' do
        delete api("/users/#{user.id}/emails/42")
537
        expect(response).to have_http_status(401)
538 539 540 541 542 543 544 545 546 547
      end
    end

    context 'when authenticated' do
      it 'should delete existing email' do
        user.emails << email
        user.save
        expect do
          delete api("/users/#{user.id}/emails/#{email.id}", admin)
        end.to change { user.emails.count }.by(-1)
548
        expect(response).to have_http_status(200)
549 550 551 552 553 554
      end

      it 'should return 404 error if user not found' do
        user.emails << email
        user.save
        delete api("/users/999999/emails/#{email.id}", admin)
555
        expect(response).to have_http_status(404)
556 557 558 559 560
        expect(json_response['message']).to eq('404 User Not Found')
      end

      it 'should return 404 error if email not foud' do
        delete api("/users/#{user.id}/emails/42", admin)
561
        expect(response).to have_http_status(404)
562 563
        expect(json_response['message']).to eq('404 Email Not Found')
      end
564 565 566 567

      it "should raise error for invalid ID" do
        expect{delete api("/users/ASDF/emails/bar", admin) }.to raise_error(ActionController::RoutingError)
      end
568 569 570
    end
  end

571 572 573 574 575
  describe "DELETE /users/:id" do
    before { admin }

    it "should delete user" do
      delete api("/users/#{user.id}", admin)
576
      expect(response).to have_http_status(200)
577
      expect { User.find(user.id) }.to raise_error ActiveRecord::RecordNotFound
578
      expect(json_response['email']).to eq(user.email)
579 580
    end

581 582
    it "should not delete for unauthenticated user" do
      delete api("/users/#{user.id}")
583
      expect(response).to have_http_status(401)
584 585
    end

586 587
    it "shouldn't available for non admin users" do
      delete api("/users/#{user.id}", user)
588
      expect(response).to have_http_status(403)
589 590 591 592
    end

    it "should return 404 for non-existing user" do
      delete api("/users/999999", admin)
593
      expect(response).to have_http_status(404)
594
      expect(json_response['message']).to eq('404 User Not Found')
595
    end
596 597 598 599

    it "should raise error for invalid ID" do
      expect{delete api("/users/ASDF", admin) }.to raise_error(ActionController::RoutingError)
    end
600 601
  end

Nihad Abbasov committed
602 603
  describe "GET /user" do
    it "should return current user" do
Robert Speicher committed
604
      get api("/user", user)
605
      expect(response).to have_http_status(200)
606 607 608 609 610
      expect(json_response['email']).to eq(user.email)
      expect(json_response['is_admin']).to eq(user.is_admin?)
      expect(json_response['can_create_project']).to eq(user.can_create_project?)
      expect(json_response['can_create_group']).to eq(user.can_create_group?)
      expect(json_response['projects_limit']).to eq(user.projects_limit)
Nihad Abbasov committed
611
    end
612 613 614

    it "should return 401 error if user is unauthenticated" do
      get api("/user")
615
      expect(response).to have_http_status(401)
616
    end
Nihad Abbasov committed
617
  end
618 619 620 621 622

  describe "GET /user/keys" do
    context "when unauthenticated" do
      it "should return authentication error" do
        get api("/user/keys")
623
        expect(response).to have_http_status(401)
624 625
      end
    end
Nihad Abbasov committed
626

627 628 629 630 631
    context "when authenticated" do
      it "should return array of ssh keys" do
        user.keys << key
        user.save
        get api("/user/keys", user)
632
        expect(response).to have_http_status(200)
633 634
        expect(json_response).to be_an Array
        expect(json_response.first["title"]).to eq(key.title)
635 636 637 638 639
      end
    end
  end

  describe "GET /user/keys/:id" do
Johannes Schleifenbaum committed
640
    it "should return single key" do
641 642 643
      user.keys << key
      user.save
      get api("/user/keys/#{key.id}", user)
644
      expect(response).to have_http_status(200)
645
      expect(json_response["title"]).to eq(key.title)
646
    end
Nihad Abbasov committed
647

648 649
    it "should return 404 Not Found within invalid ID" do
      get api("/user/keys/42", user)
650
      expect(response).to have_http_status(404)
651
      expect(json_response['message']).to eq('404 Not found')
652 653
    end

654 655 656 657 658
    it "should return 404 error if admin accesses user's ssh key" do
      user.keys << key
      user.save
      admin
      get api("/user/keys/#{key.id}", admin)
659
      expect(response).to have_http_status(404)
660
      expect(json_response['message']).to eq('404 Not found')
661
    end
662 663 664

    it "should return 404 for invalid ID" do
      get api("/users/keys/ASDF", admin)
665
      expect(response).to have_http_status(404)
666
    end
667
  end
Nihad Abbasov committed
668

669
  describe "POST /user/keys" do
670
    it "should create ssh key" do
671
      key_attrs = attributes_for :key
672
      expect do
673
        post api("/user/keys", user), key_attrs
674
      end.to change{ user.keys.count }.by(1)
675
      expect(response).to have_http_status(201)
676 677 678 679
    end

    it "should return a 401 error if unauthorized" do
      post api("/user/keys"), title: 'some title', key: 'some key'
680
      expect(response).to have_http_status(401)
681 682 683 684
    end

    it "should not create ssh key without key" do
      post api("/user/keys", user), title: 'title'
685
      expect(response).to have_http_status(400)
686
      expect(json_response['message']).to eq('400 (Bad request) "key" not given')
687 688 689 690
    end

    it 'should not create ssh key without title' do
      post api('/user/keys', user), key: 'some key'
691
      expect(response).to have_http_status(400)
692
      expect(json_response['message']).to eq('400 (Bad request) "title" not given')
693 694 695 696
    end

    it "should not create ssh key without title" do
      post api("/user/keys", user), key: "somekey"
697
      expect(response).to have_http_status(400)
698 699 700 701 702 703 704
    end
  end

  describe "DELETE /user/keys/:id" do
    it "should delete existed key" do
      user.keys << key
      user.save
705
      expect do
706
        delete api("/user/keys/#{key.id}", user)
707
      end.to change{user.keys.count}.by(-1)
708
      expect(response).to have_http_status(200)
709
    end
Nihad Abbasov committed
710

Kevin Lyda committed
711
    it "should return success if key ID not found" do
712
      delete api("/user/keys/42", user)
713
      expect(response).to have_http_status(200)
714 715 716 717 718 719
    end

    it "should return 401 error if unauthorized" do
      user.keys << key
      user.save
      delete api("/user/keys/#{key.id}")
720
      expect(response).to have_http_status(401)
721
    end
722 723 724 725

    it "should raise error for invalid ID" do
      expect{delete api("/users/keys/ASDF", admin) }.to raise_error(ActionController::RoutingError)
    end
726
  end
727

728 729 730 731
  describe "GET /user/emails" do
    context "when unauthenticated" do
      it "should return authentication error" do
        get api("/user/emails")
732
        expect(response).to have_http_status(401)
733 734 735 736 737 738 739 740
      end
    end

    context "when authenticated" do
      it "should return array of emails" do
        user.emails << email
        user.save
        get api("/user/emails", user)
741
        expect(response).to have_http_status(200)
742 743 744 745 746 747 748 749 750 751 752
        expect(json_response).to be_an Array
        expect(json_response.first["email"]).to eq(email.email)
      end
    end
  end

  describe "GET /user/emails/:id" do
    it "should return single email" do
      user.emails << email
      user.save
      get api("/user/emails/#{email.id}", user)
753
      expect(response).to have_http_status(200)
754 755 756 757 758
      expect(json_response["email"]).to eq(email.email)
    end

    it "should return 404 Not Found within invalid ID" do
      get api("/user/emails/42", user)
759
      expect(response).to have_http_status(404)
760 761 762 763 764 765 766 767
      expect(json_response['message']).to eq('404 Not found')
    end

    it "should return 404 error if admin accesses user's email" do
      user.emails << email
      user.save
      admin
      get api("/user/emails/#{email.id}", admin)
768
      expect(response).to have_http_status(404)
769 770
      expect(json_response['message']).to eq('404 Not found')
    end
771 772 773

    it "should return 404 for invalid ID" do
      get api("/users/emails/ASDF", admin)
774
      expect(response).to have_http_status(404)
775
    end
776 777 778 779 780 781 782 783
  end

  describe "POST /user/emails" do
    it "should create email" do
      email_attrs = attributes_for :email
      expect do
        post api("/user/emails", user), email_attrs
      end.to change{ user.emails.count }.by(1)
784
      expect(response).to have_http_status(201)
785 786 787 788
    end

    it "should return a 401 error if unauthorized" do
      post api("/user/emails"), email: 'some email'
789
      expect(response).to have_http_status(401)
790 791 792 793
    end

    it "should not create email with invalid email" do
      post api("/user/emails", user), {}
794
      expect(response).to have_http_status(400)
795 796 797 798 799 800 801 802 803 804 805
      expect(json_response['message']).to eq('400 (Bad request) "email" not given')
    end
  end

  describe "DELETE /user/emails/:id" do
    it "should delete existed email" do
      user.emails << email
      user.save
      expect do
        delete api("/user/emails/#{email.id}", user)
      end.to change{user.emails.count}.by(-1)
806
      expect(response).to have_http_status(200)
807 808 809 810
    end

    it "should return success if email ID not found" do
      delete api("/user/emails/42", user)
811
      expect(response).to have_http_status(200)
812 813 814 815 816 817
    end

    it "should return 401 error if unauthorized" do
      user.emails << email
      user.save
      delete api("/user/emails/#{email.id}")
818
      expect(response).to have_http_status(401)
819
    end
820 821 822 823

    it "should raise error for invalid ID" do
      expect{delete api("/users/emails/ASDF", admin) }.to raise_error(ActionController::RoutingError)
    end
824 825
  end

826 827 828 829
  describe 'PUT /user/:id/block' do
    before { admin }
    it 'should block existing user' do
      put api("/users/#{user.id}/block", admin)
830
      expect(response).to have_http_status(200)
831 832 833
      expect(user.reload.state).to eq('blocked')
    end

834 835
    it 'should not re-block ldap blocked users' do
      put api("/users/#{ldap_blocked_user.id}/block", admin)
836
      expect(response).to have_http_status(403)
837 838 839
      expect(ldap_blocked_user.reload.state).to eq('ldap_blocked')
    end

840 841
    it 'should not be available for non admin users' do
      put api("/users/#{user.id}/block", user)
842
      expect(response).to have_http_status(403)
843 844 845 846 847
      expect(user.reload.state).to eq('active')
    end

    it 'should return a 404 error if user id not found' do
      put api('/users/9999/block', admin)
848
      expect(response).to have_http_status(404)
849 850 851 852 853
      expect(json_response['message']).to eq('404 User Not Found')
    end
  end

  describe 'PUT /user/:id/unblock' do
854
    let(:blocked_user)  { create(:user, state: 'blocked') }
855
    before { admin }
856

857 858
    it 'should unblock existing user' do
      put api("/users/#{user.id}/unblock", admin)
859
      expect(response).to have_http_status(200)
860 861 862 863
      expect(user.reload.state).to eq('active')
    end

    it 'should unblock a blocked user' do
864
      put api("/users/#{blocked_user.id}/unblock", admin)
865
      expect(response).to have_http_status(200)
866 867 868 869 870
      expect(blocked_user.reload.state).to eq('active')
    end

    it 'should not unblock ldap blocked users' do
      put api("/users/#{ldap_blocked_user.id}/unblock", admin)
871
      expect(response).to have_http_status(403)
872
      expect(ldap_blocked_user.reload.state).to eq('ldap_blocked')
873 874 875 876
    end

    it 'should not be available for non admin users' do
      put api("/users/#{user.id}/unblock", user)
877
      expect(response).to have_http_status(403)
878 879 880 881 882
      expect(user.reload.state).to eq('active')
    end

    it 'should return a 404 error if user id not found' do
      put api('/users/9999/block', admin)
883
      expect(response).to have_http_status(404)
884 885
      expect(json_response['message']).to eq('404 User Not Found')
    end
886 887 888 889

    it "should raise error for invalid ID" do
      expect{put api("/users/ASDF/block", admin) }.to raise_error(ActionController::RoutingError)
    end
890
  end
Nihad Abbasov committed
891
end