BigW Consortium Gitlab

api_helpers_spec.rb 5.33 KB
Newer Older
1 2
require 'spec_helper'

3
describe API, api: true do
4
  include API::Helpers
5 6 7 8 9 10 11 12 13 14 15
  include ApiHelpers
  let(:user) { create(:user) }
  let(:admin) { create(:admin) }
  let(:key) { create(:key, user: user) }

  let(:params) { {} }
  let(:env) { {} }

  def set_env(token_usr, identifier)
    clear_env
    clear_param
16 17
    env[API::Helpers::PRIVATE_TOKEN_HEADER] = token_usr.private_token
    env[API::Helpers::SUDO_HEADER] = identifier
18 19 20 21 22
  end

  def set_param(token_usr, identifier)
    clear_env
    clear_param
23 24
    params[API::Helpers::PRIVATE_TOKEN_PARAM] = token_usr.private_token
    params[API::Helpers::SUDO_PARAM] = identifier
25 26 27
  end

  def clear_env
28 29
    env.delete(API::Helpers::PRIVATE_TOKEN_HEADER)
    env.delete(API::Helpers::SUDO_HEADER)
30 31 32
  end

  def clear_param
33 34
    params.delete(API::Helpers::PRIVATE_TOKEN_PARAM)
    params.delete(API::Helpers::SUDO_PARAM)
35 36 37 38 39 40 41
  end

  def error!(message, status)
    raise Exception
  end

  describe ".current_user" do
42
    it "should return nil for an invalid token" do
43
      env[API::Helpers::PRIVATE_TOKEN_HEADER] = 'invalid token'
44 45
      allow_any_instance_of(self.class).to receive(:doorkeeper_guard){ false }
      expect(current_user).to be_nil
46 47
    end

48
    it "should return nil for a user without access" do
49
      env[API::Helpers::PRIVATE_TOKEN_HEADER] = user.private_token
50
      allow(Gitlab::UserAccess).to receive(:allowed?).and_return(false)
51
      expect(current_user).to be_nil
52 53
    end

54
    it "should leave user as is when sudo not specified" do
55
      env[API::Helpers::PRIVATE_TOKEN_HEADER] = user.private_token
56
      expect(current_user).to eq(user)
57
      clear_env
58
      params[API::Helpers::PRIVATE_TOKEN_PARAM] = user.private_token
59
      expect(current_user).to eq(user)
60 61 62 63
    end

    it "should change current user to sudo when admin" do
      set_env(admin, user.id)
64
      expect(current_user).to eq(user)
65
      set_param(admin, user.id)
66
      expect(current_user).to eq(user)
67
      set_env(admin, user.username)
68
      expect(current_user).to eq(user)
69
      set_param(admin, user.username)
70
      expect(current_user).to eq(user)
71 72 73 74
    end

    it "should throw an error when the current user is not an admin and attempting to sudo" do
      set_env(user, admin.id)
75
      expect { current_user }.to raise_error(Exception)
76
      set_param(user, admin.id)
77
      expect { current_user }.to raise_error(Exception)
78
      set_env(user, admin.username)
79
      expect { current_user }.to raise_error(Exception)
80
      set_param(user, admin.username)
81
      expect { current_user }.to raise_error(Exception)
82
    end
83

84 85
    it "should throw an error when the user cannot be found for a given id" do
      id = user.id + admin.id
86 87
      expect(user.id).not_to eq(id)
      expect(admin.id).not_to eq(id)
88
      set_env(admin, id)
89
      expect { current_user }.to raise_error(Exception)
90 91

      set_param(admin, id)
92
      expect { current_user }.to raise_error(Exception)
93
    end
94

95 96
    it "should throw an error when the user cannot be found for a given username" do
      username = "#{user.username}#{admin.username}"
97 98
      expect(user.username).not_to eq(username)
      expect(admin.username).not_to eq(username)
99
      set_env(admin, username)
100
      expect { current_user }.to raise_error(Exception)
101 102

      set_param(admin, username)
103
      expect { current_user }.to raise_error(Exception)
104
    end
105

106 107
    it "should handle sudo's to oneself" do
      set_env(admin, admin.id)
108
      expect(current_user).to eq(admin)
109
      set_param(admin, admin.id)
110
      expect(current_user).to eq(admin)
111
      set_env(admin, admin.username)
112
      expect(current_user).to eq(admin)
113
      set_param(admin, admin.username)
114
      expect(current_user).to eq(admin)
115 116 117 118
    end

    it "should handle multiple sudo's to oneself" do
      set_env(admin, user.id)
119 120
      expect(current_user).to eq(user)
      expect(current_user).to eq(user)
121
      set_env(admin, user.username)
122 123
      expect(current_user).to eq(user)
      expect(current_user).to eq(user)
124 125

      set_param(admin, user.id)
126 127
      expect(current_user).to eq(user)
      expect(current_user).to eq(user)
128
      set_param(admin, user.username)
129 130
      expect(current_user).to eq(user)
      expect(current_user).to eq(user)
131
    end
132

133 134
    it "should handle multiple sudo's to oneself using string ids" do
      set_env(admin, user.id.to_s)
135 136
      expect(current_user).to eq(user)
      expect(current_user).to eq(user)
137 138

      set_param(admin, user.id.to_s)
139 140
      expect(current_user).to eq(user)
      expect(current_user).to eq(user)
141 142 143 144 145 146
    end
  end

  describe '.sudo_identifier' do
    it "should return integers when input is an int" do
      set_env(admin, '123')
147
      expect(sudo_identifier).to eq(123)
148
      set_env(admin, '0001234567890')
149
      expect(sudo_identifier).to eq(1234567890)
150 151

      set_param(admin, '123')
152
      expect(sudo_identifier).to eq(123)
153
      set_param(admin, '0001234567890')
154
      expect(sudo_identifier).to eq(1234567890)
155 156 157 158
    end

    it "should return string when input is an is not an int" do
      set_env(admin, '12.30')
159
      expect(sudo_identifier).to eq("12.30")
160
      set_env(admin, 'hello')
161
      expect(sudo_identifier).to eq('hello')
162
      set_env(admin, ' 123')
163
      expect(sudo_identifier).to eq(' 123')
164 165

      set_param(admin, '12.30')
166
      expect(sudo_identifier).to eq("12.30")
167
      set_param(admin, 'hello')
168
      expect(sudo_identifier).to eq('hello')
169
      set_param(admin, ' 123')
170
      expect(sudo_identifier).to eq(' 123')
171 172
    end
  end
173
end