From 29b616d61d42154075e6351e6098982b6cbecbba Mon Sep 17 00:00:00 2001 From: Rolf Schmidt Date: Wed, 19 Sep 2018 15:54:49 +0200 Subject: [PATCH] Refactored all controller mini tests and migrated them to rspec request specs --- .gitlab-ci.yml | 12 +- spec/factories/email_address.rb | 4 +- spec/factories/ticket/time_accounting.rb | 10 + spec/requests/api_auth_on_behalf_of_spec.rb | 164 ++ spec/requests/api_auth_spec.rb | 383 +++ spec/requests/basic_spec.rb | 112 + spec/requests/calendar_spec.rb | 63 + spec/requests/form_spec.rb | 221 ++ spec/requests/integration/check_mk_spec.rb | 237 ++ spec/requests/integration/cti_spec.rb | 477 ++++ spec/requests/integration/sipgate_spec.rb | 445 ++++ spec/requests/o_auth_spec.rb | 31 + spec/requests/organization_spec.rb | 557 ++++ spec/requests/overview_spec.rb | 186 ++ spec/requests/package_spec.rb | 75 + spec/requests/report_spec.rb | 59 + spec/requests/search_spec.rb | 330 +++ spec/requests/settings_spec.rb | 227 ++ spec/requests/sla_spec.rb | 45 + spec/requests/taskbar_spec.rb | 82 + spec/requests/text_module_spec.rb | 104 + .../ticket/article_attachments_spec.rb | 113 + spec/requests/ticket/article_spec.rb | 475 ++++ spec/requests/ticket/escalation_spec.rb | 153 ++ spec/requests/ticket_spec.rb | 2082 +++++++++++++++ spec/requests/time_accounting_spec.rb | 36 + spec/requests/user/organization_spec.rb | 160 ++ spec/requests/user/permission_spec.rb | 676 +++++ spec/requests/user_spec.rb | 1607 +++++++----- spec/support/request.rb | 36 +- spec/support/searchindex_backend.rb | 56 + test/controllers/api_auth_controller_test.rb | 443 ---- .../api_auth_on_behalf_of_controller_test.rb | 231 -- test/controllers/basic_controller_test.rb | 121 - test/controllers/calendar_controller_test.rb | 90 - test/controllers/calendars_controller_test.rb | 90 - test/controllers/form_controller_test.rb | 244 -- .../integration_check_mk_controller_test.rb | 270 -- .../integration_cti_controller_test.rb | 508 ---- .../integration_sipgate_controller_test.rb | 469 ---- test/controllers/o_auth_controller_test.rb | 29 - .../organization_controller_test.rb | 590 ----- .../organizations_controller_test.rb | 638 ----- test/controllers/overviews_controller_test.rb | 221 -- test/controllers/packages_controller_test.rb | 131 - test/controllers/reports_controller_test.rb | 98 - test/controllers/search_controller_test.rb | 448 ---- test/controllers/settings_controller_test.rb | 302 --- test/controllers/sla_controller_test.rb | 70 - test/controllers/slas_controller_test.rb | 70 - test/controllers/taskbars_controller_test.rb | 112 - .../text_module_controller_test.rb | 160 -- .../text_modules_controller_test.rb | 160 -- ...ket_article_attachments_controller_test.rb | 200 -- .../ticket_articles_controller_test.rb | 559 ---- .../tickets_controller_escalation_test.rb | 190 -- test/controllers/tickets_controller_test.rb | 2306 ----------------- .../time_accounting_controller_test.rb | 88 - test/controllers/user_controller_test.rb | 1137 -------- .../user_organization_controller_test.rb | 773 ------ test/controllers/users_controller_test.rb | 1146 -------- .../users_organization_controller_test.rb | 773 ------ 62 files changed, 8566 insertions(+), 13319 deletions(-) create mode 100644 spec/factories/ticket/time_accounting.rb create mode 100644 spec/requests/api_auth_on_behalf_of_spec.rb create mode 100644 spec/requests/api_auth_spec.rb create mode 100644 spec/requests/basic_spec.rb create mode 100644 spec/requests/calendar_spec.rb create mode 100644 spec/requests/form_spec.rb create mode 100644 spec/requests/integration/check_mk_spec.rb create mode 100644 spec/requests/integration/cti_spec.rb create mode 100644 spec/requests/integration/sipgate_spec.rb create mode 100644 spec/requests/o_auth_spec.rb create mode 100644 spec/requests/organization_spec.rb create mode 100644 spec/requests/overview_spec.rb create mode 100644 spec/requests/package_spec.rb create mode 100644 spec/requests/report_spec.rb create mode 100644 spec/requests/search_spec.rb create mode 100644 spec/requests/settings_spec.rb create mode 100644 spec/requests/sla_spec.rb create mode 100644 spec/requests/taskbar_spec.rb create mode 100644 spec/requests/text_module_spec.rb create mode 100644 spec/requests/ticket/article_attachments_spec.rb create mode 100644 spec/requests/ticket/article_spec.rb create mode 100644 spec/requests/ticket/escalation_spec.rb create mode 100644 spec/requests/ticket_spec.rb create mode 100644 spec/requests/time_accounting_spec.rb create mode 100644 spec/requests/user/organization_spec.rb create mode 100644 spec/requests/user/permission_spec.rb create mode 100644 spec/support/searchindex_backend.rb delete mode 100644 test/controllers/api_auth_controller_test.rb delete mode 100644 test/controllers/api_auth_on_behalf_of_controller_test.rb delete mode 100644 test/controllers/basic_controller_test.rb delete mode 100644 test/controllers/calendar_controller_test.rb delete mode 100644 test/controllers/calendars_controller_test.rb delete mode 100644 test/controllers/form_controller_test.rb delete mode 100644 test/controllers/integration_check_mk_controller_test.rb delete mode 100644 test/controllers/integration_cti_controller_test.rb delete mode 100644 test/controllers/integration_sipgate_controller_test.rb delete mode 100644 test/controllers/o_auth_controller_test.rb delete mode 100644 test/controllers/organization_controller_test.rb delete mode 100644 test/controllers/organizations_controller_test.rb delete mode 100644 test/controllers/overviews_controller_test.rb delete mode 100644 test/controllers/packages_controller_test.rb delete mode 100644 test/controllers/reports_controller_test.rb delete mode 100644 test/controllers/search_controller_test.rb delete mode 100644 test/controllers/settings_controller_test.rb delete mode 100644 test/controllers/sla_controller_test.rb delete mode 100644 test/controllers/slas_controller_test.rb delete mode 100644 test/controllers/taskbars_controller_test.rb delete mode 100644 test/controllers/text_module_controller_test.rb delete mode 100644 test/controllers/text_modules_controller_test.rb delete mode 100644 test/controllers/ticket_article_attachments_controller_test.rb delete mode 100644 test/controllers/ticket_articles_controller_test.rb delete mode 100644 test/controllers/tickets_controller_escalation_test.rb delete mode 100644 test/controllers/tickets_controller_test.rb delete mode 100644 test/controllers/time_accounting_controller_test.rb delete mode 100644 test/controllers/user_controller_test.rb delete mode 100644 test/controllers/user_organization_controller_test.rb delete mode 100644 test/controllers/users_controller_test.rb delete mode 100644 test/controllers/users_organization_controller_test.rb diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 327025eb3..c38300881 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -78,7 +78,6 @@ test:unit:mysql: - rake db:migrate - rake db:seed - rake test:units - - rake test:controllers - ruby -I test/ test/integration/object_manager_test.rb - ruby -I test/ test/integration/object_manager_attributes_controller_test.rb - ruby -I test/ test/integration/package_test.rb @@ -96,7 +95,6 @@ test:unit:postgresql: - rake db:migrate - rake db:seed - rake test:units - - rake test:controllers - ruby -I test/ test/integration/object_manager_test.rb - ruby -I test/ test/integration/object_manager_attributes_controller_test.rb - ruby -I test/ test/integration/package_test.rb @@ -242,11 +240,8 @@ test:integration:es_mysql: - rake db:migrate - ruby -I test/ test/integration/elasticsearch_active_test.rb - ruby -I test/ test/integration/elasticsearch_test.rb - - ruby -I test/ test/controllers/search_controller_test.rb - ruby -I test/ test/integration/report_test.rb - - ruby -I test/ test/controllers/form_controller_test.rb - - ruby -I test/ test/controllers/users_controller_test.rb - - ruby -I test/ test/controllers/organizations_controller_test.rb + - bundle exec rspec --tag searchindex - rake db:drop test:integration:es_postgresql: @@ -262,11 +257,8 @@ test:integration:es_postgresql: - rake db:migrate - ruby -I test/ test/integration/elasticsearch_active_test.rb - ruby -I test/ test/integration/elasticsearch_test.rb - - ruby -I test/ test/controllers/search_controller_test.rb - ruby -I test/ test/integration/report_test.rb - - ruby -I test/ test/controllers/form_controller_test.rb - - ruby -I test/ test/controllers/users_controller_test.rb - - ruby -I test/ test/controllers/organizations_controller_test.rb + - bundle exec rspec --tag searchindex - rake db:drop test:integration:zendesk_mysql: diff --git a/spec/factories/email_address.rb b/spec/factories/email_address.rb index 951917a68..6173d8350 100644 --- a/spec/factories/email_address.rb +++ b/spec/factories/email_address.rb @@ -1,7 +1,7 @@ FactoryBot.define do factory :email_address do - email 'zammad@localhost' - realname 'zammad' + sequence(:email) { |n| "zammad#{n}@localhost.com" } + sequence(:realname) { |n| "zammad#{n}" } channel_id 1 created_by_id 1 updated_by_id 1 diff --git a/spec/factories/ticket/time_accounting.rb b/spec/factories/ticket/time_accounting.rb new file mode 100644 index 000000000..11a56ecb3 --- /dev/null +++ b/spec/factories/ticket/time_accounting.rb @@ -0,0 +1,10 @@ +FactoryBot.define do + factory :ticket_time_accounting, class: Ticket::TimeAccounting do + ticket_id { FactoryBot.create(:ticket).id } + ticket_article_id { FactoryBot.create(:ticket_article).id } + time_unit 200 + created_by_id 1 + created_at Time.zone.now + updated_at Time.zone.now + end +end diff --git a/spec/requests/api_auth_on_behalf_of_spec.rb b/spec/requests/api_auth_on_behalf_of_spec.rb new file mode 100644 index 000000000..97227678e --- /dev/null +++ b/spec/requests/api_auth_on_behalf_of_spec.rb @@ -0,0 +1,164 @@ +require 'rails_helper' + +RSpec.describe 'Api Auth On Behalf Of', type: :request do + + let(:admin_user) do + create(:admin_user, groups: Group.all) + end + let(:agent_user) do + create(:agent_user) + end + let(:customer_user) do + create(:customer_user) + end + + describe 'request handling' do + + it 'does X-On-Behalf-Of auth - ticket create admin for customer by id' do + params = { + title: 'a new ticket #3', + group: 'Users', + priority: '2 normal', + state: 'new', + customer_id: customer_user.id, + article: { + body: 'some test 123', + }, + } + authenticated_as(admin_user, on_behalf_of: customer_user.id) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(customer_user.id).to eq(json_response['created_by_id']) + end + + it 'does X-On-Behalf-Of auth - ticket create admin for customer by login' do + ActivityStream.cleanup(1.year) + + params = { + title: 'a new ticket #3', + group: 'Users', + priority: '2 normal', + state: 'new', + customer_id: customer_user.id, + article: { + body: 'some test 123', + }, + } + authenticated_as(admin_user, on_behalf_of: customer_user.login) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + json_response_ticket = json_response + expect(json_response_ticket).to be_a_kind_of(Hash) + expect(customer_user.id).to eq(json_response_ticket['created_by_id']) + + authenticated_as(admin_user) + get '/api/v1/activity_stream?full=true', params: {}, as: :json + expect(response).to have_http_status(200) + json_response_activity = json_response + expect(json_response_activity).to be_a_kind_of(Hash) + + ticket_created = nil + json_response_activity['record_ids'].each do |record_id| + activity_stream = ActivityStream.find(record_id) + next if activity_stream.object.name != 'Ticket' + next if activity_stream.o_id != json_response_ticket['id'].to_i + ticket_created = activity_stream + end + + expect(ticket_created).to be_truthy + expect(customer_user.id).to eq(ticket_created.created_by_id) + + get '/api/v1/activity_stream', params: {}, as: :json + expect(response).to have_http_status(200) + json_response_activity = json_response + expect(json_response_activity).to be_a_kind_of(Array) + + ticket_created = nil + json_response_activity.each do |record| + activity_stream = ActivityStream.find(record['id']) + next if activity_stream.object.name != 'Ticket' + next if activity_stream.o_id != json_response_ticket['id'] + ticket_created = activity_stream + end + + expect(ticket_created).to be_truthy + expect(customer_user.id).to eq(ticket_created.created_by_id) + end + + it 'does X-On-Behalf-Of auth - ticket create admin for customer by email' do + params = { + title: 'a new ticket #3', + group: 'Users', + priority: '2 normal', + state: 'new', + customer_id: customer_user.id, + article: { + body: 'some test 123', + }, + } + authenticated_as(admin_user, on_behalf_of: customer_user.email) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(customer_user.id).to eq(json_response['created_by_id']) + end + + it 'does X-On-Behalf-Of auth - ticket create admin for unknown' do + params = { + title: 'a new ticket #3', + group: 'Users', + priority: '2 normal', + state: 'new', + customer_id: customer_user.id, + article: { + body: 'some test 123', + }, + } + authenticated_as(admin_user, on_behalf_of: 99_449_494_949) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(401) + expect(@response.header.key?('Access-Control-Allow-Origin')).to be_falsey + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq("No such user '99449494949'") + end + + it 'does X-On-Behalf-Of auth - ticket create customer for admin' do + params = { + title: 'a new ticket #3', + group: 'Users', + priority: '2 normal', + state: 'new', + customer_id: customer_user.id, + article: { + body: 'some test 123', + }, + } + authenticated_as(customer_user, on_behalf_of: admin_user.email) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(401) + expect(@response.header.key?('Access-Control-Allow-Origin')).to be_falsey + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq("Current user has no permission to use 'X-On-Behalf-Of'!") + end + + it 'does X-On-Behalf-Of auth - ticket create admin for customer by email but no permitted action' do + params = { + title: 'a new ticket #3', + group: 'secret1234', + priority: '2 normal', + state: 'new', + customer_id: customer_user.id, + article: { + body: 'some test 123', + }, + } + authenticated_as(admin_user, on_behalf_of: customer_user.email) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(422) + expect(@response.header.key?('Access-Control-Allow-Origin')).to be_falsey + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('No lookup value found for \'group\': "secret1234"') + end + end +end diff --git a/spec/requests/api_auth_spec.rb b/spec/requests/api_auth_spec.rb new file mode 100644 index 000000000..61a495108 --- /dev/null +++ b/spec/requests/api_auth_spec.rb @@ -0,0 +1,383 @@ +require 'rails_helper' + +RSpec.describe 'Api Auth', type: :request do + + let(:admin_user) do + create(:admin_user) + end + let(:agent_user) do + create(:agent_user) + end + let(:customer_user) do + create(:customer_user) + end + + describe 'request handling' do + + it 'does basic auth - admin' do + + Setting.set('api_password_access', false) + authenticated_as(admin_user) + get '/api/v1/sessions', params: {}, as: :json + expect(response).to have_http_status(401) + expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('API password access disabled!') + + Setting.set('api_password_access', true) + get '/api/v1/sessions', params: {}, as: :json + expect(response).to have_http_status(200) + expect(response.header['Access-Control-Allow-Origin']).to eq('*') + expect(json_response).to be_a_kind_of(Hash) + expect(json_response).to be_truthy + end + + it 'does basic auth - agent' do + + Setting.set('api_password_access', false) + authenticated_as(agent_user) + get '/api/v1/tickets', params: {}, as: :json + expect(response).to have_http_status(401) + expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('API password access disabled!') + + Setting.set('api_password_access', true) + get '/api/v1/tickets', params: {}, as: :json + expect(response).to have_http_status(200) + expect(response.header['Access-Control-Allow-Origin']).to eq('*') + expect(json_response).to be_a_kind_of(Array) + expect(json_response).to be_truthy + end + + it 'does basic auth - customer' do + + Setting.set('api_password_access', false) + authenticated_as(customer_user) + get '/api/v1/tickets', params: {}, as: :json + expect(response).to have_http_status(401) + expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('API password access disabled!') + + Setting.set('api_password_access', true) + get '/api/v1/tickets', params: {}, as: :json + expect(response).to have_http_status(200) + expect(response.header['Access-Control-Allow-Origin']).to eq('*') + expect(json_response).to be_a_kind_of(Array) + expect(json_response).to be_truthy + end + + it 'does token auth - admin' do + + admin_token = create( + :token, + action: 'api', + persistent: true, + user_id: admin_user.id, + preferences: { + permission: ['admin.session'], + }, + ) + + authenticated_as(admin_user, token: admin_token) + + Setting.set('api_token_access', false) + get '/api/v1/sessions', params: {}, as: :json + expect(response).to have_http_status(401) + expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('API token access disabled!') + + Setting.set('api_token_access', true) + get '/api/v1/sessions', params: {}, as: :json + expect(response).to have_http_status(200) + expect(response.header['Access-Control-Allow-Origin']).to eq('*') + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response).to be_truthy + + admin_token.preferences[:permission] = ['admin.session_not_existing'] + admin_token.save! + + get '/api/v1/sessions', params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Not authorized (token)!') + + admin_token.preferences[:permission] = [] + admin_token.save! + + get '/api/v1/sessions', params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Not authorized (token)!') + + admin_user.active = false + admin_user.save! + + get '/api/v1/sessions', params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('User is inactive!') + + admin_token.preferences[:permission] = ['admin.session'] + admin_token.save! + + get '/api/v1/sessions', params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('User is inactive!') + + admin_user.active = true + admin_user.save! + + get '/api/v1/sessions', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response).to be_truthy + + get '/api/v1/roles', params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Not authorized (token)!') + + admin_token.preferences[:permission] = ['admin.session_not_existing', 'admin.role'] + admin_token.save! + + get '/api/v1/roles', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response).to be_truthy + + admin_token.preferences[:permission] = ['ticket.agent'] + admin_token.save! + + get '/api/v1/organizations', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response).to be_truthy + + name = "some org name #{rand(999_999_999)}" + post '/api/v1/organizations', params: { name: name }, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['name']).to eq(name) + expect(json_response).to be_truthy + + name = "some org name #{rand(999_999_999)} - 2" + put "/api/v1/organizations/#{json_response['id']}", params: { name: name }, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['name']).to eq(name) + expect(json_response).to be_truthy + + admin_token.preferences[:permission] = ['admin.organization'] + admin_token.save! + + get '/api/v1/organizations', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response).to be_truthy + + name = "some org name #{rand(999_999_999)}" + post '/api/v1/organizations', params: { name: name }, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['name']).to eq(name) + expect(json_response).to be_truthy + + name = "some org name #{rand(999_999_999)} - 2" + put "/api/v1/organizations/#{json_response['id']}", params: { name: name }, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['name']).to eq(name) + expect(json_response).to be_truthy + + admin_token.preferences[:permission] = ['admin'] + admin_token.save! + + get '/api/v1/organizations', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response).to be_truthy + + name = "some org name #{rand(999_999_999)}" + post '/api/v1/organizations', params: { name: name }, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['name']).to eq(name) + expect(json_response).to be_truthy + + name = "some org name #{rand(999_999_999)} - 2" + put "/api/v1/organizations/#{json_response['id']}", params: { name: name }, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['name']).to eq(name) + expect(json_response).to be_truthy + + end + + it 'does token auth - agent' do + + agent_token = create( + :token, + action: 'api', + persistent: true, + user_id: agent_user.id, + ) + + authenticated_as(agent_user, token: agent_token) + + Setting.set('api_token_access', false) + get '/api/v1/tickets', params: {}, as: :json + expect(response).to have_http_status(401) + expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('API token access disabled!') + + Setting.set('api_token_access', true) + get '/api/v1/tickets', params: {}, as: :json + expect(response).to have_http_status(200) + expect(response.header['Access-Control-Allow-Origin']).to eq('*') + expect(json_response).to be_a_kind_of(Array) + expect(json_response).to be_truthy + + get '/api/v1/organizations', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response).to be_truthy + + name = "some org name #{rand(999_999_999)}" + post '/api/v1/organizations', params: { name: name }, as: :json + expect(response).to have_http_status(401) + + end + + it 'does token auth - customer' do + + customer_token = create( + :token, + action: 'api', + persistent: true, + user_id: customer_user.id, + ) + + authenticated_as(customer_user, token: customer_token) + + Setting.set('api_token_access', false) + get '/api/v1/tickets', params: {}, as: :json + expect(response).to have_http_status(401) + expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('API token access disabled!') + + Setting.set('api_token_access', true) + get '/api/v1/tickets', params: {}, as: :json + expect(response.header['Access-Control-Allow-Origin']).to eq('*') + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response).to be_truthy + + get '/api/v1/organizations', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response).to be_truthy + + name = "some org name #{rand(999_999_999)}" + post '/api/v1/organizations', params: { name: name }, as: :json + expect(response).to have_http_status(401) + end + + it 'does token auth - invalid user - admin' do + + admin_token = create( + :token, + action: 'api', + persistent: true, + user_id: admin_user.id, + ) + + authenticated_as(admin_user, token: admin_token) + + admin_user.active = false + admin_user.save! + + Setting.set('api_token_access', false) + get '/api/v1/sessions', params: {}, as: :json + expect(response).to have_http_status(401) + expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('API token access disabled!') + + Setting.set('api_token_access', true) + get '/api/v1/sessions', params: {}, as: :json + expect(response).to have_http_status(401) + expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('User is inactive!') + end + + it 'does token auth - expired' do + + Setting.set('api_token_access', true) + + admin_token = create( + :token, + action: 'api', + persistent: true, + user_id: admin_user.id, + expires_at: Time.zone.today + ) + + authenticated_as(admin_user, token: admin_token) + + get '/api/v1/tickets', params: {}, as: :json + expect(response).to have_http_status(401) + expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Not authorized (token expired)!') + + admin_token.reload + expect(admin_token.last_used_at).to be_within(1.second).of(Time.zone.now) + end + + it 'does token auth - not expired' do + + Setting.set('api_token_access', true) + + admin_token = create( + :token, + action: 'api', + persistent: true, + user_id: admin_user.id, + expires_at: Time.zone.tomorrow + ) + + authenticated_as(admin_user, token: admin_token) + + get '/api/v1/tickets', params: {}, as: :json + expect(response).to have_http_status(200) + expect(response.header['Access-Control-Allow-Origin']).to eq('*') + expect(json_response).to be_a_kind_of(Array) + expect(json_response).to be_truthy + + admin_token.reload + expect(admin_token.last_used_at).to be_within(1.second).of(Time.zone.now) + end + + it 'does session auth - admin' do + create(:admin_user, login: 'api-admin@example.com', password: 'adminpw') + + post '/api/v1/signin', params: { username: 'api-admin@example.com', password: 'adminpw', fingerprint: '123456789' } + expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey + expect(response).to have_http_status(201) + + get '/api/v1/sessions', params: {} + expect(response).to have_http_status(200) + expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey + expect(json_response).to be_a_kind_of(Hash) + expect(json_response).to be_truthy + end + end +end diff --git a/spec/requests/basic_spec.rb b/spec/requests/basic_spec.rb new file mode 100644 index 000000000..292ecee01 --- /dev/null +++ b/spec/requests/basic_spec.rb @@ -0,0 +1,112 @@ +require 'rails_helper' + +RSpec.describe 'Basics', type: :request do + + describe 'request handling' do + + it 'does json requests' do + + # 404 + get '/not_existing_url', as: :json + expect(response).to have_http_status(404) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('No route matches [GET] /not_existing_url') + + # 401 + get '/api/v1/organizations', as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('authentication failed') + + # 422 + get '/tests/unprocessable_entity', as: :json + expect(response).to have_http_status(422) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('some error message') + + # 401 + get '/tests/not_authorized', as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('some error message') + + # 401 + get '/tests/ar_not_found', as: :json + expect(response).to have_http_status(404) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('some error message') + + # 500 + get '/tests/standard_error', as: :json + expect(response).to have_http_status(500) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('some error message') + + # 422 + get '/tests/argument_error', as: :json + expect(response).to have_http_status(422) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('some error message') + end + + it 'does html requests' do + + # 404 + get '/not_existing_url' + expect(response).to have_http_status(404) + expect(response.body).to match(/404: Not Found}) + expect(response.body).to match(%r{

404: Requested Ressource was not found.

}) + expect(response.body).to match(%r{No route matches \[GET\] /not_existing_url}) + + # 401 + get '/api/v1/organizations' + expect(response).to have_http_status(401) + expect(response.body).to match(/401: Unauthorized}) + expect(response.body).to match(%r{

401: Unauthorized

}) + expect(response.body).to match(/authentication failed/) + + # 422 + get '/tests/unprocessable_entity' + expect(response).to have_http_status(422) + expect(response.body).to match(/422: Unprocessable Entity}) + expect(response.body).to match(%r{

422: The change you wanted was rejected.

}) + expect(response.body).to match(/some error message/) + + # 401 + get '/tests/not_authorized' + expect(response).to have_http_status(401) + expect(response.body).to match(/401: Unauthorized}) + expect(response.body).to match(%r{

401: Unauthorized

}) + expect(response.body).to match(/some error message/) + + # 401 + get '/tests/ar_not_found' + expect(response).to have_http_status(404) + expect(response.body).to match(/404: Not Found}) + expect(response.body).to match(%r{

404: Requested Ressource was not found.

}) + expect(response.body).to match(/some error message/) + + # 500 + get '/tests/standard_error' + expect(response).to have_http_status(500) + expect(response.body).to match(/500: Something went wrong}) + expect(response.body).to match(%r{

500: We're sorry, but something went wrong.

}) + expect(response.body).to match(/some error message/) + + # 422 + get '/tests/argument_error' + expect(response).to have_http_status(422) + expect(response.body).to match(/422: Unprocessable Entity}) + expect(response.body).to match(%r{

422: The change you wanted was rejected.

}) + expect(response.body).to match(/some error message/) + end + end + +end diff --git a/spec/requests/calendar_spec.rb b/spec/requests/calendar_spec.rb new file mode 100644 index 000000000..b718866e3 --- /dev/null +++ b/spec/requests/calendar_spec.rb @@ -0,0 +1,63 @@ +require 'rails_helper' + +RSpec.describe 'Calendars', type: :request do + + let(:admin_user) do + create(:admin_user) + end + + describe 'request handling' do + + it 'does calendar index with nobody' do + get '/api/v1/calendars', as: :json + expect(response).to have_http_status(401) + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('authentication failed') + + get '/api/v1/calendars_init', as: :json + expect(response).to have_http_status(401) + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('authentication failed') + end + + it 'does calendar index with admin' do + authenticated_as(admin_user) + get '/api/v1/calendars', as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response).to be_truthy + expect(json_response.count).to eq(1) + + get '/api/v1/calendars?expand=true', as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response).to be_truthy + expect(json_response.count).to eq(1) + + get '/api/v1/calendars?full=true', as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response).to be_truthy + expect(json_response['record_ids']).to be_truthy + expect(json_response['record_ids'].count).to eq(1) + expect(json_response['assets']).to be_truthy + expect(json_response['assets']).to be_present + + # index + get '/api/v1/calendars_init', as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['record_ids']).to be_truthy + expect(json_response['ical_feeds']).to be_truthy + expect(json_response['ical_feeds']['http://www.google.com/calendar/ical/da.danish%23holiday%40group.v.calendar.google.com/public/basic.ics']).to eq('Denmark') + expect(json_response['ical_feeds']['http://www.google.com/calendar/ical/de.austrian%23holiday%40group.v.calendar.google.com/public/basic.ics']).to eq('Austria') + expect(json_response['timezones']).to be_truthy + expect(json_response['timezones']['Africa/Johannesburg']).to eq(2) + expect(json_response['timezones']['America/Sitka']).to eq(-8) + expect(json_response['assets']).to be_truthy + end + end + +end diff --git a/spec/requests/form_spec.rb b/spec/requests/form_spec.rb new file mode 100644 index 000000000..b5feebc2a --- /dev/null +++ b/spec/requests/form_spec.rb @@ -0,0 +1,221 @@ +require 'rails_helper' + +RSpec.describe 'Form', type: :request, searchindex: true do + + before(:each) do + rebuild_searchindex + end + + describe 'request handling' do + + it 'does get config call' do + post '/api/v1/form_config', params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Not authorized') + end + + it 'does get config call' do + Setting.set('form_ticket_create', true) + post '/api/v1/form_config', params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Not authorized') + + end + + it 'does get config call & do submit' do + Setting.set('form_ticket_create', true) + fingerprint = SecureRandom.hex(40) + post '/api/v1/form_config', params: { fingerprint: fingerprint }, as: :json + + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['enabled']).to eq(true) + expect(json_response['endpoint']).to eq('http://zammad.example.com/api/v1/form_submit') + expect(json_response['token']).to be_truthy + token = json_response['token'] + + post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: 'invalid' }, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Not authorized') + + post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token }, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + + expect(json_response['errors']).to be_truthy + expect(json_response['errors']['name']).to eq('required') + expect(json_response['errors']['email']).to eq('required') + expect(json_response['errors']['title']).to eq('required') + expect(json_response['errors']['body']).to eq('required') + + post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, email: 'some' }, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + + expect(json_response['errors']).to be_truthy + expect(json_response['errors']['name']).to eq('required') + expect(json_response['errors']['email']).to eq('invalid') + expect(json_response['errors']['title']).to eq('required') + expect(json_response['errors']['body']).to eq('required') + + post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + + expect(json_response['errors']).to be_falsey + expect(json_response['ticket']).to be_truthy + expect(json_response['ticket']['id']).to be_truthy + expect(json_response['ticket']['number']).to be_truthy + + travel 5.hours + + post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }, as: :json + + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + + expect(json_response['errors']).to be_falsey + expect(json_response['ticket']).to be_truthy + expect(json_response['ticket']['id']).to be_truthy + expect(json_response['ticket']['number']).to be_truthy + + travel 20.hours + + post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }, as: :json + expect(response).to have_http_status(401) + + end + + it 'does get config call & do submit' do + Setting.set('form_ticket_create', true) + fingerprint = SecureRandom.hex(40) + post '/api/v1/form_config', params: { fingerprint: fingerprint }, as: :json + + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['enabled']).to eq(true) + expect(json_response['endpoint']).to eq('http://zammad.example.com/api/v1/form_submit') + expect(json_response['token']).to be_truthy + token = json_response['token'] + + post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: 'invalid' }, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Not authorized') + + post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token }, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + + expect(json_response['errors']).to be_truthy + expect(json_response['errors']['name']).to eq('required') + expect(json_response['errors']['email']).to eq('required') + expect(json_response['errors']['title']).to eq('required') + expect(json_response['errors']['body']).to eq('required') + + post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, email: 'some' }, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + + expect(json_response['errors']).to be_truthy + expect(json_response['errors']['name']).to eq('required') + expect(json_response['errors']['email']).to eq('invalid') + expect(json_response['errors']['title']).to eq('required') + expect(json_response['errors']['body']).to eq('required') + + post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'somebody@example.com', title: 'test', body: 'hello' }, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + + expect(json_response['errors']).to be_truthy + expect(json_response['errors']['email']).to eq('invalid') + + end + + it 'does limits' do + skip('No ES configured') if !SearchIndexBackend.enabled? + + Setting.set('form_ticket_create', true) + fingerprint = SecureRandom.hex(40) + post '/api/v1/form_config', params: { fingerprint: fingerprint }, as: :json + + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['enabled']).to eq(true) + expect(json_response['endpoint']).to eq('http://zammad.example.com/api/v1/form_submit') + expect(json_response['token']).to be_truthy + token = json_response['token'] + + (1..20).each do |count| + travel 10.seconds + post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: "test#{count}", body: 'hello' }, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + + expect(json_response['errors']).to be_falsey + expect(json_response['errors']).to be_falsey + expect(json_response['ticket']).to be_truthy + expect(json_response['ticket']['id']).to be_truthy + expect(json_response['ticket']['number']).to be_truthy + Scheduler.worker(true) + sleep 1 # wait until elasticsearch is index + end + + sleep 10 # wait until elasticsearch is index + + post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test-last', body: 'hello' }, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to be_truthy + + @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json', 'REMOTE_ADDR' => '1.2.3.5' } + + (1..20).each do |count| + travel 10.seconds + post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: "test-2-#{count}", body: 'hello' }, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + + expect(json_response['errors']).to be_falsey + expect(json_response['ticket']).to be_truthy + expect(json_response['ticket']['id']).to be_truthy + expect(json_response['ticket']['number']).to be_truthy + Scheduler.worker(true) + sleep 1 # wait until elasticsearch is index + end + + sleep 10 # wait until elasticsearch is index + + post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test-2-last', body: 'hello' }, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to be_truthy + end + + it 'does customer_ticket_create false disables form' do + Setting.set('form_ticket_create', false) + Setting.set('customer_ticket_create', true) + + fingerprint = SecureRandom.hex(40) + + post '/api/v1/form_config', params: { fingerprint: fingerprint }, as: :json + + token = json_response['token'] + params = { + fingerprint: fingerprint, + token: token, + name: 'Bob Smith', + email: 'discard@znuny.com', + title: 'test', + body: 'hello' + } + + post '/api/v1/form_submit', params: params, as: :json + + expect(response).to have_http_status(401) + end + end +end diff --git a/spec/requests/integration/check_mk_spec.rb b/spec/requests/integration/check_mk_spec.rb new file mode 100644 index 000000000..ae29e08bb --- /dev/null +++ b/spec/requests/integration/check_mk_spec.rb @@ -0,0 +1,237 @@ +require 'rails_helper' + +RSpec.describe 'Integration Check MK', type: :request do + + before(:each) do + token = SecureRandom.urlsafe_base64(16) + Setting.set('check_mk_token', token) + Setting.set('check_mk_integration', true) + end + + describe 'request handling' do + it 'does fail without a token' do + post '/api/v1/integration/check_mk/', params: {} + expect(response).to have_http_status(404) + end + + it 'does fail with invalid token and feature enabled' do + post '/api/v1/integration/check_mk/invalid_token', params: {} + expect(response).to have_http_status(422) + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Invalid token!') + end + + it 'does create and close a ticket' do + params = { + event_id: '123', + state: 'down', + host: 'some host', + service: 'some service', + } + post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params + expect(response).to have_http_status(200) + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['result']).to be_truthy + expect(json_response['ticket_id']).to be_truthy + expect(json_response['ticket_number']).to be_truthy + + ticket = Ticket.find(json_response['ticket_id']) + expect(ticket.state.name).to eq('new') + expect(ticket.articles.count).to eq(1) + + params = { + event_id: '123', + state: 'up', + host: 'some host', + service: 'some service', + } + post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params + expect(response).to have_http_status(200) + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['result']).not_to be_empty + expect(json_response['ticket_ids']).to include(ticket.id) + + ticket.reload + expect(ticket.state.name).to eq('closed') + expect(ticket.articles.count).to eq(2) + end + + it 'does double create and auto close' do + params = { + event_id: '123', + state: 'down', + host: 'some host', + service: 'some service', + } + post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params + expect(response).to have_http_status(200) + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['result']).to be_truthy + expect(json_response['ticket_id']).to be_truthy + expect(json_response['ticket_number']).to be_truthy + + ticket = Ticket.find(json_response['ticket_id']) + expect(ticket.state.name).to eq('new') + expect(ticket.articles.count).to eq(1) + + params = { + event_id: '123', + state: 'down', + host: 'some host', + service: 'some service', + } + post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params + expect(response).to have_http_status(200) + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['result']).to eq('ticket already open, added note') + expect(json_response['ticket_ids']).to include(ticket.id) + + ticket.reload + expect(ticket.state.name).to eq('new') + expect(ticket.articles.count).to eq(2) + + params = { + event_id: '123', + state: 'up', + host: 'some host', + service: 'some service', + } + post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params + expect(response).to have_http_status(200) + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['result']).to be_truthy + expect(json_response['ticket_ids']).to include(ticket.id) + + ticket.reload + expect(ticket.state.name).to eq('closed') + expect(ticket.articles.count).to eq(3) + end + + it 'does ticket close which get ignored' do + params = { + event_id: '123', + state: 'up', + host: 'some host', + service: 'some service', + } + post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params + expect(response).to have_http_status(200) + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['result']).to eq('no open tickets found, ignore action') + end + + it 'does double create and no auto close' do + Setting.set('check_mk_auto_close', false) + params = { + event_id: '123', + state: 'down', + host: 'some host', + service: 'some service', + } + post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params + expect(response).to have_http_status(200) + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['result']).to be_truthy + expect(json_response['ticket_id']).to be_truthy + expect(json_response['ticket_number']).to be_truthy + + ticket = Ticket.find(json_response['ticket_id']) + expect(ticket.state.name).to eq('new') + expect(ticket.articles.count).to eq(1) + + params = { + event_id: '123', + state: 'down', + host: 'some host', + service: 'some service', + } + post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params + expect(response).to have_http_status(200) + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['result']).to eq('ticket already open, added note') + expect(json_response['ticket_ids']).to include(ticket.id) + + ticket.reload + expect(ticket.state.name).to eq('new') + expect(ticket.articles.count).to eq(2) + + params = { + event_id: '123', + state: 'up', + host: 'some host', + service: 'some service', + } + post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params + expect(response).to have_http_status(200) + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['result']).to eq('ticket already open, added note') + expect(json_response['ticket_ids']).to include(ticket.id) + + ticket.reload + expect(ticket.state.name).to eq('new') + expect(ticket.articles.count).to eq(3) + end + + it 'does double create and auto close - host only' do + params = { + event_id: '123', + state: 'down', + host: 'some host', + } + post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params + expect(response).to have_http_status(200) + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['result']).to be_truthy + expect(json_response['ticket_id']).to be_truthy + expect(json_response['ticket_number']).to be_truthy + + ticket = Ticket.find(json_response['ticket_id']) + expect(ticket.state.name).to eq('new') + expect(ticket.articles.count).to eq(1) + + params = { + event_id: '123', + state: 'down', + host: 'some host', + } + post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params + expect(response).to have_http_status(200) + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['result']).to eq('ticket already open, added note') + expect(json_response['ticket_ids']).to include(ticket.id) + + ticket.reload + expect(ticket.state.name).to eq('new') + expect(ticket.articles.count).to eq(2) + + params = { + event_id: '123', + state: 'up', + host: 'some host', + } + post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params + expect(response).to have_http_status(200) + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['result']).to be_truthy + expect(json_response['ticket_ids']).to include(ticket.id) + + ticket.reload + expect(ticket.state.name).to eq('closed') + expect(ticket.articles.count).to eq(3) + end + end + +end diff --git a/spec/requests/integration/cti_spec.rb b/spec/requests/integration/cti_spec.rb new file mode 100644 index 000000000..cd827f92e --- /dev/null +++ b/spec/requests/integration/cti_spec.rb @@ -0,0 +1,477 @@ +require 'rails_helper' + +RSpec.describe 'Integration CTI', type: :request do + + let(:agent_user) do + create(:agent_user) + end + let!(:customer_user1) do + create( + :customer_user, + login: 'ticket-caller_id_cti-customer1@example.com', + firstname: 'CallerId', + lastname: 'Customer1', + phone: '+49 99999 222222', + fax: '+49 99999 222223', + mobile: '+4912347114711', + note: 'Phone at home: +49 99999 222224', + ) + end + let!(:customer_user2) do + create( + :customer_user, + login: 'ticket-caller_id_cti-customer2@example.com', + firstname: 'CallerId', + lastname: 'Customer2', + phone: '+49 99999 222222 2', + ) + end + let!(:customer_user3) do + create( + :customer_user, + login: 'ticket-caller_id_cti-customer3@example.com', + firstname: 'CallerId', + lastname: 'Customer3', + phone: '+49 99999 222222 2', + ) + end + + before(:each) do + Cti::Log.destroy_all + + Setting.set('cti_integration', true) + Setting.set('cti_config', { + outbound: { + routing_table: [ + { + dest: '41*', + caller_id: '41715880339000', + }, + { + dest: '491714000000', + caller_id: '41715880339000', + }, + ], + default_caller_id: '4930777000000', + }, + inbound: { + block_caller_ids: [ + { + caller_id: '491715000000', + note: 'some note', + } + ], + notify_user_ids: { + 2 => true, + 4 => false, + }, + } + }) + + Cti::CallerId.rebuild + end + + describe 'request handling' do + + it 'does token check' do + params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&call_id=4991155921769858278-1&user%5B%5D=user+1&user%5B%5D=user+2' + post '/api/v1/cti/not_existing_token', params: params + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Invalid token, please contact your admin!') + end + + it 'does basic call' do + token = Setting.get('cti_token') + + # inbound - I + params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&call_id=4991155921769858278-1&user%5B%5D=user+1&user%5B%5D=user+2' + post "/api/v1/cti/#{token}", params: params + expect(response).to have_http_status(200) + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response).to be_blank + + # inbound - II - block caller + params = 'event=newCall&direction=in&from=491715000000&to=4930600000000&call_id=4991155921769858278-2&user%5B%5D=user+1&user%5B%5D=user+2' + post "/api/v1/cti/#{token}", params: params + expect(response).to have_http_status(200) + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['action']).to eq('reject') + expect(json_response['reason']).to eq('busy') + + # outbound - I - set default_caller_id + params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&call_id=8621106404543334274-3&user%5B%5D=user+1' + post "/api/v1/cti/#{token}", params: params + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['action']).to eq('dial') + expect(json_response['number']).to eq('4912347114711') + expect(json_response['caller_id']).to eq('4930777000000') + + # outbound - II - set caller_id based on routing_table by explicite number + params = 'event=newCall&direction=out&from=4930600000000&to=491714000000&call_id=8621106404543334274-4&user%5B%5D=user+1' + post "/api/v1/cti/#{token}", params: params + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['action']).to eq('dial') + expect(json_response['number']).to eq('491714000000') + expect(json_response['caller_id']).to eq('41715880339000') + + # outbound - III - set caller_id based on routing_table by 41* + params = 'event=newCall&direction=out&from=4930600000000&to=4147110000000&call_id=8621106404543334274-5&user%5B%5D=user+1' + post "/api/v1/cti/#{token}", params: params + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['action']).to eq('dial') + expect(json_response['number']).to eq('4147110000000') + expect(json_response['caller_id']).to eq('41715880339000') + + # no config + Setting.set('cti_config', {}) + params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&call_id=4991155921769858278-6&user%5B%5D=user+1&user%5B%5D=user+2' + post "/api/v1/cti/#{token}", params: params + expect(response).to have_http_status(422) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Feature not configured, please contact your admin!') + + end + + it 'does log call' do + token = Setting.get('cti_token') + + # outbound - I - new call + params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&call_id=1234567890-1&user%5B%5D=user+1' + post "/api/v1/cti/#{token}", params: params + expect(response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-1') + expect(log).to be_truthy + expect(log.from).to eq('4930777000000') + expect(log.to).to eq('4912347114711') + expect(log.direction).to eq('out') + expect(log.from_comment).to eq('user 1') + expect(log.to_comment).to eq('CallerId Customer1') + expect(log.comment).to be_nil + expect(log.state).to eq('newCall') + expect(log.done).to eq(true) + expect(log.initialized_at).to be_truthy + expect(log.start_at).to be_nil + expect(log.end_at).to be_nil + expect(log.duration_waiting_time).to be_nil + expect(log.duration_talking_time).to be_nil + + # outbound - I - hangup by agent + params = 'event=hangup&direction=out&call_id=1234567890-1&cause=cancel' + post "/api/v1/cti/#{token}", params: params + expect(response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-1') + expect(log).to be_truthy + expect(log.from).to eq('4930777000000') + expect(log.to).to eq('4912347114711') + expect(log.direction).to eq('out') + expect(log.from_comment).to eq('user 1') + expect(log.to_comment).to eq('CallerId Customer1') + expect(log.comment).to eq('cancel') + expect(log.state).to eq('hangup') + expect(log.done).to eq(true) + expect(log.initialized_at).to be_truthy + expect(log.start_at).to be_nil + expect(log.end_at).to be_truthy + expect(log.duration_waiting_time).to be_truthy + expect(log.duration_talking_time).to be_nil + + # outbound - II - new call + params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&call_id=1234567890-2&user%5B%5D=user+1' + post "/api/v1/cti/#{token}", params: params + expect(response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-2') + expect(log).to be_truthy + expect(log.from).to eq('4930777000000') + expect(log.to).to eq('4912347114711') + expect(log.direction).to eq('out') + expect(log.from_comment).to eq('user 1') + expect(log.to_comment).to eq('CallerId Customer1') + expect(log.comment).to be_nil + expect(log.state).to eq('newCall') + expect(log.done).to eq(true) + expect(log.initialized_at).to be_truthy + expect(log.start_at).to be_nil + expect(log.end_at).to be_nil + expect(log.duration_waiting_time).to be_nil + expect(log.duration_talking_time).to be_nil + + # outbound - II - answer by customer + params = 'event=answer&direction=out&call_id=1234567890-2&from=4930600000000&to=4912347114711' + post "/api/v1/cti/#{token}", params: params + expect(response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-2') + expect(log).to be_truthy + expect(log.from).to eq('4930777000000') + expect(log.to).to eq('4912347114711') + expect(log.direction).to eq('out') + expect(log.from_comment).to eq('user 1') + expect(log.to_comment).to eq('CallerId Customer1') + expect(log.comment).to be_nil + expect(log.state).to eq('answer') + expect(log.done).to eq(true) + expect(log.initialized_at).to be_truthy + expect(log.start_at).to be_truthy + expect(log.end_at).to be_nil + expect(log.duration_waiting_time).to be_truthy + expect(log.duration_talking_time).to be_nil + + # outbound - II - hangup by customer + params = 'event=hangup&direction=out&call_id=1234567890-2&cause=normalClearing&from=4930600000000&to=4912347114711' + post "/api/v1/cti/#{token}", params: params + expect(response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-2') + expect(log).to be_truthy + expect(log.from).to eq('4930777000000') + expect(log.to).to eq('4912347114711') + expect(log.direction).to eq('out') + expect(log.from_comment).to eq('user 1') + expect(log.to_comment).to eq('CallerId Customer1') + expect(log.comment).to eq('normalClearing') + expect(log.state).to eq('hangup') + expect(log.done).to eq(true) + expect(log.initialized_at).to be_truthy + expect(log.start_at).to be_truthy + expect(log.end_at).to be_truthy + expect(log.duration_waiting_time).to be_truthy + expect(log.duration_talking_time).to be_truthy + + # inbound - I - new call + params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&call_id=1234567890-3&user%5B%5D=user+1' + post "/api/v1/cti/#{token}", params: params + expect(response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-3') + expect(log).to be_truthy + expect(log.to).to eq('4930600000000') + expect(log.from).to eq('4912347114711') + expect(log.direction).to eq('in') + expect(log.to_comment).to eq('user 1') + expect(log.from_comment).to eq('CallerId Customer1') + expect(log.comment).to be_nil + expect(log.state).to eq('newCall') + expect(log.done).to eq(false) + expect(log.initialized_at).to be_truthy + expect(log.start_at).to be_nil + expect(log.end_at).to be_nil + expect(log.duration_waiting_time).to be_nil + expect(log.duration_talking_time).to be_nil + + # inbound - I - answer by customer + params = 'event=answer&direction=in&call_id=1234567890-3&to=4930600000000&from=4912347114711' + post "/api/v1/cti/#{token}", params: params + expect(response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-3') + expect(log).to be_truthy + expect(log.to).to eq('4930600000000') + expect(log.from).to eq('4912347114711') + expect(log.direction).to eq('in') + expect(log.to_comment).to eq('user 1') + expect(log.from_comment).to eq('CallerId Customer1') + expect(log.comment).to be_nil + expect(log.state).to eq('answer') + expect(log.done).to eq(true) + expect(log.initialized_at).to be_truthy + expect(log.start_at).to be_truthy + expect(log.end_at).to be_nil + expect(log.duration_waiting_time).to be_truthy + expect(log.duration_talking_time).to be_nil + + # inbound - I - hangup by customer + params = 'event=hangup&direction=in&call_id=1234567890-3&cause=normalClearing&to=4930600000000&from=4912347114711' + post "/api/v1/cti/#{token}", params: params + expect(response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-3') + expect(log).to be_truthy + expect(log.to).to eq('4930600000000') + expect(log.from).to eq('4912347114711') + expect(log.direction).to eq('in') + expect(log.to_comment).to eq('user 1') + expect(log.from_comment).to eq('CallerId Customer1') + expect(log.comment).to eq('normalClearing') + expect(log.state).to eq('hangup') + expect(log.done).to eq(true) + expect(log.initialized_at).to be_truthy + expect(log.start_at).to be_truthy + expect(log.end_at).to be_truthy + expect(log.duration_waiting_time).to be_truthy + expect(log.duration_talking_time).to be_truthy + + # inbound - II - new call + params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&call_id=1234567890-4&user%5B%5D=user+1,user+2' + post "/api/v1/cti/#{token}", params: params + expect(response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-4') + expect(log).to be_truthy + expect(log.to).to eq('4930600000000') + expect(log.from).to eq('4912347114711') + expect(log.direction).to eq('in') + expect(log.to_comment).to eq('user 1,user 2') + expect(log.from_comment).to eq('CallerId Customer1') + expect(log.comment).to be_nil + expect(log.state).to eq('newCall') + expect(log.done).to eq(false) + expect(log.initialized_at).to be_truthy + expect(log.start_at).to be_nil + expect(log.end_at).to be_nil + expect(log.duration_waiting_time).to be_nil + expect(log.duration_talking_time).to be_nil + + # inbound - II - answer by voicemail + params = 'event=answer&direction=in&call_id=1234567890-4&to=4930600000000&from=4912347114711&user=voicemail' + post "/api/v1/cti/#{token}", params: params + expect(response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-4') + expect(log).to be_truthy + expect(log.to).to eq('4930600000000') + expect(log.from).to eq('4912347114711') + expect(log.direction).to eq('in') + expect(log.to_comment).to eq('voicemail') + expect(log.from_comment).to eq('CallerId Customer1') + expect(log.comment).to be_nil + expect(log.state).to eq('answer') + expect(log.done).to eq(true) + expect(log.initialized_at).to be_truthy + expect(log.start_at).to be_truthy + expect(log.end_at).to be_nil + expect(log.duration_waiting_time).to be_truthy + expect(log.duration_talking_time).to be_nil + + # inbound - II - hangup by customer + params = 'event=hangup&direction=in&call_id=1234567890-4&cause=normalClearing&to=4930600000000&from=4912347114711' + post "/api/v1/cti/#{token}", params: params + expect(response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-4') + expect(log).to be_truthy + expect(log.to).to eq('4930600000000') + expect(log.from).to eq('4912347114711') + expect(log.direction).to eq('in') + expect(log.to_comment).to eq('voicemail') + expect(log.from_comment).to eq('CallerId Customer1') + expect(log.comment).to eq('normalClearing') + expect(log.state).to eq('hangup') + expect(log.done).to eq(false) + expect(log.initialized_at).to be_truthy + expect(log.start_at).to be_truthy + expect(log.end_at).to be_truthy + expect(log.duration_waiting_time).to be_truthy + expect(log.duration_talking_time).to be_truthy + + # inbound - III - new call + params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&call_id=1234567890-5&user%5B%5D=user+1,user+2' + post "/api/v1/cti/#{token}", params: params + expect(response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-5') + expect(log).to be_truthy + expect(log.to).to eq('4930600000000') + expect(log.from).to eq('4912347114711') + expect(log.direction).to eq('in') + expect(log.to_comment).to eq('user 1,user 2') + expect(log.from_comment).to eq('CallerId Customer1') + expect(log.comment).to be_nil + expect(log.state).to eq('newCall') + expect(log.done).to eq(false) + expect(log.initialized_at).to be_truthy + expect(log.start_at).to be_nil + expect(log.end_at).to be_nil + expect(log.duration_waiting_time).to be_nil + expect(log.duration_talking_time).to be_nil + + # inbound - III - hangup by customer + params = 'event=hangup&direction=in&call_id=1234567890-5&cause=normalClearing&to=4930600000000&from=4912347114711' + post "/api/v1/cti/#{token}", params: params + expect(response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-5') + expect(log).to be_truthy + expect(log.to).to eq('4930600000000') + expect(log.from).to eq('4912347114711') + expect(log.direction).to eq('in') + expect(log.to_comment).to eq('user 1,user 2') + expect(log.from_comment).to eq('CallerId Customer1') + expect(log.comment).to eq('normalClearing') + expect(log.state).to eq('hangup') + expect(log.done).to eq(false) + expect(log.initialized_at).to be_truthy + expect(log.start_at).to be_nil + expect(log.end_at).to be_truthy + expect(log.duration_waiting_time).to be_truthy + expect(log.duration_talking_time).to be_nil + + # inbound - IV - new call + params = 'event=newCall&direction=in&to=4930600000000&from=49999992222222&call_id=1234567890-6&user%5B%5D=user+1,user+2' + post "/api/v1/cti/#{token}", params: params + expect(response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-6') + expect(log).to be_truthy + expect(log.to).to eq('4930600000000') + expect(log.from).to eq('49999992222222') + expect(log.direction).to eq('in') + expect(log.to_comment).to eq('user 1,user 2') + expect(log.from_comment).to eq('CallerId Customer3,CallerId Customer2') + expect(log.preferences['to']).to be_falsey + expect(log.preferences['from']).to be_truthy + expect(log.comment).to be_nil + expect(log.state).to eq('newCall') + expect(log.done).to eq(false) + expect(log.initialized_at).to be_truthy + expect(log.start_at).to be_nil + expect(log.end_at).to be_nil + expect(log.duration_waiting_time).to be_nil + expect(log.duration_talking_time).to be_nil + + # inbound - IV - new call + params = 'event=newCall&direction=in&to=4930600000000&from=anonymous&call_id=1234567890-7&user%5B%5D=user+1,user+2' + post "/api/v1/cti/#{token}", params: params + expect(response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-7') + expect(log).to be_truthy + expect(log.to).to eq('4930600000000') + expect(log.from).to eq('anonymous') + expect(log.direction).to eq('in') + expect(log.to_comment).to eq('user 1,user 2') + expect(log.from_comment).to be_nil + expect(log.preferences['to']).to be_falsey + expect(log.preferences['from']).to be_falsey + expect(log.comment).to be_nil + expect(log.state).to eq('newCall') + expect(log.done).to eq(false) + expect(log.initialized_at).to be_truthy + expect(log.start_at).to be_nil + expect(log.end_at).to be_nil + expect(log.duration_waiting_time).to be_nil + expect(log.duration_talking_time).to be_nil + + # get caller list + get '/api/v1/cti/log' + expect(response).to have_http_status(401) + + authenticated_as(agent_user) + get '/api/v1/cti/log', as: :json + expect(response).to have_http_status(200) + expect(json_response['list']).to be_a_kind_of(Array) + expect(json_response['list'].count).to eq(7) + expect(json_response['assets']).to be_truthy + expect(json_response['assets']['User']).to be_truthy + expect(json_response['assets']['User'][customer_user2.id.to_s]).to be_truthy + expect(json_response['assets']['User'][customer_user3.id.to_s]).to be_truthy + expect(json_response['list'][0]['call_id']).to eq('1234567890-7') + expect(json_response['list'][1]['call_id']).to eq('1234567890-6') + expect(json_response['list'][2]['call_id']).to eq('1234567890-5') + expect(json_response['list'][3]['call_id']).to eq('1234567890-4') + expect(json_response['list'][4]['call_id']).to eq('1234567890-3') + expect(json_response['list'][5]['call_id']).to eq('1234567890-2') + expect(json_response['list'][5]['state']).to eq('hangup') + expect(json_response['list'][5]['from']).to eq('4930777000000') + expect(json_response['list'][5]['from_comment']).to eq('user 1') + expect(json_response['list'][5]['to']).to eq('4912347114711') + expect(json_response['list'][5]['to_comment']).to eq('CallerId Customer1') + expect(json_response['list'][5]['comment']).to eq('normalClearing') + expect(json_response['list'][5]['state']).to eq('hangup') + expect(json_response['list'][6]['call_id']).to eq('1234567890-1') + end + end +end diff --git a/spec/requests/integration/sipgate_spec.rb b/spec/requests/integration/sipgate_spec.rb new file mode 100644 index 000000000..f88301419 --- /dev/null +++ b/spec/requests/integration/sipgate_spec.rb @@ -0,0 +1,445 @@ +require 'rails_helper' + +RSpec.describe 'Integration Sipgate', type: :request do + + let(:agent_user) do + create(:agent_user) + end + let!(:customer_user1) do + create( + :customer_user, + login: 'ticket-caller_id_cti-customer1@example.com', + firstname: 'CallerId', + lastname: 'Customer1', + phone: '+49 99999 222222', + fax: '+49 99999 222223', + mobile: '+4912347114711', + note: 'Phone at home: +49 99999 222224', + ) + end + let!(:customer_user2) do + create( + :customer_user, + login: 'ticket-caller_id_cti-customer2@example.com', + firstname: 'CallerId', + lastname: 'Customer2', + phone: '+49 99999 222222 2', + ) + end + let!(:customer_user3) do + create( + :customer_user, + login: 'ticket-caller_id_cti-customer3@example.com', + firstname: 'CallerId', + lastname: 'Customer3', + phone: '+49 99999 222222 2', + ) + end + + before(:each) do + Cti::Log.destroy_all + + Setting.set('sipgate_integration', true) + Setting.set('sipgate_config', { + outbound: { + routing_table: [ + { + dest: '41*', + caller_id: '41715880339000', + }, + { + dest: '491714000000', + caller_id: '41715880339000', + }, + ], + default_caller_id: '4930777000000', + }, + inbound: { + block_caller_ids: [ + { + caller_id: '491715000000', + note: 'some note', + } + ], + notify_user_ids: { + 2 => true, + 4 => false, + }, + } + },) + + Cti::CallerId.rebuild + end + + describe 'request handling' do + + it 'does basic call' do + + # inbound - I + params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&callId=4991155921769858278-1&user%5B%5D=user+1&user%5B%5D=user+2' + post '/api/v1/sipgate/in', params: params + expect(@response).to have_http_status(200) + on_hangup = nil + on_answer = nil + content = @response.body + response = REXML::Document.new(content) + response.elements.each('Response') do |element| + on_hangup = element.attributes['onHangup'] + on_answer = element.attributes['onAnswer'] + end + expect(on_hangup).to eq('http://zammad.example.com/api/v1/sipgate/in') + expect(on_answer).to eq('http://zammad.example.com/api/v1/sipgate/in') + + # inbound - II - block caller + params = 'event=newCall&direction=in&from=491715000000&to=4930600000000&callId=4991155921769858278-2&user%5B%5D=user+1&user%5B%5D=user+2' + post '/api/v1/sipgate/in', params: params + expect(@response).to have_http_status(200) + on_hangup = nil + on_answer = nil + content = @response.body + response = REXML::Document.new(content) + response.elements.each('Response') do |element| + on_hangup = element.attributes['onHangup'] + on_answer = element.attributes['onAnswer'] + end + expect(on_hangup).to eq('http://zammad.example.com/api/v1/sipgate/in') + expect(on_answer).to eq('http://zammad.example.com/api/v1/sipgate/in') + reason = nil + response.elements.each('Response/Reject') do |element| + reason = element.attributes['reason'] + end + expect(reason).to eq('busy') + + # outbound - I - set default_caller_id + params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&callId=8621106404543334274-3&user%5B%5D=user+1' + post '/api/v1/sipgate/out', params: params + expect(@response).to have_http_status(200) + on_hangup = nil + on_answer = nil + caller_id = nil + number_to_dail = nil + content = @response.body + response = REXML::Document.new(content) + response.elements.each('Response') do |element| + on_hangup = element.attributes['onHangup'] + on_answer = element.attributes['onAnswer'] + end + response.elements.each('Response/Dial') do |element| + caller_id = element.attributes['callerId'] + end + response.elements.each('Response/Dial/Number') do |element| + number_to_dail = element.text + end + expect(caller_id).to eq('4930777000000') + expect(number_to_dail).to eq('4912347114711') + expect(on_hangup).to eq('http://zammad.example.com/api/v1/sipgate/out') + expect(on_answer).to eq('http://zammad.example.com/api/v1/sipgate/out') + + # outbound - II - set caller_id based on routing_table by explicite number + params = 'event=newCall&direction=out&from=4930600000000&to=491714000000&callId=8621106404543334274-4&user%5B%5D=user+1' + post '/api/v1/sipgate/out', params: params + expect(@response).to have_http_status(200) + on_hangup = nil + on_answer = nil + caller_id = nil + number_to_dail = nil + content = @response.body + response = REXML::Document.new(content) + response.elements.each('Response') do |element| + on_hangup = element.attributes['onHangup'] + on_answer = element.attributes['onAnswer'] + end + response.elements.each('Response/Dial') do |element| + caller_id = element.attributes['callerId'] + end + response.elements.each('Response/Dial/Number') do |element| + number_to_dail = element.text + end + expect(caller_id).to eq('41715880339000') + expect(number_to_dail).to eq('491714000000') + expect(on_hangup).to eq('http://zammad.example.com/api/v1/sipgate/out') + expect(on_answer).to eq('http://zammad.example.com/api/v1/sipgate/out') + + # outbound - III - set caller_id based on routing_table by 41* + params = 'event=newCall&direction=out&from=4930600000000&to=4147110000000&callId=8621106404543334274-5&user%5B%5D=user+1' + post '/api/v1/sipgate/out', params: params + expect(@response).to have_http_status(200) + on_hangup = nil + on_answer = nil + caller_id = nil + number_to_dail = nil + content = @response.body + response = REXML::Document.new(content) + response.elements.each('Response') do |element| + on_hangup = element.attributes['onHangup'] + on_answer = element.attributes['onAnswer'] + end + response.elements.each('Response/Dial') do |element| + caller_id = element.attributes['callerId'] + end + response.elements.each('Response/Dial/Number') do |element| + number_to_dail = element.text + end + expect(caller_id).to eq('41715880339000') + expect(number_to_dail).to eq('4147110000000') + expect(on_hangup).to eq('http://zammad.example.com/api/v1/sipgate/out') + expect(on_answer).to eq('http://zammad.example.com/api/v1/sipgate/out') + + # no config + Setting.set('sipgate_config', {}) + params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&callId=4991155921769858278-6&user%5B%5D=user+1&user%5B%5D=user+2' + post '/api/v1/sipgate/in', params: params + expect(@response).to have_http_status(422) + error = nil + content = @response.body + response = REXML::Document.new(content) + response.elements.each('Response/Error') do |element| + error = element.text + end + expect(error).to eq('Feature not configured, please contact your admin!') + + end + + it 'does log call' do + + # outbound - I - new call + params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&callId=1234567890-1&user%5B%5D=user+1' + post '/api/v1/sipgate/out', params: params + expect(@response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-1') + expect(log).to be_truthy + expect(log.from).to eq('4930777000000') + expect(log.to).to eq('4912347114711') + expect(log.direction).to eq('out') + expect(log.from_comment).to eq('user 1') + expect(log.to_comment).to eq('CallerId Customer1') + expect(log.comment).to be_nil + expect(log.state).to eq('newCall') + expect(log.done).to eq(true) + + # outbound - I - hangup by agent + params = 'event=hangup&direction=out&callId=1234567890-1&cause=cancel' + post '/api/v1/sipgate/out', params: params + expect(@response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-1') + expect(log).to be_truthy + expect(log.from).to eq('4930777000000') + expect(log.to).to eq('4912347114711') + expect(log.direction).to eq('out') + expect(log.from_comment).to eq('user 1') + expect(log.to_comment).to eq('CallerId Customer1') + expect(log.comment).to eq('cancel') + expect(log.state).to eq('hangup') + expect(log.done).to eq(true) + + # outbound - II - new call + params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&callId=1234567890-2&user%5B%5D=user+1' + post '/api/v1/sipgate/out', params: params + expect(@response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-2') + expect(log).to be_truthy + expect(log.from).to eq('4930777000000') + expect(log.to).to eq('4912347114711') + expect(log.direction).to eq('out') + expect(log.from_comment).to eq('user 1') + expect(log.to_comment).to eq('CallerId Customer1') + expect(log.comment).to be_nil + expect(log.state).to eq('newCall') + expect(log.done).to eq(true) + + # outbound - II - answer by customer + params = 'event=answer&direction=out&callId=1234567890-2&from=4930600000000&to=4912347114711' + post '/api/v1/sipgate/out', params: params + expect(@response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-2') + expect(log).to be_truthy + expect(log.from).to eq('4930777000000') + expect(log.to).to eq('4912347114711') + expect(log.direction).to eq('out') + expect(log.from_comment).to eq('user 1') + expect(log.to_comment).to eq('CallerId Customer1') + expect(log.comment).to be_nil + expect(log.state).to eq('answer') + expect(log.done).to eq(true) + + # outbound - II - hangup by customer + params = 'event=hangup&direction=out&callId=1234567890-2&cause=normalClearing&from=4930600000000&to=4912347114711' + post '/api/v1/sipgate/out', params: params + expect(@response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-2') + expect(log).to be_truthy + expect(log.from).to eq('4930777000000') + expect(log.to).to eq('4912347114711') + expect(log.direction).to eq('out') + expect(log.from_comment).to eq('user 1') + expect(log.to_comment).to eq('CallerId Customer1') + expect(log.comment).to eq('normalClearing') + expect(log.state).to eq('hangup') + expect(log.done).to eq(true) + + # inbound - I - new call + params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&callId=1234567890-3&user%5B%5D=user+1' + post '/api/v1/sipgate/in', params: params + expect(@response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-3') + expect(log).to be_truthy + expect(log.to).to eq('4930600000000') + expect(log.from).to eq('4912347114711') + expect(log.direction).to eq('in') + expect(log.to_comment).to eq('user 1') + expect(log.from_comment).to eq('CallerId Customer1') + expect(log.comment).to be_nil + expect(log.state).to eq('newCall') + expect(log.done).to eq(false) + + # inbound - I - answer by customer + params = 'event=answer&direction=in&callId=1234567890-3&to=4930600000000&from=4912347114711' + post '/api/v1/sipgate/in', params: params + expect(@response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-3') + expect(log).to be_truthy + expect(log.to).to eq('4930600000000') + expect(log.from).to eq('4912347114711') + expect(log.direction).to eq('in') + expect(log.to_comment).to eq('user 1') + expect(log.from_comment).to eq('CallerId Customer1') + expect(log.comment).to be_nil + expect(log.state).to eq('answer') + expect(log.done).to eq(true) + + # inbound - I - hangup by customer + params = 'event=hangup&direction=in&callId=1234567890-3&cause=normalClearing&to=4930600000000&from=4912347114711' + post '/api/v1/sipgate/in', params: params + expect(@response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-3') + expect(log).to be_truthy + expect(log.to).to eq('4930600000000') + expect(log.from).to eq('4912347114711') + expect(log.direction).to eq('in') + expect(log.to_comment).to eq('user 1') + expect(log.from_comment).to eq('CallerId Customer1') + expect(log.comment).to eq('normalClearing') + expect(log.state).to eq('hangup') + expect(log.done).to eq(true) + + # inbound - II - new call + params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&callId=1234567890-4&user%5B%5D=user+1,user+2' + post '/api/v1/sipgate/in', params: params + expect(@response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-4') + expect(log).to be_truthy + expect(log.to).to eq('4930600000000') + expect(log.from).to eq('4912347114711') + expect(log.direction).to eq('in') + expect(log.to_comment).to eq('user 1,user 2') + expect(log.from_comment).to eq('CallerId Customer1') + expect(log.comment).to be_nil + expect(log.state).to eq('newCall') + expect(log.done).to eq(false) + + # inbound - II - answer by voicemail + params = 'event=answer&direction=in&callId=1234567890-4&to=4930600000000&from=4912347114711&user=voicemail' + post '/api/v1/sipgate/in', params: params + expect(@response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-4') + expect(log).to be_truthy + expect(log.to).to eq('4930600000000') + expect(log.from).to eq('4912347114711') + expect(log.direction).to eq('in') + expect(log.to_comment).to eq('voicemail') + expect(log.from_comment).to eq('CallerId Customer1') + expect(log.comment).to be_nil + expect(log.state).to eq('answer') + expect(log.done).to eq(true) + + # inbound - II - hangup by customer + params = 'event=hangup&direction=in&callId=1234567890-4&cause=normalClearing&to=4930600000000&from=4912347114711' + post '/api/v1/sipgate/in', params: params + expect(@response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-4') + expect(log).to be_truthy + expect(log.to).to eq('4930600000000') + expect(log.from).to eq('4912347114711') + expect(log.direction).to eq('in') + expect(log.to_comment).to eq('voicemail') + expect(log.from_comment).to eq('CallerId Customer1') + expect(log.comment).to eq('normalClearing') + expect(log.state).to eq('hangup') + expect(log.done).to eq(false) + + # inbound - III - new call + params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&callId=1234567890-5&user%5B%5D=user+1,user+2' + post '/api/v1/sipgate/in', params: params + expect(@response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-5') + expect(log).to be_truthy + expect(log.to).to eq('4930600000000') + expect(log.from).to eq('4912347114711') + expect(log.direction).to eq('in') + expect(log.to_comment).to eq('user 1,user 2') + expect(log.from_comment).to eq('CallerId Customer1') + expect(log.comment).to be_nil + expect(log.state).to eq('newCall') + expect(log.done).to eq(false) + + # inbound - III - hangup by customer + params = 'event=hangup&direction=in&callId=1234567890-5&cause=normalClearing&to=4930600000000&from=4912347114711' + post '/api/v1/sipgate/in', params: params + expect(@response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-5') + expect(log).to be_truthy + expect(log.to).to eq('4930600000000') + expect(log.from).to eq('4912347114711') + expect(log.direction).to eq('in') + expect(log.to_comment).to eq('user 1,user 2') + expect(log.from_comment).to eq('CallerId Customer1') + expect(log.comment).to eq('normalClearing') + expect(log.state).to eq('hangup') + expect(log.done).to eq(false) + + # inbound - IV - new call + params = 'event=newCall&direction=in&to=4930600000000&from=49999992222222&callId=1234567890-6&user%5B%5D=user+1,user+2' + post '/api/v1/sipgate/in', params: params + expect(@response).to have_http_status(200) + log = Cti::Log.find_by(call_id: '1234567890-6') + expect(log).to be_truthy + expect(log.to).to eq('4930600000000') + expect(log.from).to eq('49999992222222') + expect(log.direction).to eq('in') + expect(log.to_comment).to eq('user 1,user 2') + expect(log.from_comment).to eq('CallerId Customer3,CallerId Customer2') + expect(log.preferences['to']).to be_falsey + expect(log.preferences['from']).to be_truthy + expect(log.comment).to be_nil + expect(log.state).to eq('newCall') + expect(log.done).to eq(false) + + # get caller list + get '/api/v1/cti/log' + expect(@response).to have_http_status(401) + + authenticated_as(agent_user) + get '/api/v1/cti/log', as: :json + expect(@response).to have_http_status(200) + expect(json_response['list']).to be_a_kind_of(Array) + expect(json_response['list'].count).to eq(6) + expect(json_response['assets']).to be_truthy + expect(json_response['assets']['User']).to be_truthy + expect(json_response['assets']['User'][customer_user2.id.to_s]).to be_truthy + expect(json_response['assets']['User'][customer_user3.id.to_s]).to be_truthy + expect(json_response['list'][0]['call_id']).to eq('1234567890-6') + expect(json_response['list'][1]['call_id']).to eq('1234567890-5') + expect(json_response['list'][2]['call_id']).to eq('1234567890-4') + expect(json_response['list'][3]['call_id']).to eq('1234567890-3') + expect(json_response['list'][4]['call_id']).to eq('1234567890-2') + expect(json_response['list'][4]['state']).to eq('hangup') + expect(json_response['list'][4]['from']).to eq('4930777000000') + expect(json_response['list'][4]['from_comment']).to eq('user 1') + expect(json_response['list'][4]['to']).to eq('4912347114711') + expect(json_response['list'][4]['to_comment']).to eq('CallerId Customer1') + expect(json_response['list'][4]['comment']).to eq('normalClearing') + expect(json_response['list'][4]['state']).to eq('hangup') + expect(json_response['list'][5]['call_id']).to eq('1234567890-1') + end + end +end diff --git a/spec/requests/o_auth_spec.rb b/spec/requests/o_auth_spec.rb new file mode 100644 index 000000000..4f7405369 --- /dev/null +++ b/spec/requests/o_auth_spec.rb @@ -0,0 +1,31 @@ +require 'rails_helper' + +RSpec.describe 'OAuth', type: :request do + + describe 'request handling' do + + it 'does o365 - start' do + get '/auth/microsoft_office365' + expect(response).to have_http_status(302) + expect(response.body).to include('https://login.microsoftonline.com/common/oauth2/v2.0/authorize') + expect(response.body).to include('redirect_uri=http%3A%2F%2Fzammad.example.com%2Fauth%2Fmicrosoft_office365%2Fcallback') + expect(response.body).to include('scope=openid+email+profile') + expect(response.body).to include('response_type=code') + end + + it 'does o365 - callback' do + get '/auth/microsoft_office365/callback?code=1234&state=1234' + expect(response).to have_http_status(302) + expect(response.body).to include('302 Moved') + end + + it 'does auth failure' do + get '/auth/failure?message=123&strategy=some_provider' + expect(response).to have_http_status(422) + expect(response.body).to include('422: Unprocessable Entity') + expect(response.body).to include('

422: The change you wanted was rejected.

') + expect(response.body).to include('
Message from some_provider: 123
') + end + end + +end diff --git a/spec/requests/organization_spec.rb b/spec/requests/organization_spec.rb new file mode 100644 index 000000000..2ce65cbdc --- /dev/null +++ b/spec/requests/organization_spec.rb @@ -0,0 +1,557 @@ +require 'rails_helper' + +RSpec.describe 'Organization', type: :request, searchindex: true do + + let!(:admin_user) do + create(:admin_user, groups: Group.all) + end + let!(:agent_user) do + create(:agent_user, firstname: 'Search 1234', groups: Group.all) + end + let!(:customer_user) do + create(:customer_user) + end + let!(:organization) do + create( + :organization, + name: 'Rest Org #1', + note: 'Rest Org #1', + created_at: '2017-09-05 10:00:00', + ) + end + let!(:organization2) do + create( + :organization, + name: 'Rest Org #2', + note: 'Rest Org #2', + created_at: '2017-09-05 11:00:00', + ) + end + let!(:organization3) do + create( + :organization, + name: 'Rest Org #3', + note: 'Rest Org #3', + created_at: '2017-09-05 12:00:00', + ) + end + let!(:customer_user2) do + create(:customer_user, organization: organization) + end + + before(:each) do + configure_elasticsearch do + + travel 1.minute + + rebuild_searchindex + + # execute background jobs + Scheduler.worker(true) + + sleep 6 + end + end + + describe 'request handling' do + + it 'does index with agent' do + + # index + authenticated_as(agent_user) + get '/api/v1/organizations', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response[0]['member_ids']).to be_a_kind_of(Array) + expect(json_response.length >= 3).to be_truthy + + get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + organizations = Organization.order(:id).limit(2) + expect(json_response[0]['id']).to eq(organizations[0].id) + expect(json_response[0]['member_ids']).to eq(organizations[0].member_ids) + expect(json_response[1]['id']).to eq(organizations[1].id) + expect(json_response[1]['member_ids']).to eq(organizations[1].member_ids) + expect(json_response.count).to eq(2) + + get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + organizations = Organization.order(:id).limit(4) + expect(json_response[0]['id']).to eq(organizations[2].id) + expect(json_response[0]['member_ids']).to eq(organizations[2].member_ids) + expect(json_response[1]['id']).to eq(organizations[3].id) + expect(json_response[1]['member_ids']).to eq(organizations[3].member_ids) + + expect(json_response.count).to eq(2) + + # show/:id + get "/api/v1/organizations/#{organization.id}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['member_ids']).to be_a_kind_of(Array) + expect(json_response['members']).to be_falsey + expect('Rest Org #1').to eq(json_response['name']) + + get "/api/v1/organizations/#{organization2.id}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['member_ids']).to be_a_kind_of(Array) + expect(json_response['members']).to be_falsey + expect('Rest Org #2').to eq(json_response['name']) + + # search as agent + Scheduler.worker(true) + get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response[0]['name']).to eq('Zammad Foundation') + expect(json_response[0]['member_ids']).to be_truthy + expect(json_response[0]['members']).to be_falsey + + get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response[0]['name']).to eq('Zammad Foundation') + expect(json_response[0]['member_ids']).to be_truthy + expect(json_response[0]['members']).to be_truthy + + get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response[0]['label']).to eq('Zammad Foundation') + expect(json_response[0]['value']).to eq('Zammad Foundation') + expect(json_response[0]['member_ids']).to be_falsey + expect(json_response[0]['members']).to be_falsey + end + + it 'does index with customer1' do + + # index + authenticated_as(customer_user) + get '/api/v1/organizations', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response.length).to eq(0) + + # show/:id + get "/api/v1/organizations/#{organization.id}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['name']).to be_nil + + get "/api/v1/organizations/#{organization2.id}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['name']).to be_nil + + # search + Scheduler.worker(true) + get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, as: :json + expect(response).to have_http_status(401) + end + + it 'does index with customer2' do + + # index + authenticated_as(customer_user2) + get '/api/v1/organizations', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response.length).to eq(1) + + # show/:id + get "/api/v1/organizations/#{organization.id}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect('Rest Org #1').to eq(json_response['name']) + + get "/api/v1/organizations/#{organization2.id}", params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['name']).to be_nil + + # search + Scheduler.worker(true) + get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, as: :json + expect(response).to have_http_status(401) + end + + it 'does organization search sortable' do + authenticated_as(admin_user) + get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: {}, as: :json + expect(response).to have_http_status(200) + result = json_response + result.collect! { |v| v['id'] } + expect(result).to be_a_kind_of(Array) + expect(result).to eq([ organization.id, organization3.id, organization2.id ]) + + get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'created_at', order_by: 'asc' }, as: :json + expect(response).to have_http_status(200) + result = json_response + result.collect! { |v| v['id'] } + expect(result).to be_a_kind_of(Array) + expect(result).to eq([ organization.id, organization2.id, organization3.id ]) + + get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'note', order_by: 'asc' }, as: :json + expect(response).to have_http_status(200) + result = json_response + result.collect! { |v| v['id'] } + expect(result).to be_a_kind_of(Array) + expect(result).to eq([ organization.id, organization2.id, organization3.id ]) + + get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'note', order_by: 'desc' }, as: :json + expect(response).to have_http_status(200) + result = json_response + result.collect! { |v| v['id'] } + expect(result).to be_a_kind_of(Array) + expect(result).to eq([ organization3.id, organization2.id, organization.id ]) + + get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: %w[note created_at], order_by: %w[desc asc] }, as: :json + expect(response).to have_http_status(200) + result = json_response + result.collect! { |v| v['id'] } + expect(result).to be_a_kind_of(Array) + expect(result).to eq([ organization3.id, organization2.id, organization.id ]) + end + + it 'does organization show and response format' do + organization = create( + :organization, + name: 'Rest Org NEW', + members: [customer_user], + updated_by_id: admin_user.id, + created_by_id: admin_user.id, + ) + + authenticated_as(admin_user) + get "/api/v1/organizations/#{organization.id}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['id']).to eq(organization.id) + expect(json_response['name']).to eq(organization.name) + expect(json_response['members']).to be_falsey + expect(json_response['member_ids']).to eq([customer_user.id]) + expect(json_response['updated_by_id']).to eq(admin_user.id) + expect(json_response['created_by_id']).to eq(admin_user.id) + + get "/api/v1/organizations/#{organization.id}?expand=true", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['id']).to eq(organization.id) + expect(json_response['name']).to eq(organization.name) + expect(json_response['members']).to be_truthy + expect(json_response['member_ids']).to eq([customer_user.id]) + expect(json_response['updated_by_id']).to eq(admin_user.id) + expect(json_response['created_by_id']).to eq(admin_user.id) + + get "/api/v1/organizations/#{organization.id}?expand=false", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['id']).to eq(organization.id) + expect(json_response['name']).to eq(organization.name) + expect(json_response['members']).to be_falsey + expect(json_response['member_ids']).to eq([customer_user.id]) + expect(json_response['updated_by_id']).to eq(admin_user.id) + expect(json_response['created_by_id']).to eq(admin_user.id) + + get "/api/v1/organizations/#{organization.id}?full=true", params: {}, as: :json + expect(response).to have_http_status(200) + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['id']).to eq(organization.id) + expect(json_response['assets']).to be_truthy + expect(json_response['assets']['Organization']).to be_truthy + expect(json_response['assets']['Organization'][organization.id.to_s]).to be_truthy + expect(json_response['assets']['Organization'][organization.id.to_s]['id']).to eq(organization.id) + expect(json_response['assets']['Organization'][organization.id.to_s]['name']).to eq(organization.name) + expect(json_response['assets']['Organization'][organization.id.to_s]['member_ids']).to eq(organization.member_ids) + expect(json_response['assets']['Organization'][organization.id.to_s]['members']).to be_falsey + + get "/api/v1/organizations/#{organization.id}?full=false", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['id']).to eq(organization.id) + expect(json_response['name']).to eq(organization.name) + expect(json_response['members']).to be_falsey + expect(json_response['member_ids']).to eq([customer_user.id]) + expect(json_response['updated_by_id']).to eq(admin_user.id) + expect(json_response['created_by_id']).to eq(admin_user.id) + end + + it 'does organization index and response format' do + organization = create( + :organization, + name: 'Rest Org NEW', + members: [customer_user], + updated_by_id: admin_user.id, + created_by_id: admin_user.id, + ) + + authenticated_as(admin_user) + get '/api/v1/organizations', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response[0].class).to eq(Hash) + expect(json_response.last['id']).to eq(organization.id) + expect(json_response.last['name']).to eq(organization.name) + expect(json_response.last['members']).to be_falsey + expect(json_response.last['member_ids']).to eq(organization.member_ids) + expect(json_response.last['updated_by_id']).to eq(admin_user.id) + expect(json_response.last['created_by_id']).to eq(admin_user.id) + + get '/api/v1/organizations?expand=true', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response[0].class).to eq(Hash) + expect(json_response.last['id']).to eq(organization.id) + expect(json_response.last['name']).to eq(organization.name) + expect(json_response.last['member_ids']).to eq(organization.member_ids) + expect([customer_user.login]).to eq(organization.members.pluck(:login)) + expect(json_response.last['updated_by_id']).to eq(admin_user.id) + expect(json_response.last['created_by_id']).to eq(admin_user.id) + + get '/api/v1/organizations?expand=false', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response[0].class).to eq(Hash) + expect(json_response.last['id']).to eq(organization.id) + expect(json_response.last['name']).to eq(organization.name) + expect(json_response.last['members']).to be_falsey + expect(json_response.last['member_ids']).to eq(organization.member_ids) + expect(json_response.last['updated_by_id']).to eq(admin_user.id) + expect(json_response.last['created_by_id']).to eq(admin_user.id) + + get '/api/v1/organizations?full=true', params: {}, as: :json + expect(response).to have_http_status(200) + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['record_ids'].class).to eq(Array) + expect(json_response['record_ids'][0]).to eq(1) + expect(json_response['record_ids'].last).to eq(organization.id) + expect(json_response['assets']).to be_truthy + expect(json_response['assets']['Organization']).to be_truthy + expect(json_response['assets']['Organization'][organization.id.to_s]).to be_truthy + expect(json_response['assets']['Organization'][organization.id.to_s]['id']).to eq(organization.id) + expect(json_response['assets']['Organization'][organization.id.to_s]['name']).to eq(organization.name) + expect(json_response['assets']['Organization'][organization.id.to_s]['member_ids']).to eq(organization.member_ids) + expect(json_response['assets']['Organization'][organization.id.to_s]['members']).to be_falsey + + get '/api/v1/organizations?full=false', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response[0].class).to eq(Hash) + expect(json_response.last['id']).to eq(organization.id) + expect(json_response.last['name']).to eq(organization.name) + expect(json_response.last['members']).to be_falsey + expect(json_response.last['member_ids']).to eq(organization.member_ids) + expect(json_response.last['updated_by_id']).to eq(admin_user.id) + expect(json_response.last['created_by_id']).to eq(admin_user.id) + end + + it 'does ticket create and response format' do + params = { + name: 'Rest Org NEW', + members: [customer_user.login], + } + + authenticated_as(admin_user) + post '/api/v1/organizations', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + + organization = Organization.find(json_response['id']) + expect(json_response['name']).to eq(organization.name) + expect(json_response['member_ids']).to eq(organization.member_ids) + expect(json_response['members']).to be_falsey + expect(json_response['updated_by_id']).to eq(admin_user.id) + expect(json_response['created_by_id']).to eq(admin_user.id) + + params[:name] = 'Rest Org NEW #2' + post '/api/v1/organizations?expand=true', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + + organization = Organization.find(json_response['id']) + expect(json_response['name']).to eq(organization.name) + expect(json_response['member_ids']).to eq(organization.member_ids) + expect(json_response['members']).to eq(organization.members.pluck(:login)) + expect(json_response['updated_by_id']).to eq(admin_user.id) + expect(json_response['created_by_id']).to eq(admin_user.id) + + params[:name] = 'Rest Org NEW #3' + post '/api/v1/organizations?full=true', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + + organization = Organization.find(json_response['id']) + expect(json_response['assets']).to be_truthy + expect(json_response['assets']['Organization']).to be_truthy + expect(json_response['assets']['Organization'][organization.id.to_s]).to be_truthy + expect(json_response['assets']['Organization'][organization.id.to_s]['id']).to eq(organization.id) + expect(json_response['assets']['Organization'][organization.id.to_s]['name']).to eq(organization.name) + expect(json_response['assets']['Organization'][organization.id.to_s]['member_ids']).to eq(organization.member_ids) + expect(json_response['assets']['Organization'][organization.id.to_s]['members']).to be_falsey + + end + + it 'does ticket update and response formats' do + organization = create( + :organization, + name: 'Rest Org NEW', + members: [customer_user], + updated_by_id: admin_user.id, + created_by_id: admin_user.id, + ) + + params = { + name: 'a update name #1', + } + authenticated_as(admin_user) + put "/api/v1/organizations/#{organization.id}", params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + + organization = Organization.find(json_response['id']) + expect(json_response['name']).to eq(params[:name]) + expect(json_response['member_ids']).to eq(organization.member_ids) + expect(json_response['members']).to be_falsey + expect(json_response['updated_by_id']).to eq(admin_user.id) + expect(json_response['created_by_id']).to eq(admin_user.id) + + params = { + name: 'a update name #2', + } + put "/api/v1/organizations/#{organization.id}?expand=true", params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + + organization = Organization.find(json_response['id']) + expect(json_response['name']).to eq(params[:name]) + expect(json_response['member_ids']).to eq(organization.member_ids) + expect([customer_user.login]).to eq(organization.members.pluck(:login)) + expect(json_response['updated_by_id']).to eq(admin_user.id) + expect(json_response['created_by_id']).to eq(admin_user.id) + + params = { + name: 'a update name #3', + } + put "/api/v1/organizations/#{organization.id}?full=true", params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + + organization = Organization.find(json_response['id']) + expect(json_response['assets']).to be_truthy + expect(json_response['assets']['Organization']).to be_truthy + expect(json_response['assets']['Organization'][organization.id.to_s]).to be_truthy + expect(json_response['assets']['Organization'][organization.id.to_s]['id']).to eq(organization.id) + expect(json_response['assets']['Organization'][organization.id.to_s]['name']).to eq(params[:name]) + expect(json_response['assets']['Organization'][organization.id.to_s]['member_ids']).to eq(organization.member_ids) + expect(json_response['assets']['Organization'][organization.id.to_s]['members']).to be_falsey + + end + + it 'does csv example - customer no access' do + authenticated_as(customer_user) + get '/api/v1/organizations/import_example', params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response['error']).to eq('Not authorized (user)!') + end + + it 'does csv example - admin access' do + authenticated_as(admin_user) + get '/api/v1/organizations/import_example', params: {}, as: :json + expect(response).to have_http_status(200) + + rows = CSV.parse(@response.body) + header = rows.shift + + expect(header[0]).to eq('id') + expect(header[1]).to eq('name') + expect(header[2]).to eq('shared') + expect(header[3]).to eq('domain') + expect(header[4]).to eq('domain_assignment') + expect(header[5]).to eq('active') + expect(header[6]).to eq('note') + expect(header.include?('members')).to be_truthy + end + + it 'does csv import - admin access' do + + UserInfo.current_user_id = 1 + customer1 = create( + :customer_user, + login: 'customer1-members@example.com', + firstname: 'Member', + lastname: 'Customer', + email: 'customer1-members@example.com', + password: 'customerpw', + active: true, + ) + customer2 = create( + :customer_user, + login: 'customer2-members@example.com', + firstname: 'Member', + lastname: 'Customer', + email: 'customer2-members@example.com', + password: 'customerpw', + active: true, + ) + UserInfo.current_user_id = nil + + # invalid file + authenticated_as(admin_user) + csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple_col_not_existing.csv') + csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') + post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' } + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + + expect(json_response['try']).to eq(true) + expect(json_response['records'].count).to eq(2) + expect(json_response['result']).to eq('failed') + expect(json_response['errors'].count).to eq(2) + expect(json_response['errors'][0]).to eq("Line 1: unknown attribute 'name2' for Organization.") + expect(json_response['errors'][1]).to eq("Line 2: unknown attribute 'name2' for Organization.") + + # valid file try + csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv') + csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') + post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' } + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + + expect(json_response['try']).to eq(true) + expect(json_response['records'].count).to eq(2) + expect(json_response['result']).to eq('success') + + expect(Organization.find_by(name: 'organization-member-import1')).to be_nil + expect(Organization.find_by(name: 'organization-member-import2')).to be_nil + + # valid file + csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv') + csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') + post '/api/v1/organizations/import', params: { file: csv_file, col_sep: ';' } + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + + expect(json_response['try']).to eq(false) + expect(json_response['records'].count).to eq(2) + expect(json_response['result']).to eq('success') + + organization1 = Organization.find_by(name: 'organization-member-import1') + expect(organization1).to be_truthy + expect(organization1.name).to eq('organization-member-import1') + expect(organization1.members.count).to eq(1) + expect(organization1.members.first.login).to eq(customer1.login) + expect(organization1.active).to eq(true) + organization2 = Organization.find_by(name: 'organization-member-import2') + expect(organization2).to be_truthy + expect(organization2.name).to eq('organization-member-import2') + expect(organization2.members.count).to eq(1) + expect(organization2.members.first.login).to eq(customer2.login) + expect(organization2.active).to eq(false) + end + end +end diff --git a/spec/requests/overview_spec.rb b/spec/requests/overview_spec.rb new file mode 100644 index 000000000..a46ada2f4 --- /dev/null +++ b/spec/requests/overview_spec.rb @@ -0,0 +1,186 @@ +require 'rails_helper' + +RSpec.describe 'Overviews', type: :request do + + let(:admin_user) do + create(:admin_user) + end + + describe 'request handling' do + + it 'does return no permissions' do + params = { + name: 'Overview2', + link: 'my_overview', + roles: Role.where(name: 'Agent').pluck(:name), + condition: { + 'ticket.state_id' => { + operator: 'is', + value: [1, 2, 3], + }, + }, + order: { + by: 'created_at', + direction: 'DESC', + }, + view: { + d: %w[title customer state created_at], + s: %w[number title customer state created_at], + m: %w[number title customer state created_at], + view_mode_default: 's', + }, + } + + agent_user = create(:agent_user, password: 'we need a password here') + + authenticated_as(agent_user) + post '/api/v1/overviews', params: params, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('authentication failed') + end + + it 'does create overviews' do + params = { + name: 'Overview2', + link: 'my_overview', + roles: Role.where(name: 'Agent').pluck(:name), + condition: { + 'ticket.state_id' => { + operator: 'is', + value: [1, 2, 3], + }, + }, + order: { + by: 'created_at', + direction: 'DESC', + }, + view: { + d: %w[title customer state created_at], + s: %w[number title customer state created_at], + m: %w[number title customer state created_at], + view_mode_default: 's', + }, + } + + authenticated_as(admin_user) + post '/api/v1/overviews', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['name']).to eq('Overview2') + expect(json_response['link']).to eq('my_overview') + + post '/api/v1/overviews', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['name']).to eq('Overview2') + expect(json_response['link']).to eq('my_overview_1') + end + + it 'does set mass prio' do + roles = Role.where(name: 'Agent') + overview1 = Overview.create!( + name: 'Overview1', + link: 'my_overview', + roles: roles, + condition: { + 'ticket.state_id' => { + operator: 'is', + value: [1, 2, 3], + }, + }, + order: { + by: 'created_at', + direction: 'DESC', + }, + view: { + d: %w[title customer state created_at], + s: %w[number title customer state created_at], + m: %w[number title customer state created_at], + view_mode_default: 's', + }, + prio: 1, + updated_by_id: 1, + created_by_id: 1, + ) + overview2 = Overview.create!( + name: 'Overview2', + link: 'my_overview', + roles: roles, + condition: { + 'ticket.state_id' => { + operator: 'is', + value: [1, 2, 3], + }, + }, + order: { + by: 'created_at', + direction: 'DESC', + }, + view: { + d: %w[title customer state created_at], + s: %w[number title customer state created_at], + m: %w[number title customer state created_at], + view_mode_default: 's', + }, + prio: 2, + updated_by_id: 1, + created_by_id: 1, + ) + + params = { + prios: [ + [overview2.id, 1], + [overview1.id, 2], + ] + } + authenticated_as(admin_user) + post '/api/v1/overviews_prio', params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['success']).to eq(true) + + overview1.reload + overview2.reload + + expect(overview1.prio).to eq(2) + expect(overview2.prio).to eq(1) + end + + it 'does create an overview with group_by direction' do + + params = { + name: 'Overview2', + link: 'my_overview', + roles: Role.where(name: 'Agent').pluck(:name), + condition: { + 'ticket.state_id' => { + operator: 'is', + value: [1, 2, 3], + }, + }, + order: { + by: 'created_at', + direction: 'DESC', + }, + group_by: 'priority', + group_direction: 'ASC', + view: { + d: %w[title customer state created_at], + s: %w[number title customer state created_at], + m: %w[number title customer state created_at], + view_mode_default: 's', + }, + } + + authenticated_as(admin_user) + post '/api/v1/overviews', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['name']).to eq('Overview2') + expect(json_response['link']).to eq('my_overview') + expect(json_response['group_by']).to eq('priority') + expect(json_response['group_direction']).to eq('ASC') + end + end +end diff --git a/spec/requests/package_spec.rb b/spec/requests/package_spec.rb new file mode 100644 index 000000000..af1eb82c3 --- /dev/null +++ b/spec/requests/package_spec.rb @@ -0,0 +1,75 @@ +require 'rails_helper' + +RSpec.describe 'Packages', type: :request do + + let(:admin_user) do + create(:admin_user) + end + let(:agent_user) do + create(:agent_user) + end + let(:customer_user) do + create(:customer_user) + end + + describe 'request handling' do + + it 'does packages index with nobody' do + get '/api/v1/packages', as: :json + expect(response).to have_http_status(401) + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['packages']).to be_falsey + expect(json_response['error']).to eq('authentication failed') + end + + it 'does packages index with admin' do + authenticated_as(admin_user) + get '/api/v1/packages', as: :json + + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['packages']).to be_truthy + end + + it 'does packages index with admin and wrong pw' do + authenticated_as(admin_user, password: 'wrongadminpw') + get '/api/v1/packages', as: :json + + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('authentication failed') + end + + it 'does packages index with inactive admin' do + admin_user = create(:admin_user, active: false, password: 'we need a password here') + + authenticated_as(admin_user) + get '/api/v1/packages', as: :json + + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('authentication failed') + end + + it 'does packages index with agent' do + authenticated_as(agent_user) + get '/api/v1/packages', as: :json + + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['packages']).to be_falsey + expect(json_response['error']).to eq('Not authorized (user)!') + end + + it 'does packages index with customer' do + authenticated_as(customer_user) + get '/api/v1/packages', as: :json + + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['packages']).to be_falsey + expect(json_response['error']).to eq('Not authorized (user)!') + end + end +end diff --git a/spec/requests/report_spec.rb b/spec/requests/report_spec.rb new file mode 100644 index 000000000..dcd2dcc80 --- /dev/null +++ b/spec/requests/report_spec.rb @@ -0,0 +1,59 @@ +require 'rails_helper' + +RSpec.describe 'Report', type: :request, searchindex: true do + + let!(:admin_user) do + create(:admin_user) + end + let!(:agent_user) do + create(:agent_user) + end + let!(:customer_user) do + create(:customer_user) + end + let!(:year) do + DateTime.now.utc.year + end + let!(:month) do + DateTime.now.utc.month + end + let!(:week) do + DateTime.now.utc.strftime('%U').to_i + end + let!(:day) do + DateTime.now.utc.day + end + let!(:ticket) do + create(:ticket, title: 'ticket for report', customer: customer_user) + end + let!(:article) do + create(:ticket_article, ticket_id: ticket.id, type: Ticket::Article::Type.lookup(name: 'note') ) + end + + before(:each) do + configure_elasticsearch do + + travel 1.minute + + rebuild_searchindex + + # execute background jobs + Scheduler.worker(true) + + sleep 6 + end + end + + describe 'request handling' do + + it 'does report example - admin access' do + authenticated_as(admin_user) + get "/api/v1/reports/sets?sheet=true;metric=count;year=#{year};month=#{month};week=#{week};day=#{day};timeRange=year;profile_id=1;downloadBackendSelected=count::created", params: {}, as: :json + + expect(response).to have_http_status(200) + assert(@response['Content-Disposition']) + expect(@response['Content-Disposition']).to eq('attachment; filename="tickets--all--Created.xls"') + expect(@response['Content-Type']).to eq('application/vnd.ms-excel') + end + end +end diff --git a/spec/requests/search_spec.rb b/spec/requests/search_spec.rb new file mode 100644 index 000000000..32a41a24e --- /dev/null +++ b/spec/requests/search_spec.rb @@ -0,0 +1,330 @@ +require 'rails_helper' + +RSpec.describe 'Search', type: :request, searchindex: true do + + let!(:admin_user) do + create(:admin_user, groups: Group.all) + end + let!(:agent_user) do + create(:agent_user, firstname: 'Search 1234', groups: Group.all) + end + let!(:customer_user) do + create(:customer_user) + end + let!(:organization1) do + create(:organization, name: 'Rest Org') + end + let!(:organization2) do + create(:organization, name: 'Rest Org #2') + end + let!(:organization3) do + create(:organization, name: 'Rest Org #3') + end + let!(:organization4) do + create(:organization, name: 'Tes.t. Org') + end + let!(:organization5) do + create(:organization, name: 'ABC_D Org') + end + let!(:customer_user2) do + create(:customer_user, organization: organization1) + end + let!(:customer_user3) do + create(:customer_user, organization: organization1) + end + let!(:ticket1) do + create(:ticket, title: 'test 1234-1', customer: customer_user) + end + let!(:ticket2) do + create(:ticket, title: 'test 1234-2', customer: customer_user2) + end + let!(:ticket3) do + create(:ticket, title: 'test 1234-2', customer: customer_user3) + end + let!(:article1) do + create(:ticket_article, ticket_id: ticket1.id) + end + let!(:article2) do + create(:ticket_article, ticket_id: ticket2.id) + end + let!(:article3) do + create(:ticket_article, ticket_id: ticket3.id) + end + + before(:each) do + configure_elasticsearch do + + travel 1.minute + + rebuild_searchindex + + # execute background jobs + Scheduler.worker(true) + + sleep 6 + end + end + + describe 'request handling' do + + it 'does settings index with nobody' do + params = { + query: 'test 1234', + limit: 2, + } + + post '/api/v1/search/ticket', params: params, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response).to_not be_blank + expect(json_response['error']).to eq('authentication failed') + + post '/api/v1/search/user', params: params, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response).to_not be_blank + expect(json_response['error']).to eq('authentication failed') + + post '/api/v1/search', params: params, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response).to_not be_blank + expect(json_response['error']).to eq('authentication failed') + end + + it 'does settings index with admin' do + params = { + query: '1234*', + limit: 1, + } + authenticated_as(admin_user) + post '/api/v1/search', params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response).to be_truthy + expect(json_response['result'][0]['type']).to eq('Ticket') + expect(json_response['result'][0]['id']).to eq(ticket3.id) + expect(json_response['result'][1]['type']).to eq('User') + expect(json_response['result'][1]['id']).to eq(agent_user.id) + expect(json_response['result'][2]).to be_falsey + + params = { + query: '1234*', + limit: 10, + } + + post '/api/v1/search', params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response).to be_truthy + expect(json_response['result'][0]['type']).to eq('Ticket') + expect(json_response['result'][0]['id']).to eq(ticket3.id) + expect(json_response['result'][1]['type']).to eq('Ticket') + expect(json_response['result'][1]['id']).to eq(ticket2.id) + expect(json_response['result'][2]['type']).to eq('Ticket') + expect(json_response['result'][2]['id']).to eq(ticket1.id) + expect(json_response['result'][3]['type']).to eq('User') + expect(json_response['result'][3]['id']).to eq(agent_user.id) + expect(json_response['result'][4]).to be_falsey + + params = { + query: '1234*', + limit: 10, + } + + post '/api/v1/search/ticket', params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response).to be_truthy + expect(json_response['result'][0]['type']).to eq('Ticket') + expect(json_response['result'][0]['id']).to eq(ticket3.id) + expect(json_response['result'][1]['type']).to eq('Ticket') + expect(json_response['result'][1]['id']).to eq(ticket2.id) + expect(json_response['result'][2]['type']).to eq('Ticket') + expect(json_response['result'][2]['id']).to eq(ticket1.id) + expect(json_response['result'][3]).to be_falsey + + params = { + query: '1234*', + limit: 10, + } + + post '/api/v1/search/user', params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['result'][0]['type']).to eq('User') + expect(json_response['result'][0]['id']).to eq(agent_user.id) + expect(json_response['result'][1]).to be_falsey + end + + it 'does settings index with agent' do + params = { + query: '1234*', + limit: 1, + } + + authenticated_as(agent_user) + post '/api/v1/search', params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response).to be_truthy + expect(json_response['result'][0]['type']).to eq('Ticket') + expect(json_response['result'][0]['id']).to eq(ticket3.id) + expect(json_response['result'][1]['type']).to eq('User') + expect(json_response['result'][1]['id']).to eq(agent_user.id) + expect(json_response['result'][2]).to be_falsey + + params = { + query: '1234*', + limit: 10, + } + + post '/api/v1/search', params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response).to be_truthy + expect(json_response['result'][0]['type']).to eq('Ticket') + expect(json_response['result'][0]['id']).to eq(ticket3.id) + expect(json_response['result'][1]['type']).to eq('Ticket') + expect(json_response['result'][1]['id']).to eq(ticket2.id) + expect(json_response['result'][2]['type']).to eq('Ticket') + expect(json_response['result'][2]['id']).to eq(ticket1.id) + expect(json_response['result'][3]['type']).to eq('User') + expect(json_response['result'][3]['id']).to eq(agent_user.id) + expect(json_response['result'][4]).to be_falsey + + params = { + query: '1234*', + limit: 10, + } + + post '/api/v1/search/ticket', params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response).to be_truthy + expect(json_response['result'][0]['type']).to eq('Ticket') + expect(json_response['result'][0]['id']).to eq(ticket3.id) + expect(json_response['result'][1]['type']).to eq('Ticket') + expect(json_response['result'][1]['id']).to eq(ticket2.id) + expect(json_response['result'][2]['type']).to eq('Ticket') + expect(json_response['result'][2]['id']).to eq(ticket1.id) + expect(json_response['result'][3]).to be_falsey + + params = { + query: '1234*', + limit: 10, + } + + post '/api/v1/search/user', params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['result'][0]['type']).to eq('User') + expect(json_response['result'][0]['id']).to eq(agent_user.id) + expect(json_response['result'][1]).to be_falsey + end + + it 'does settings index with customer 1' do + params = { + query: '1234*', + limit: 10, + } + + authenticated_as(customer_user) + post '/api/v1/search', params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response).to be_truthy + expect(json_response['result'][0]['type']).to eq('Ticket') + expect(json_response['result'][0]['id']).to eq(ticket1.id) + expect(json_response['result'][1]).to be_falsey + + params = { + query: '1234*', + limit: 10, + } + + post '/api/v1/search/ticket', params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response).to be_truthy + expect(json_response['result'][0]['type']).to eq('Ticket') + expect(json_response['result'][0]['id']).to eq(ticket1.id) + expect(json_response['result'][1]).to be_falsey + + params = { + query: '1234*', + limit: 10, + } + + post '/api/v1/search/user', params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['result'][0]).to be_falsey + end + + it 'does settings index with customer 2' do + params = { + query: '1234*', + limit: 10, + } + + authenticated_as(customer_user2) + post '/api/v1/search', params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response).to be_truthy + expect(json_response['result'][0]['type']).to eq('Ticket') + expect(json_response['result'][0]['id']).to eq(ticket3.id) + expect(json_response['result'][1]['type']).to eq('Ticket') + expect(json_response['result'][1]['id']).to eq(ticket2.id) + expect(json_response['result'][2]).to be_falsey + + params = { + query: '1234*', + limit: 10, + } + + post '/api/v1/search/ticket', params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response).to be_truthy + expect(json_response['result'][0]['type']).to eq('Ticket') + expect(json_response['result'][0]['id']).to eq(ticket3.id) + expect(json_response['result'][1]['type']).to eq('Ticket') + expect(json_response['result'][1]['id']).to eq(ticket2.id) + expect(json_response['result'][2]).to be_falsey + + params = { + query: '1234*', + limit: 10, + } + + post '/api/v1/search/user', params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['result'][0]).to be_falsey + end + + # Verify fix for Github issue #2058 - Autocomplete hangs on dot in the new user form + it 'does searching for organization with a dot in its name' do + authenticated_as(agent_user) + get '/api/v1/search/organization?query=tes.', as: :json + expect(response).to have_http_status(200) + expect(json_response['result'].size).to eq(1) + expect(json_response['result'][0]['type']).to eq('Organization') + target_id = json_response['result'][0]['id'] + expect(json_response['assets']['Organization'][target_id.to_s]['name']).to eq('Tes.t. Org') + end + + # Search query H& should correctly match H&M + it 'does searching for organization with _ in its name' do + authenticated_as(agent_user) + get '/api/v1/search/organization?query=abc_', as: :json + expect(response).to have_http_status(200) + expect(json_response['result'].size).to eq(1) + expect(json_response['result'][0]['type']).to eq('Organization') + target_id = json_response['result'][0]['id'] + expect(json_response['assets']['Organization'][target_id.to_s]['name']).to eq('ABC_D Org') + end + end +end diff --git a/spec/requests/settings_spec.rb b/spec/requests/settings_spec.rb new file mode 100644 index 000000000..e396592a9 --- /dev/null +++ b/spec/requests/settings_spec.rb @@ -0,0 +1,227 @@ +require 'rails_helper' + +RSpec.describe 'Settings', type: :request do + + let(:admin_user) do + create(:admin_user) + end + let(:admin_api_user) do + role_api = create(:role) + role_api.permission_grant('admin.api') + + create(:admin_user, roles: [role_api]) + end + let(:agent_user) do + create(:agent_user) + end + let(:customer_user) do + create(:customer_user) + end + + describe 'request handling' do + + it 'does settings index with nobody' do + + # index + get '/api/v1/settings', params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['settings']).to be_falsey + + # show + setting = Setting.find_by(name: 'product_name') + get "/api/v1/settings/#{setting.id}", params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response['error']).to eq('authentication failed') + end + + it 'does settings index with admin' do + + # index + authenticated_as(admin_user) + get '/api/v1/settings', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response).to be_truthy + hit_api = false + hit_product_name = false + json_response.each do |setting| + if setting['name'] == 'api_token_access' + hit_api = true + end + if setting['name'] == 'product_name' + hit_product_name = true + end + end + expect(hit_api).to eq(true) + expect(hit_product_name).to eq(true) + + # show + setting = Setting.find_by(name: 'product_name') + get "/api/v1/settings/#{setting.id}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['name']).to eq('product_name') + + setting = Setting.find_by(name: 'api_token_access') + get "/api/v1/settings/#{setting.id}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['name']).to eq('api_token_access') + + # update + setting = Setting.find_by(name: 'product_name') + params = { + id: setting.id, + name: 'some_new_name', + preferences: { + permission: ['admin.branding', 'admin.some_new_permission'], + some_new_key: true, + } + } + put "/api/v1/settings/#{setting.id}", params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['name']).to eq('product_name') + expect(json_response['preferences']['permission'].length).to eq(1) + expect(json_response['preferences']['permission'][0]).to eq('admin.branding') + expect(json_response['preferences']['some_new_key']).to eq(true) + + # update + setting = Setting.find_by(name: 'api_token_access') + params = { + id: setting.id, + name: 'some_new_name', + preferences: { + permission: ['admin.branding', 'admin.some_new_permission'], + some_new_key: true, + } + } + put "/api/v1/settings/#{setting.id}", params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['name']).to eq('api_token_access') + expect(json_response['preferences']['permission'].length).to eq(1) + expect(json_response['preferences']['permission'][0]).to eq('admin.api') + expect(json_response['preferences']['some_new_key']).to eq(true) + + # delete + setting = Setting.find_by(name: 'product_name') + delete "/api/v1/settings/#{setting.id}", params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response['error']).to eq('Not authorized (feature not possible)') + end + + it 'does settings index with admin-api' do + + # index + authenticated_as(admin_api_user) + get '/api/v1/settings', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response).to be_truthy + hit_api = false + hit_product_name = false + json_response.each do |setting| + if setting['name'] == 'api_token_access' + hit_api = true + end + if setting['name'] == 'product_name' + hit_product_name = true + end + end + expect(hit_api).to eq(true) + expect(hit_product_name).to eq(false) + + # show + setting = Setting.find_by(name: 'product_name') + get "/api/v1/settings/#{setting.id}", params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response['error']).to eq('Not authorized (required ["admin.branding"])') + + setting = Setting.find_by(name: 'api_token_access') + get "/api/v1/settings/#{setting.id}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['name']).to eq('api_token_access') + + # update + setting = Setting.find_by(name: 'product_name') + params = { + id: setting.id, + name: 'some_new_name', + preferences: { + permission: ['admin.branding', 'admin.some_new_permission'], + some_new_key: true, + } + } + put "/api/v1/settings/#{setting.id}", params: params, as: :json + expect(response).to have_http_status(401) + expect(json_response['error']).to eq('Not authorized (required ["admin.branding"])') + + # update + setting = Setting.find_by(name: 'api_token_access') + params = { + id: setting.id, + name: 'some_new_name', + preferences: { + permission: ['admin.branding', 'admin.some_new_permission'], + some_new_key: true, + } + } + put "/api/v1/settings/#{setting.id}", params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['name']).to eq('api_token_access') + expect(json_response['preferences']['permission'].length).to eq(1) + expect(json_response['preferences']['permission'][0]).to eq('admin.api') + expect(json_response['preferences']['some_new_key']).to eq(true) + + # delete + setting = Setting.find_by(name: 'product_name') + delete "/api/v1/settings/#{setting.id}", params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response['error']).to eq('Not authorized (feature not possible)') + end + + it 'does settings index with agent' do + + # index + authenticated_as(agent_user) + get '/api/v1/settings', params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['settings']).to be_falsey + expect(json_response['error']).to eq('Not authorized (user)!') + + # show + setting = Setting.find_by(name: 'product_name') + get "/api/v1/settings/#{setting.id}", params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response['error']).to eq('Not authorized (user)!') + end + + it 'does settings index with customer' do + + # index + authenticated_as(customer_user) + get '/api/v1/settings', params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['settings']).to be_falsey + expect(json_response['error']).to eq('Not authorized (user)!') + + # show + setting = Setting.find_by(name: 'product_name') + get "/api/v1/settings/#{setting.id}", params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response['error']).to eq('Not authorized (user)!') + + # delete + setting = Setting.find_by(name: 'product_name') + delete "/api/v1/settings/#{setting.id}", params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response['error']).to eq('Not authorized (user)!') + end + end +end diff --git a/spec/requests/sla_spec.rb b/spec/requests/sla_spec.rb new file mode 100644 index 000000000..9d52b9946 --- /dev/null +++ b/spec/requests/sla_spec.rb @@ -0,0 +1,45 @@ +require 'rails_helper' + +RSpec.describe 'SLAs', type: :request do + + let(:admin_user) do + create(:admin_user) + end + + describe 'request handling' do + + it 'does index sla with nobody' do + get '/api/v1/slas', as: :json + expect(response).to have_http_status(401) + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('authentication failed') + end + + it 'does index sla with admin' do + authenticated_as(admin_user) + get '/api/v1/slas', as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response).to be_truthy + expect(json_response.count).to eq(0) + + get '/api/v1/slas?expand=true', as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response).to be_truthy + expect(json_response.count).to eq(0) + + get '/api/v1/slas?full=true', as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response).to be_truthy + expect(json_response['record_ids']).to be_truthy + expect(json_response['record_ids']).to be_blank + expect(json_response['assets']).to be_truthy + expect(json_response['assets']['Calendar']).to be_present + expect(json_response['assets']).to be_present + end + end + +end diff --git a/spec/requests/taskbar_spec.rb b/spec/requests/taskbar_spec.rb new file mode 100644 index 000000000..bf7f67a7c --- /dev/null +++ b/spec/requests/taskbar_spec.rb @@ -0,0 +1,82 @@ +require 'rails_helper' + +RSpec.describe 'Taskbars', type: :request do + + let(:agent_user) do + create(:agent_user) + end + let(:customer_user) do + create(:customer_user) + end + + describe 'request handling' do + + it 'does task ownership' do + params = { + user_id: customer_user.id, + client_id: '123', + key: 'Ticket-5', + callback: 'TicketZoom', + state: { + ticket: { + owner_id: agent_user.id, + }, + article: {}, + }, + params: { + ticket_id: 5, + shown: true, + }, + prio: 3, + notify: false, + active: false, + } + + authenticated_as(agent_user) + post '/api/v1/taskbar', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['client_id']).to eq('123') + expect(json_response['user_id']).to eq(agent_user.id) + expect(json_response['params']['ticket_id']).to eq(5) + expect(json_response['params']['shown']).to eq(true) + + taskbar_id = json_response['id'] + params[:user_id] = customer_user.id + params[:params] = { + ticket_id: 5, + shown: false, + } + put "/api/v1/taskbar/#{taskbar_id}", params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['client_id']).to eq('123') + expect(json_response['user_id']).to eq(agent_user.id) + expect(json_response['params']['ticket_id']).to eq(5) + expect(json_response['params']['shown']).to eq(false) + + # try to access with other user + params = { + active: true, + } + + authenticated_as(customer_user) + put "/api/v1/taskbar/#{taskbar_id}", params: params, as: :json + expect(response).to have_http_status(422) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Not allowed to access this task.') + + delete "/api/v1/taskbar/#{taskbar_id}", params: {}, as: :json + expect(response).to have_http_status(422) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Not allowed to access this task.') + + # delete with correct user + authenticated_as(agent_user) + delete "/api/v1/taskbar/#{taskbar_id}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response).to be_blank + end + end +end diff --git a/spec/requests/text_module_spec.rb b/spec/requests/text_module_spec.rb new file mode 100644 index 000000000..026e3bf1a --- /dev/null +++ b/spec/requests/text_module_spec.rb @@ -0,0 +1,104 @@ +require 'rails_helper' +require 'byebug' + +RSpec.describe 'Text Module', type: :request do + + let(:admin_user) do + create(:admin_user) + end + let(:agent_user) do + create(:agent_user) + end + let(:customer_user) do + create(:customer_user) + end + + describe 'request handling' do + + it 'does csv example - customer no access' do + authenticated_as(customer_user) + get '/api/v1/text_modules/import_example', as: :json + expect(response).to have_http_status(401) + expect(json_response['error']).to eq('Not authorized (user)!') + end + + it 'does csv example - admin access' do + TextModule.load('en-en') + + authenticated_as(admin_user) + get '/api/v1/text_modules/import_example', as: :json + expect(response).to have_http_status(200) + rows = CSV.parse(@response.body) + header = rows.shift + + expect(header[0]).to eq('id') + expect(header[1]).to eq('name') + expect(header[2]).to eq('keywords') + expect(header[3]).to eq('content') + expect(header[4]).to eq('note') + expect(header[5]).to eq('active') + expect(header).to_not include('organization') + expect(header).to_not include('priority') + expect(header).to_not include('state') + expect(header).to_not include('owner') + expect(header).to_not include('customer') + end + + it 'does csv import - admin access' do + + # invalid file + csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple_col_not_existing.csv') + csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') + + authenticated_as(admin_user) + post '/api/v1/text_modules/import', params: { try: true, file: csv_file, col_sep: ';' } + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + + expect(json_response['try']).to be_truthy + expect(json_response['records'].count).to eq(2) + expect(json_response['result']).to eq('failed') + expect(json_response['errors'].count).to eq(2) + expect(json_response['errors'][0]).to eq("Line 1: unknown attribute 'keywords2' for TextModule.") + expect(json_response['errors'][1]).to eq("Line 2: unknown attribute 'keywords2' for TextModule.") + + # valid file try + csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple.csv') + csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') + post '/api/v1/text_modules/import?try=true', params: { file: csv_file, col_sep: ';' } + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + + expect(json_response['try']).to be_truthy + expect(json_response['records'].count).to eq(2) + expect(json_response['result']).to eq('success') + + expect(TextModule.find_by(name: 'some name1')).to be_nil + expect(TextModule.find_by(name: 'some name2')).to be_nil + + # valid file + csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple.csv') + csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') + post '/api/v1/text_modules/import', params: { file: csv_file, col_sep: ';' } + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + + expect(json_response['try']).to eq(false) + expect(json_response['records'].count).to eq(2) + expect(json_response['result']).to eq('success') + + text_module1 = TextModule.find_by(name: 'some name1') + expect(text_module1).to be_truthy + expect(text_module1.name).to eq('some name1') + expect(text_module1.keywords).to eq('keyword1') + expect(text_module1.content).to eq('some
content1') + expect(text_module1.active).to be_truthy + text_module2 = TextModule.find_by(name: 'some name2') + expect(text_module2).to be_truthy + expect(text_module2.name).to eq('some name2') + expect(text_module2.keywords).to eq('keyword2') + expect(text_module2.content).to eq('some content
test123') + expect(text_module2.active).to be_truthy + end + end +end diff --git a/spec/requests/ticket/article_attachments_spec.rb b/spec/requests/ticket/article_attachments_spec.rb new file mode 100644 index 000000000..bfbdaec32 --- /dev/null +++ b/spec/requests/ticket/article_attachments_spec.rb @@ -0,0 +1,113 @@ +require 'rails_helper' + +RSpec.describe 'Ticket Article Attachments', type: :request do + + let(:agent_user) do + create(:agent_user, groups: Group.all) + end + + describe 'request handling' do + + it 'does test attachment urls' do + ticket1 = create(:ticket) + article1 = create(:ticket_article, ticket_id: ticket1.id) + + store1 = Store.add( + object: 'Ticket::Article', + o_id: article1.id, + data: 'some content', + filename: 'some_file.txt', + preferences: { + 'Content-Type' => 'text/plain', + }, + created_by_id: 1, + ) + article2 = create(:ticket_article, ticket_id: ticket1.id) + + authenticated_as(agent_user) + get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store1.id}", params: {} + expect(response).to have_http_status(200) + expect('some content').to eq(@response.body) + + authenticated_as(agent_user) + get "/api/v1/ticket_attachment/#{ticket1.id}/#{article2.id}/#{store1.id}", params: {} + expect(response).to have_http_status(401) + expect(@response.body).to match(/401: Unauthorized/) + + ticket2 = create(:ticket) + ticket1.merge_to( + ticket_id: ticket2.id, + user_id: 1, + ) + + authenticated_as(agent_user) + get "/api/v1/ticket_attachment/#{ticket2.id}/#{article1.id}/#{store1.id}", params: {} + expect(response).to have_http_status(200) + expect('some content').to eq(@response.body) + + authenticated_as(agent_user) + get "/api/v1/ticket_attachment/#{ticket2.id}/#{article2.id}/#{store1.id}", params: {} + expect(response).to have_http_status(401) + expect(@response.body).to match(/401: Unauthorized/) + + # allow access via merged ticket id also + authenticated_as(agent_user) + get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store1.id}", params: {} + expect(response).to have_http_status(200) + expect('some content').to eq(@response.body) + + authenticated_as(agent_user) + get "/api/v1/ticket_attachment/#{ticket1.id}/#{article2.id}/#{store1.id}", params: {} + expect(response).to have_http_status(401) + expect(@response.body).to match(/401: Unauthorized/) + + end + + it 'does test attachments for split' do + email_file_path = Rails.root.join('test', 'data', 'mail', 'mail024.box') + email_raw_string = File.read(email_file_path) + ticket_p, article_p, user_p = Channel::EmailParser.new.process({}, email_raw_string) + + authenticated_as(agent_user) + get '/api/v1/ticket_split', params: { form_id: '1234-2', ticket_id: ticket_p.id, article_id: article_p.id }, as: :json + expect(response).to have_http_status(200) + expect(json_response['assets']).to be_truthy + expect(json_response['attachments']).to be_a_kind_of(Array) + expect(json_response['attachments'].count).to eq(1) + expect(json_response['attachments'][0]['filename']).to eq('rulesets-report.csv') + + end + + it 'does test attachments for forward' do + email_file_path = Rails.root.join('test', 'data', 'mail', 'mail008.box') + email_raw_string = File.read(email_file_path) + ticket_p, article_p, user_p = Channel::EmailParser.new.process({}, email_raw_string) + + authenticated_as(agent_user) + post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: {}, as: :json + expect(response).to have_http_status(422) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Need form_id to attach attachments to new form.') + + post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-1' }, as: :json + expect(response).to have_http_status(200) + expect(json_response['attachments']).to be_a_kind_of(Array) + expect(json_response['attachments']).to be_blank + + email_file_path = Rails.root.join('test', 'data', 'mail', 'mail024.box') + email_raw_string = File.read(email_file_path) + ticket_p, article_p, user_p = Channel::EmailParser.new.process({}, email_raw_string) + + post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-2' }, as: :json + expect(response).to have_http_status(200) + expect(json_response['attachments']).to be_a_kind_of(Array) + expect(json_response['attachments'].count).to eq(1) + expect(json_response['attachments'][0]['filename']).to eq('rulesets-report.csv') + + post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-2' }, as: :json + expect(response).to have_http_status(200) + expect(json_response['attachments']).to be_a_kind_of(Array) + expect(json_response['attachments']).to be_blank + end + end +end diff --git a/spec/requests/ticket/article_spec.rb b/spec/requests/ticket/article_spec.rb new file mode 100644 index 000000000..23beff28e --- /dev/null +++ b/spec/requests/ticket/article_spec.rb @@ -0,0 +1,475 @@ +require 'rails_helper' + +RSpec.describe 'Ticket Article', type: :request do + + let(:admin_user) do + create(:admin_user) + end + let(:agent_user) do + create(:agent_user, groups: Group.all) + end + let(:customer_user) do + create(:customer_user) + end + + describe 'request handling' do + + it 'does ticket create with agent and articles' do + params = { + title: 'a new ticket #1', + group: 'Users', + customer_id: customer_user.id, + article: { + body: 'some body', + } + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + + params = { + ticket_id: json_response['id'], + content_type: 'text/plain', # or text/html + body: 'some body', + type: 'note', + } + post '/api/v1/ticket_articles', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['subject']).to be_nil + expect(json_response['body']).to eq('some body') + expect(json_response['content_type']).to eq('text/plain') + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + + ticket = Ticket.find(json_response['ticket_id']) + expect(ticket.articles.count).to eq(2) + expect(ticket.articles[0].attachments.count).to eq(0) + expect(ticket.articles[1].attachments.count).to eq(0) + + params = { + ticket_id: json_response['ticket_id'], + content_type: 'text/html', # or text/html + body: 'some body Red dot', + type: 'note', + } + post '/api/v1/ticket_articles', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['subject']).to be_nil + expect(json_response['body']).to_not match(/some body Red dot 'some_file.txt', + 'data' => 'dGVzdCAxMjM=', + 'mime-type' => 'text/plain', + ], + } + post '/api/v1/ticket_articles', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['subject']).to be_nil + expect(json_response['body']).to eq('some body') + expect(json_response['content_type']).to eq('text/html') + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + + expect(ticket.articles.count).to eq(4) + expect(ticket.articles[0].attachments.count).to eq(0) + expect(ticket.articles[1].attachments.count).to eq(0) + expect(ticket.articles[2].attachments.count).to eq(1) + expect(ticket.articles[3].attachments.count).to eq(1) + + get "/api/v1/ticket_articles/#{json_response['id']}?expand=true", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['attachments'].count).to eq(1) + expect(json_response['attachments'][0]['id']).to be_truthy + expect(json_response['attachments'][0]['filename']).to eq('some_file.txt') + expect(json_response['attachments'][0]['size']).to eq('8') + expect(json_response['attachments'][0]['preferences']['Mime-Type']).to eq('text/plain') + + params = { + ticket_id: json_response['ticket_id'], + content_type: 'text/plain', + body: 'some body', + type: 'note', + preferences: { + some_key1: 123, + }, + } + post '/api/v1/ticket_articles', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['subject']).to be_nil + expect(json_response['body']).to eq('some body') + expect(json_response['content_type']).to eq('text/plain') + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + expect(json_response['preferences']['some_key1']).to eq(123) + expect(ticket.articles.count).to eq(5) + + params = { + body: 'some body 2', + preferences: { + some_key2: 'abc', + }, + } + put "/api/v1/ticket_articles/#{json_response['id']}", params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['subject']).to be_nil + expect(json_response['body']).to eq('some body 2') + expect(json_response['content_type']).to eq('text/plain') + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + expect(json_response['preferences']['some_key1']).to eq(123) + expect(json_response['preferences']['some_key2']).to eq('abc') + + end + + it 'does ticket create with customer and articles' do + params = { + title: 'a new ticket #2', + group: 'Users', + article: { + body: 'some body', + } + } + authenticated_as(customer_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + + params = { + ticket_id: json_response['id'], + content_type: 'text/plain', # or text/html + body: 'some body', + type: 'note', + } + post '/api/v1/ticket_articles', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['subject']).to be_nil + expect(json_response['body']).to eq('some body') + expect(json_response['content_type']).to eq('text/plain') + expect(json_response['updated_by_id']).to eq(customer_user.id) + expect(json_response['created_by_id']).to eq(customer_user.id) + + ticket = Ticket.find(json_response['ticket_id']) + expect(ticket.articles.count).to eq(2) + expect(ticket.articles[1].sender.name).to eq('Customer') + expect(ticket.articles[0].attachments.count).to eq(0) + expect(ticket.articles[1].attachments.count).to eq(0) + + params = { + ticket_id: json_response['ticket_id'], + content_type: 'text/plain', # or text/html + body: 'some body', + sender: 'Agent', + type: 'note', + } + post '/api/v1/ticket_articles', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['subject']).to be_nil + expect(json_response['body']).to eq('some body') + expect(json_response['content_type']).to eq('text/plain') + expect(json_response['updated_by_id']).to eq(customer_user.id) + expect(json_response['created_by_id']).to eq(customer_user.id) + + ticket = Ticket.find(json_response['ticket_id']) + expect(ticket.articles.count).to eq(3) + expect(ticket.articles[2].sender.name).to eq('Customer') + expect(ticket.articles[2].internal).to eq(false) + expect(ticket.articles[0].attachments.count).to eq(0) + expect(ticket.articles[1].attachments.count).to eq(0) + expect(ticket.articles[2].attachments.count).to eq(0) + + params = { + ticket_id: json_response['ticket_id'], + content_type: 'text/plain', # or text/html + body: 'some body 2', + sender: 'Agent', + type: 'note', + internal: true, + } + post '/api/v1/ticket_articles', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['subject']).to be_nil + expect(json_response['body']).to eq('some body 2') + expect(json_response['content_type']).to eq('text/plain') + expect(json_response['updated_by_id']).to eq(customer_user.id) + expect(json_response['created_by_id']).to eq(customer_user.id) + + ticket = Ticket.find(json_response['ticket_id']) + expect(ticket.articles.count).to eq(4) + expect(ticket.articles[3].sender.name).to eq('Customer') + expect(ticket.articles[3].internal).to eq(false) + expect(ticket.articles[0].attachments.count).to eq(0) + expect(ticket.articles[1].attachments.count).to eq(0) + expect(ticket.articles[2].attachments.count).to eq(0) + expect(ticket.articles[3].attachments.count).to eq(0) + + # add internal article + article = create( + :ticket_article, + ticket_id: ticket.id, + internal: true, + sender: Ticket::Article::Sender.find_by(name: 'Agent'), + type: Ticket::Article::Type.find_by(name: 'note'), + ) + expect(ticket.articles.count).to eq(5) + expect(ticket.articles[4].sender.name).to eq('Agent') + expect(ticket.articles[4].updated_by_id).to eq(1) + expect(ticket.articles[4].created_by_id).to eq(1) + expect(ticket.articles[0].attachments.count).to eq(0) + expect(ticket.articles[1].attachments.count).to eq(0) + expect(ticket.articles[2].attachments.count).to eq(0) + expect(ticket.articles[3].attachments.count).to eq(0) + expect(ticket.articles[4].attachments.count).to eq(0) + + get "/api/v1/ticket_articles/#{article.id}", params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Not authorized') + + put "/api/v1/ticket_articles/#{article.id}", params: { internal: false }, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Not authorized') + + end + + it 'does create phone ticket for customer and expected origin_by_id' do + params = { + title: 'a new ticket #1', + group: 'Users', + customer_id: customer_user.id, + article: { + body: 'some body', + sender: 'Customer', + type: 'phone', + } + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['title']).to eq('a new ticket #1') + + article = Ticket::Article.find_by(ticket_id: json_response['id']) + expect(article.origin_by_id).to eq(customer_user.id) + expect(article.from).to eq("#{customer_user.firstname} #{customer_user.lastname} <#{customer_user.email}>") + end + + it 'does create phone ticket by customer and manipulate origin_by_id' do + params = { + title: 'a new ticket #1', + group: 'Users', + customer_id: customer_user.id, + article: { + body: 'some body', + sender: 'Customer', + type: 'phone', + origin_by_id: 1, + } + } + authenticated_as(customer_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + + article = Ticket::Article.find_by(ticket_id: json_response['id']) + expect(article.origin_by_id).to eq(customer_user.id) + end + + it 'does ticket split with html - check attachments' do + ticket = create(:ticket) + article = create( + :ticket_article, + ticket_id: ticket.id, + type: Ticket::Article::Type.lookup(name: 'note'), + sender: Ticket::Article::Sender.lookup(name: 'Customer'), + body: 'test test ', + content_type: 'text/html', + ) + Store.add( + object: 'Ticket::Article', + o_id: article.id, + data: 'content_file1_normally_should_be_an_image', + filename: 'some_file1.jpg', + preferences: { + 'Content-Type' => 'image/jpeg', + 'Mime-Type' => 'image/jpeg', + 'Content-ID' => '15.274327094.140938@zammad.example.com', + 'Content-Disposition' => 'inline', + }, + created_by_id: 1, + ) + Store.add( + object: 'Ticket::Article', + o_id: article.id, + data: 'content_file2_normally_should_be_an_image', + filename: 'some_file2.jpg', + preferences: { + 'Content-Type' => 'image/jpeg', + 'Mime-Type' => 'image/jpeg', + 'Content-ID' => '15.274327094.140938.2@zammad.example.com', + 'Content-Disposition' => 'inline', + }, + created_by_id: 1, + ) + Store.add( + object: 'Ticket::Article', + o_id: article.id, + data: 'content_file3_normally_should_be_an_image', + filename: 'some_file3.jpg', + preferences: { + 'Content-Type' => 'image/jpeg', + 'Mime-Type' => 'image/jpeg', + 'Content-ID' => '15.274327094.140938.3@zammad.example.com', + }, + created_by_id: 1, + ) + Store.add( + object: 'Ticket::Article', + o_id: article.id, + data: 'content_file4_normally_should_be_an_image', + filename: 'some_file4.jpg', + preferences: { + 'Content-Type' => 'image/jpeg', + 'Mime-Type' => 'image/jpeg', + 'Content-ID' => '15.274327094.140938.4@zammad.example.com', + }, + created_by_id: 1, + ) + Store.add( + object: 'Ticket::Article', + o_id: article.id, + data: 'content_file1_normally_should_be_an_pdf', + filename: 'Rechnung_RE-2018-200.pdf', + preferences: { + 'Content-Type' => 'application/octet-stream; name="Rechnung_RE-2018-200.pdf"', + 'Mime-Type' => 'application/octet-stream', + 'Content-ID' => '8AB0BEC88984EE4EBEF643C79C8E0346@zammad.example.com', + 'Content-Description' => 'Rechnung_RE-2018-200.pdf', + 'Content-Disposition' => 'attachment', + }, + created_by_id: 1, + ) + + params = { + form_id: 'new_form_id123', + } + authenticated_as(agent_user) + post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['attachments']).to be_truthy + expect(json_response['attachments'].count).to eq(3) + + post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['attachments']).to be_truthy + expect(json_response['attachments'].count).to eq(0) + end + + it 'does ticket split with plain - check attachments' do + ticket = create( + :ticket, + updated_by_id: agent_user.id, + created_by_id: agent_user.id, + ) + article = create( + :ticket_article, + ticket_id: ticket.id, + type: Ticket::Article::Type.lookup(name: 'note'), + sender: Ticket::Article::Sender.lookup(name: 'Customer'), + body: 'test ', + content_type: 'text/plain', + updated_by_id: 1, + created_by_id: 1, + ) + Store.add( + object: 'Ticket::Article', + o_id: article.id, + data: 'content_file1_normally_should_be_an_image', + filename: 'some_file1.jpg', + preferences: { + 'Content-Type' => 'image/jpeg', + 'Mime-Type' => 'image/jpeg', + 'Content-ID' => '15.274327094.140938@zammad.example.com', + 'Content-Disposition' => 'inline', + }, + created_by_id: 1, + ) + Store.add( + object: 'Ticket::Article', + o_id: article.id, + data: 'content_file1_normally_should_be_an_image', + filename: 'some_file2.jpg', + preferences: { + 'Content-Type' => 'image/jpeg', + 'Mime-Type' => 'image/jpeg', + 'Content-ID' => '15.274327094.140938.2@zammad.example.com', + 'Content-Disposition' => 'inline', + }, + created_by_id: 1, + ) + Store.add( + object: 'Ticket::Article', + o_id: article.id, + data: 'content_file1_normally_should_be_an_pdf', + filename: 'Rechnung_RE-2018-200.pdf', + preferences: { + 'Content-Type' => 'application/octet-stream; name="Rechnung_RE-2018-200.pdf"', + 'Mime-Type' => 'application/octet-stream', + 'Content-ID' => '8AB0BEC88984EE4EBEF643C79C8E0346@zammad.example.com', + 'Content-Description' => 'Rechnung_RE-2018-200.pdf', + 'Content-Disposition' => 'attachment', + }, + created_by_id: 1, + ) + + params = { + form_id: 'new_form_id123', + } + authenticated_as(agent_user) + post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['attachments']).to be_truthy + expect(json_response['attachments'].count).to eq(3) + + post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['attachments']).to be_truthy + expect(json_response['attachments'].count).to eq(0) + end + end +end diff --git a/spec/requests/ticket/escalation_spec.rb b/spec/requests/ticket/escalation_spec.rb new file mode 100644 index 000000000..428dde87f --- /dev/null +++ b/spec/requests/ticket/escalation_spec.rb @@ -0,0 +1,153 @@ +require 'rails_helper' + +RSpec.describe 'Ticket Escalation', type: :request do + + let!(:agent_user) do + create(:agent_user, groups: Group.all) + end + let!(:customer_user) do + create(:customer_user) + end + let!(:calendar) do + create( + :calendar, + name: 'Escalation Test', + timezone: 'Europe/Berlin', + business_hours: { + mon: { + active: true, + timeframes: [ ['00:00', '23:59'] ] + }, + tue: { + active: true, + timeframes: [ ['00:00', '23:59'] ] + }, + wed: { + active: true, + timeframes: [ ['00:00', '23:59'] ] + }, + thu: { + active: true, + timeframes: [ ['00:00', '23:59'] ] + }, + fri: { + active: true, + timeframes: [ ['00:00', '23:59'] ] + }, + sat: { + active: true, + timeframes: [ ['00:00', '23:59'] ] + }, + sun: { + active: true, + timeframes: [ ['00:00', '23:59'] ] + }, + }, + default: true, + ical_url: nil, + ) + end + let!(:sla) do + create( + :sla, + name: 'test sla 1', + condition: { + 'ticket.title' => { + operator: 'contains', + value: 'some value 123', + }, + }, + first_response_time: 60, + update_time: 180, + solution_time: 240, + calendar: calendar, + ) + end + let!(:mail_group) do + create(:group, email_address: create(:email_address) ) + end + + describe 'request handling' do + + it 'does escalate by ticket created via web' do + params = { + title: 'some value 123', + group: mail_group.name, + article: { + body: 'some test 123', + }, + } + + authenticated_as(customer_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id) + expect(json_response['title']).to eq('some value 123') + expect(json_response['updated_by_id']).to eq(customer_user.id) + expect(json_response['created_by_id']).to eq(customer_user.id) + + ticket_p = Ticket.find(json_response['id']) + + expect(json_response['escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['escalation_at'].iso8601) + expect(json_response['first_response_escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['first_response_escalation_at'].iso8601) + expect(json_response['update_escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['update_escalation_at'].iso8601) + expect(json_response['close_escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['close_escalation_at'].iso8601) + + expect(ticket_p.escalation_at).to be_truthy + expect(ticket_p.first_response_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 1.hour).to_i) + expect(ticket_p.update_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 3.hours).to_i) + expect(ticket_p.close_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 4.hours).to_i) + expect(ticket_p.escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 1.hour).to_i) + end + + it 'does escalate by ticket got created via email - reply by agent via web' do + + email = "From: Bob Smith +To: #{mail_group.email_address.email} +Subject: some value 123 + +Some Text" + + ticket_p, article_p, user_p, mail = Channel::EmailParser.new.process({}, email) + ticket_p.reload + expect(ticket_p.escalation_at).to be_truthy + expect(ticket_p.first_response_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 1.hour).to_i) + expect(ticket_p.update_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 3.hours).to_i) + expect(ticket_p.close_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 4.hours).to_i) + expect(ticket_p.escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 1.hour).to_i) + + travel 3.hours + + params = { + title: 'some value 123 - update', + article: { + body: 'some test 123', + type: 'email', + to: 'customer@example.com', + }, + } + authenticated_as(agent_user) + put "/api/v1/tickets/#{ticket_p.id}", params: params, as: :json + + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'open').id) + expect(json_response['title']).to eq('some value 123 - update') + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(user_p.id) + + ticket_p.reload + expect(json_response['escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['escalation_at'].iso8601) + expect(json_response['first_response_escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['first_response_escalation_at'].iso8601) + expect(json_response['update_escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['update_escalation_at'].iso8601) + expect(json_response['close_escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['close_escalation_at'].iso8601) + + expect(ticket_p.first_response_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 1.hour).to_i) + expect(ticket_p.update_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.last_contact_agent_at + 3.hours).to_i) + expect(ticket_p.close_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 4.hours).to_i) + expect(ticket_p.escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 4.hours).to_i) + end + end +end diff --git a/spec/requests/ticket_spec.rb b/spec/requests/ticket_spec.rb new file mode 100644 index 000000000..2a779a782 --- /dev/null +++ b/spec/requests/ticket_spec.rb @@ -0,0 +1,2082 @@ +require 'rails_helper' + +RSpec.describe 'Ticket', type: :request do + + let!(:ticket_group) do + create(:group, email_address: create(:email_address) ) + end + let(:admin_user) do + create(:admin_user, groups: Group.all, firstname: 'Tickets', lastname: 'Admin') + end + let!(:agent_user) do + create(:agent_user, groups: Group.all, firstname: 'Tickets', lastname: 'Agent') + end + let!(:customer_user) do + create( + :customer_user, + login: 'tickets-customer1@example.com', + firstname: 'Tickets', + lastname: 'Customer1', + email: 'tickets-customer1@example.com', + ) + end + + describe 'request handling' do + + it 'does ticket create with agent - missing group (01.01)' do + params = { + title: 'a new ticket #1', + article: { + content_type: 'text/plain', # or text/html + body: 'some body', + sender: 'Customer', + type: 'note', + }, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(422) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error_human']).to eq('Group can\'t be blank') + end + + it 'does ticket create with agent - wrong group (01.02)' do + params = { + title: 'a new ticket #2', + group: 'not_existing', + article: { + content_type: 'text/plain', # or text/html + body: 'some body', + sender: 'Customer', + type: 'note', + }, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(422) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('No lookup value found for \'group\': "not_existing"') + end + + it 'does ticket create with agent - missing article.body (01.03)' do + params = { + title: 'a new ticket #3', + group: ticket_group.name, + priority: '2 normal', + state: 'new', + customer_id: customer_user.id, + article: {}, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(422) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Need at least article: { body: "some text" }') + end + + it 'does ticket create with agent - minimal article (01.03)' do + params = { + title: 'a new ticket #3', + group: ticket_group.name, + priority: '2 normal', + state: 'new', + customer_id: customer_user.id, + article: { + body: 'some test 123', + }, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id) + expect(json_response['title']).to eq('a new ticket #3') + expect(json_response['customer_id']).to eq(customer_user.id) + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + end + + it 'does ticket create with agent - minimal article and customer.email (01.04)' do + params = { + title: 'a new ticket #3', + group: ticket_group.name, + priority: '2 normal', + state: 'new', + customer: customer_user.email, + article: { + body: 'some test 123', + }, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id) + expect(json_response['title']).to eq('a new ticket #3') + expect(json_response['customer_id']).to eq(customer_user.id) + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + end + + it 'does ticket create with agent - wrong owner_id - 0 (01.05)' do + params = { + title: 'a new ticket #4', + group: ticket_group.name, + priority: '2 normal', + owner_id: 0, + state: 'new', + customer_id: customer_user.id, + article: { + body: 'some test 123', + }, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(422) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Invalid value for param \'owner_id\': 0') + end + + it 'does ticket create with agent - wrong owner_id - "" (01.06)' do + params = { + title: 'a new ticket #5', + group: ticket_group.name, + priority: '2 normal', + owner_id: '', + state: 'new', + customer_id: customer_user.id, + article: { + body: 'some test 123', + }, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id) + expect(json_response['title']).to eq('a new ticket #5') + expect(json_response['customer_id']).to eq(customer_user.id) + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + end + + it 'does ticket create with agent - wrong owner_id - 99999 (01.07)' do + params = { + title: 'a new ticket #6', + group: ticket_group.name, + priority: '2 normal', + owner_id: 99_999, + state: 'new', + customer_id: customer_user.id, + article: { + body: 'some test 123', + }, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(422) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Invalid value for param \'owner_id\': 99999') + end + + it 'does ticket create with agent - wrong owner_id - nil (01.08)' do + params = { + title: 'a new ticket #7', + group: ticket_group.name, + priority: '2 normal', + owner_id: nil, + state: 'new', + customer_id: customer_user.id, + article: { + body: 'some test 123', + }, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id) + expect(json_response['title']).to eq('a new ticket #7') + expect(json_response['customer_id']).to eq(customer_user.id) + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + end + + it 'does ticket create with agent - minimal article with guess customer (01.09)' do + params = { + title: 'a new ticket #9', + group: ticket_group.name, + priority: '2 normal', + state: 'new', + customer_id: 'guess:some_new_customer@example.com', + article: { + body: 'some test 123', + }, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id) + expect(json_response['title']).to eq('a new ticket #9') + expect(json_response['customer_id']).to eq(User.lookup(email: 'some_new_customer@example.com').id) + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + end + + it 'does ticket create with agent - minimal article with guess customer (01.10)' do + params = { + title: 'a new ticket #10', + group: ticket_group.name, + customer_id: 'guess:some_new_customer@example.com', + article: { + body: 'some test 123', + }, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id) + expect(json_response['title']).to eq('a new ticket #10') + expect(json_response['customer_id']).to eq(User.lookup(email: 'some_new_customer@example.com').id) + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + end + + it 'does ticket create with agent - minimal article with customer hash (01.11)' do + params = { + title: 'a new ticket #11', + group: ticket_group.name, + customer: { + firstname: 'some firstname', + lastname: 'some lastname', + email: 'some_new_customer@example.com', + }, + article: { + body: 'some test 123', + }, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id) + expect(json_response['title']).to eq('a new ticket #11') + expect(json_response['customer_id']).to eq(User.lookup(email: 'some_new_customer@example.com').id) + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + end + + it 'does ticket create with agent - minimal article with customer hash with article.origin_by (01.11)' do + params = { + title: 'a new ticket #11.1', + group: ticket_group.name, + customer: { + firstname: 'some firstname', + lastname: 'some lastname', + email: 'some_new_customer@example.com', + }, + article: { + body: 'some test 123', + origin_by: 'some_new_customer@example.com', + }, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id) + expect(json_response['title']).to eq('a new ticket #11.1') + expect(json_response['customer_id']).to eq(User.lookup(email: 'some_new_customer@example.com').id) + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + ticket = Ticket.find(json_response['id']) + article = ticket.articles.first + expect(article.updated_by_id).to eq(agent_user.id) + expect(article.created_by_id).to eq(agent_user.id) + expect(article.origin_by_id).to eq(User.lookup(email: 'some_new_customer@example.com').id) + expect(article.sender.name).to eq('Customer') + expect(article.type.name).to eq('note') + expect(article.from).to eq('some firstname some lastname') + end + + it 'does ticket create with agent - minimal article with customer hash with article.origin_by (01.11)' do + params = { + title: 'a new ticket #11.2', + group: ticket_group.name, + customer: { + firstname: 'some firstname', + lastname: 'some lastname', + email: 'some_new_customer@example.com', + }, + article: { + sender: 'Customer', + body: 'some test 123', + origin_by: 'some_new_customer@example.com', + }, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id) + expect(json_response['title']).to eq('a new ticket #11.2') + expect(json_response['customer_id']).to eq(User.lookup(email: 'some_new_customer@example.com').id) + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + ticket = Ticket.find(json_response['id']) + article = ticket.articles.first + expect(article.updated_by_id).to eq(agent_user.id) + expect(article.created_by_id).to eq(agent_user.id) + expect(article.origin_by_id).to eq(User.lookup(email: 'some_new_customer@example.com').id) + expect(article.sender.name).to eq('Customer') + expect(article.type.name).to eq('note') + expect(article.from).to eq('some firstname some lastname') + end + + it 'does ticket create with agent - minimal article with customer hash with article.origin_by (01.11)' do + params = { + title: 'a new ticket #11.3', + group: ticket_group.name, + customer: { + firstname: 'some firstname', + lastname: 'some lastname', + email: 'some_new_customer@example.com', + }, + article: { + sender: 'Agent', + from: 'somebody', + body: 'some test 123', + origin_by: 'some_new_customer@example.com', + }, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id) + expect(json_response['title']).to eq('a new ticket #11.3') + expect(json_response['customer_id']).to eq(User.lookup(email: 'some_new_customer@example.com').id) + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + ticket = Ticket.find(json_response['id']) + article = ticket.articles.first + expect(article.updated_by_id).to eq(agent_user.id) + expect(article.created_by_id).to eq(agent_user.id) + expect(article.origin_by_id).to eq(User.lookup(email: 'some_new_customer@example.com').id) + expect(article.sender.name).to eq('Customer') + expect(article.type.name).to eq('note') + expect(article.from).to eq('some firstname some lastname') + end + + it 'does ticket create with agent - minimal article with customer hash with article.origin_by (01.11)' do + params = { + title: 'a new ticket #11.4', + group: ticket_group.name, + customer: { + firstname: 'some firstname', + lastname: 'some lastname', + email: 'some_new_customer@example.com', + }, + article: { + sender: 'Customer', + body: 'some test 123', + origin_by: customer_user.login, + }, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id) + expect(json_response['title']).to eq('a new ticket #11.4') + expect(json_response['customer_id']).to eq(User.lookup(email: 'some_new_customer@example.com').id) + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + ticket = Ticket.find(json_response['id']) + article = ticket.articles.first + expect(article.updated_by_id).to eq(agent_user.id) + expect(article.created_by_id).to eq(agent_user.id) + expect(article.origin_by_id).to eq(customer_user.id) + expect(article.sender.name).to eq('Customer') + expect(article.type.name).to eq('note') + expect(article.from).to eq('Tickets Customer1') + end + + it 'does ticket create with agent - minimal article with missing body - with customer.id (01.12)' do + params = { + title: 'a new ticket #12', + group: ticket_group.name, + customer_id: customer_user.id, + article: { + subject: 'some test 123', + }, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(422) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Need at least article: { body: "some text" }') + end + + it 'does ticket create with agent - minimal article and attachment with customer (01.13)' do + params = { + title: 'a new ticket #13', + group: ticket_group.name, + customer_id: customer_user.id, + article: { + subject: 'some test 123', + body: 'some test 123', + attachments: [ + 'filename' => 'some_file.txt', + 'data' => 'dGVzdCAxMjM=', + 'mime-type' => 'text/plain', + ], + }, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id) + expect(json_response['title']).to eq('a new ticket #13') + expect(json_response['customer_id']).to eq(customer_user.id) + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + + ticket = Ticket.find(json_response['id']) + expect(ticket.articles.count).to eq(1) + expect(ticket.articles.first.attachments.count).to eq(1) + file = ticket.articles.first.attachments.first + expect(file.content).to eq('test 123') + expect(file.filename).to eq('some_file.txt') + expect(file.preferences['Mime-Type']).to eq('text/plain') + expect(file.preferences['Content-ID']).to be_falsey + end + + it 'does ticket create with agent - minimal article and attachment with customer (01.14)' do + params = { + title: 'a new ticket #14', + group: ticket_group.name, + customer_id: customer_user.id, + article: { + subject: 'some test 123', + body: 'some test 123', + attachments: [ + { + 'filename' => 'some_file1.txt', + 'data' => 'dGVzdCAxMjM=', + 'mime-type' => 'text/plain', + }, + { + 'filename' => 'some_file2.txt', + 'data' => 'w6TDtsO8w58=', + 'mime-type' => 'text/plain', + }, + ], + }, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id) + expect(json_response['title']).to eq('a new ticket #14') + expect(json_response['customer_id']).to eq(customer_user.id) + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + + ticket = Ticket.find(json_response['id']) + expect(ticket.articles.count).to eq(1) + expect(ticket.articles.first.attachments.count).to eq(2) + file = ticket.articles.first.attachments.first + expect(file.content).to eq('test 123') + expect(file.filename).to eq('some_file1.txt') + expect(file.preferences['Mime-Type']).to eq('text/plain') + expect(file.preferences['Content-ID']).to be_falsey + end + + it 'does ticket create with agent - minimal article and simple invalid base64 attachment with customer (01.15)' do + params = { + title: 'a new ticket #15', + group: ticket_group.name, + customer_id: customer_user.id, + article: { + subject: 'some test 123', + body: 'some test 123', + attachments: [ + 'filename' => 'some_file.txt', + 'data' => 'ABC_INVALID_BASE64', + 'mime-type' => 'text/plain', + ], + }, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(422) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Invalid base64 for attachment with index \'0\'') + end + + it 'does ticket create with agent - minimal article and large invalid base64 attachment with customer (01.15a)' do + params = { + title: 'a new ticket #15a', + group: ticket_group.name, + customer_id: customer_user.id, + article: { + subject: 'some test 123', + body: 'some test 123', + attachments: [ + 'filename' => 'some_file.txt', + 'data' => "LARGE_INVALID_BASE64_#{'#' * 20_000_000}", + 'mime-type' => 'text/plain', + ], + }, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(422) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Invalid base64 for attachment with index \'0\'') + end + + it 'does ticket create with agent - minimal article and valid multiline base64 with linebreaks attachment with customer (01.15b)' do + params = { + title: 'a new ticket #15b', + group: ticket_group.name, + customer_id: customer_user.id, + article: { + subject: 'some test 123', + body: 'some test 123', + attachments: [ + 'filename' => 'some_file.txt', + 'data' => Base64.encode64('a' * 1_000), + 'mime-type' => 'text/plain', + ], + }, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response['title']).to eq('a new ticket #15b') + ticket = Ticket.find(json_response['id']) + expect(ticket.articles.count).to eq(1) + expect(ticket.articles.first.attachments.count).to eq(1) + file = ticket.articles.first.attachments.first + expect(file.content).to eq('a' * 1_000) + end + + it 'does ticket create with agent - minimal article and valid multiline base64 without linebreaks attachment with customer (01.15c)' do + params = { + title: 'a new ticket #15c', + group: ticket_group.name, + customer_id: customer_user.id, + article: { + subject: 'some test 123', + body: 'some test 123', + attachments: [ + 'filename' => 'some_file.txt', + 'data' => Base64.strict_encode64('a' * 1_000), + 'mime-type' => 'text/plain', + ], + }, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response['title']).to eq('a new ticket #15c') + ticket = Ticket.find(json_response['id']) + expect(ticket.articles.count).to eq(1) + expect(ticket.articles.first.attachments.count).to eq(1) + file = ticket.articles.first.attachments.first + expect(file.content).to eq('a' * 1_000) + end + + it 'does ticket create with agent - minimal article and attachment invalid base64 with customer (01.16)' do + params = { + title: 'a new ticket #16', + group: ticket_group.name, + customer_id: customer_user.id, + article: { + subject: 'some test 123', + body: 'some test 123', + attachments: [ + 'filename' => 'some_file.txt', + 'data' => 'dGVzdCAxMjM=', + ], + }, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(422) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Attachment needs \'mime-type\' param for attachment with index \'0\'') + end + + it 'does ticket create with agent - minimal article and inline attachments with customer (01.17)' do + params = { + title: 'a new ticket #17', + group: ticket_group.name, + customer_id: customer_user.id, + article: { + content_type: 'text/html', + subject: 'some test 123', + body: 'some test 123 Red dot ', + }, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id) + expect(json_response['title']).to eq('a new ticket #17') + expect(json_response['customer_id']).to eq(customer_user.id) + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + + ticket = Ticket.find(json_response['id']) + expect(ticket.articles.count).to eq(1) + expect(ticket.articles.first.attachments.count).to eq(2) + file = ticket.articles.first.attachments[0] + expect(Digest::MD5.hexdigest(file.content)).to eq('d3c1e09bdefb92b6a06b791a24ca9599') + expect(file.filename).to eq('image1.png') + expect(file.preferences['Mime-Type']).to eq('image/png') + expect(file.preferences['Content-ID']).to match(/#{ticket.id}\..+?@zammad.example.com/) + expect(file.preferences['Content-ID']).to be_truthy + file = ticket.articles.first.attachments[1] + expect(Digest::MD5.hexdigest(file.content)).to eq('006a2ca3793b550c8fe444acdeb39252') + expect(file.filename).to eq('image2.jpeg') + expect(file.preferences['Mime-Type']).to eq('image/jpeg') + expect(file.preferences['Content-ID']).to match(/#{ticket.id}\..+?@zammad.example.com/) + expect(file.preferences['Content-ID']).to be_truthy + end + + it 'does ticket create with agent - minimal article and inline attachments with customer (01.18)' do + params = { + title: 'a new ticket #18', + group: ticket_group.name, + customer_id: customer_user.id, + article: { + content_type: 'text/html', + subject: 'some test 123', + body: 'some test 123 ', + attachments: [ + 'filename' => 'some_file.txt', + 'data' => 'dGVzdCAxMjM=', + 'mime-type' => 'text/plain', + ], + }, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id) + expect(json_response['title']).to eq('a new ticket #18') + expect(json_response['customer_id']).to eq(customer_user.id) + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + + ticket = Ticket.find(json_response['id']) + expect(ticket.articles.count).to eq(1) + expect(ticket.articles.first.attachments.count).to eq(2) + file = ticket.articles.first.attachments[0] + expect(Digest::MD5.hexdigest(file.content)).to eq('006a2ca3793b550c8fe444acdeb39252') + expect(file.filename).to eq('image1.jpeg') + expect(file.preferences['Mime-Type']).to eq('image/jpeg') + expect(file.preferences['Content-ID']).to be_truthy + expect(file.preferences['Content-ID']).to match(/#{ticket.id}\..+?@zammad.example.com/) + file = ticket.articles.first.attachments[1] + expect(Digest::MD5.hexdigest(file.content)).to eq('39d0d586a701e199389d954f2d592720') + expect(file.filename).to eq('some_file.txt') + expect(file.preferences['Mime-Type']).to eq('text/plain') + expect(file.preferences['Content-ID']).to be_falsey + end + + it 'does ticket create with agent (02.02)' do + params = { + title: 'a new ticket #1', + state: 'new', + priority: '2 normal', + group: ticket_group.name, + customer: 'tickets-customer1@example.com', + article: { + content_type: 'text/plain', # or text/html + body: 'some body', + }, + links: { + Ticket: { + parent: [1], + } + } + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id) + expect(json_response['title']).to eq('a new ticket #1') + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + links = Link.list( + link_object: 'Ticket', + link_object_value: json_response['id'], + ) + expect(links[0]['link_type']).to eq('child') + expect(links[0]['link_object']).to eq('Ticket') + expect(links[0]['link_object_value']).to eq(1) + end + + it 'does ticket with wrong ticket id (02.03)' do + group = create(:group) + ticket = create( + :ticket, + title: 'ticket with wrong ticket id', + group_id: group.id, + customer_id: customer_user.id, + ) + authenticated_as(agent_user) + get "/api/v1/tickets/#{ticket.id}", params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Not authorized') + + params = { + title: 'ticket with wrong ticket id - 2', + } + put "/api/v1/tickets/#{ticket.id}", params: params, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Not authorized') + + delete "/api/v1/tickets/#{ticket.id}", params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Not authorized') + end + + it 'does ticket with correct ticket id (02.04)' do + title = "ticket with corret ticket id testagent#{rand(999_999_999)}" + ticket = create( + :ticket, + title: title, + group: ticket_group, + customer_id: customer_user.id, + preferences: { + some_key1: 123, + }, + ) + authenticated_as(agent_user) + get "/api/v1/tickets/#{ticket.id}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['id']).to eq(ticket.id) + expect(json_response['title']).to eq(title) + expect(json_response['customer_id']).to eq(ticket.customer_id) + expect(json_response['updated_by_id']).to eq(1) + expect(json_response['created_by_id']).to eq(1) + expect(json_response['preferences']['some_key1']).to eq(123) + + params = { + title: "#{title} - 2", + customer_id: agent_user.id, + preferences: { + some_key2: 'abc', + }, + } + put "/api/v1/tickets/#{ticket.id}", params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['id']).to eq(ticket.id) + expect(json_response['title']).to eq("#{title} - 2") + expect(json_response['customer_id']).to eq(agent_user.id) + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(1) + expect(json_response['preferences']['some_key1']).to eq(123) + expect(json_response['preferences']['some_key2']).to eq('abc') + + params = { + ticket_id: ticket.id, + subject: 'some subject', + body: 'some body', + } + post '/api/v1/ticket_articles', params: params, as: :json + expect(response).to have_http_status(201) + article_json_response = json_response + expect(article_json_response).to be_a_kind_of(Hash) + expect(article_json_response['ticket_id']).to eq(ticket.id) + expect(article_json_response['from']).to eq('Tickets Agent') + expect(article_json_response['subject']).to eq('some subject') + expect(article_json_response['body']).to eq('some body') + expect(article_json_response['content_type']).to eq('text/plain') + expect(article_json_response['internal']).to eq(false) + expect(article_json_response['created_by_id']).to eq(agent_user.id) + expect(article_json_response['sender_id']).to eq(Ticket::Article::Sender.lookup(name: 'Agent').id) + expect(article_json_response['type_id']).to eq(Ticket::Article::Type.lookup(name: 'note').id) + + Scheduler.worker(true) + get "/api/v1/tickets/search?query=#{CGI.escape(title)}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['tickets'][0]).to eq(ticket.id) + expect(json_response['tickets_count']).to eq(1) + + params = { + condition: { + 'ticket.title' => { + operator: 'contains', + value: title, + }, + }, + } + post '/api/v1/tickets/search', params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['tickets'][0]).to eq(ticket.id) + expect(json_response['tickets_count']).to eq(1) + + delete "/api/v1/ticket_articles/#{article_json_response['id']}", params: {}, as: :json + expect(response).to have_http_status(200) + + params = { + from: 'something which should not be changed on server side', + ticket_id: ticket.id, + subject: 'some subject', + body: 'some body', + type: 'email', + internal: true, + } + post '/api/v1/ticket_articles', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['ticket_id']).to eq(ticket.id) + expect(json_response['from']).to eq(%("Tickets Agent via #{ticket_group.email_address.realname}" <#{ticket_group.email_address.email}>)) + expect(json_response['subject']).to eq('some subject') + expect(json_response['body']).to eq('some body') + expect(json_response['content_type']).to eq('text/plain') + expect(json_response['internal']).to eq(true) + expect(json_response['created_by_id']).to eq(agent_user.id) + expect(json_response['sender_id']).to eq(Ticket::Article::Sender.lookup(name: 'Agent').id) + expect(json_response['type_id']).to eq(Ticket::Article::Type.lookup(name: 'email').id) + + params = { + subject: 'new subject', + } + put "/api/v1/ticket_articles/#{json_response['id']}", params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['ticket_id']).to eq(ticket.id) + expect(json_response['from']).to eq(%("Tickets Agent via #{ticket_group.email_address.realname}" <#{ticket_group.email_address.email}>)) + expect(json_response['subject']).to eq('new subject') + expect(json_response['body']).to eq('some body') + expect(json_response['content_type']).to eq('text/plain') + expect(json_response['internal']).to eq(true) + expect(json_response['created_by_id']).to eq(agent_user.id) + expect(json_response['sender_id']).to eq(Ticket::Article::Sender.lookup(name: 'Agent').id) + expect(json_response['type_id']).to eq(Ticket::Article::Type.lookup(name: 'email').id) + + delete "/api/v1/ticket_articles/#{json_response['id']}", params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Not authorized (admin permission required)!') + + delete "/api/v1/tickets/#{ticket.id}", params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Not authorized (admin permission required)!') + end + + it 'does ticket with correct ticket id (02.05)' do + ticket = create( + :ticket, + title: 'ticket with corret ticket id', + group: ticket_group, + customer_id: customer_user.id, + ) + authenticated_as(admin_user) + get "/api/v1/tickets/#{ticket.id}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['id']).to eq(ticket.id) + expect(json_response['title']).to eq('ticket with corret ticket id') + expect(json_response['customer_id']).to eq(ticket.customer_id) + expect(json_response['updated_by_id']).to eq(1) + expect(json_response['created_by_id']).to eq(1) + + params = { + title: 'ticket with corret ticket id - 2', + customer_id: agent_user.id, + } + put "/api/v1/tickets/#{ticket.id}", params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['id']).to eq(ticket.id) + expect(json_response['title']).to eq('ticket with corret ticket id - 2') + expect(json_response['customer_id']).to eq(agent_user.id) + expect(json_response['updated_by_id']).to eq(admin_user.id) + expect(json_response['created_by_id']).to eq(1) + + params = { + from: 'something which should not be changed on server side', + ticket_id: ticket.id, + subject: 'some subject', + body: 'some body', + } + post '/api/v1/ticket_articles', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['ticket_id']).to eq(ticket.id) + expect(json_response['from']).to eq('Tickets Admin') + expect(json_response['subject']).to eq('some subject') + expect(json_response['body']).to eq('some body') + expect(json_response['content_type']).to eq('text/plain') + expect(json_response['internal']).to eq(false) + expect(json_response['created_by_id']).to eq(admin_user.id) + expect(json_response['sender_id']).to eq(Ticket::Article::Sender.lookup(name: 'Agent').id) + expect(json_response['type_id']).to eq(Ticket::Article::Type.lookup(name: 'note').id) + + params = { + subject: 'new subject', + internal: true, + } + put "/api/v1/ticket_articles/#{json_response['id']}", params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['ticket_id']).to eq(ticket.id) + expect(json_response['from']).to eq('Tickets Admin') + expect(json_response['subject']).to eq('new subject') + expect(json_response['body']).to eq('some body') + expect(json_response['content_type']).to eq('text/plain') + expect(json_response['internal']).to eq(true) + expect(json_response['created_by_id']).to eq(admin_user.id) + expect(json_response['sender_id']).to eq(Ticket::Article::Sender.lookup(name: 'Agent').id) + expect(json_response['type_id']).to eq(Ticket::Article::Type.lookup(name: 'note').id) + + delete "/api/v1/ticket_articles/#{json_response['id']}", params: {}, as: :json + expect(response).to have_http_status(200) + + params = { + ticket_id: ticket.id, + subject: 'some subject', + body: 'some body', + type: 'email', + } + post '/api/v1/ticket_articles', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['ticket_id']).to eq(ticket.id) + expect(json_response['from']).to eq(%("Tickets Admin via #{ticket_group.email_address.realname}" <#{ticket_group.email_address.email}>)) + expect(json_response['subject']).to eq('some subject') + expect(json_response['body']).to eq('some body') + expect(json_response['content_type']).to eq('text/plain') + expect(json_response['internal']).to eq(false) + expect(json_response['created_by_id']).to eq(admin_user.id) + expect(json_response['sender_id']).to eq(Ticket::Article::Sender.lookup(name: 'Agent').id) + expect(json_response['type_id']).to eq(Ticket::Article::Type.lookup(name: 'email').id) + + delete "/api/v1/ticket_articles/#{json_response['id']}", params: {}, as: :json + expect(response).to have_http_status(200) + + delete "/api/v1/tickets/#{ticket.id}", params: {}, as: :json + expect(response).to have_http_status(200) + end + + it 'does ticket pagination (02.05)' do + title = "ticket pagination #{rand(999_999_999)}" + tickets = [] + (1..20).each do |count| + ticket = create( + :ticket, + title: "#{title} - #{count}", + group: ticket_group, + customer_id: customer_user.id, + ) + create( + :ticket_article, + type: Ticket::Article::Type.lookup(name: 'note'), + sender: Ticket::Article::Sender.lookup(name: 'Customer'), + ticket_id: ticket.id, + ) + tickets.push ticket + travel 2.seconds + end + + authenticated_as(admin_user) + get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['tickets'][0]).to eq(tickets[19].id) + expect(json_response['tickets'][19]).to eq(tickets[0].id) + expect(json_response['tickets_count']).to eq(20) + + get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=10", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['tickets'][0]).to eq(tickets[19].id) + expect(json_response['tickets'][9]).to eq(tickets[10].id) + expect(json_response['tickets_count']).to eq(10) + + get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40&page=1&per_page=5", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['tickets'][0]).to eq(tickets[19].id) + expect(json_response['tickets'][4]).to eq(tickets[15].id) + expect(json_response['tickets_count']).to eq(5) + + get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40&page=2&per_page=5", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['tickets'][0]).to eq(tickets[14].id) + expect(json_response['tickets'][4]).to eq(tickets[10].id) + expect(json_response['tickets_count']).to eq(5) + + get '/api/v1/tickets?limit=40&page=1&per_page=5', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + tickets = Ticket.order(:id).limit(5) + expect(json_response[0]['id']).to eq(tickets[0].id) + expect(json_response[4]['id']).to eq(tickets[4].id) + expect(json_response.count).to eq(5) + + get '/api/v1/tickets?limit=40&page=2&per_page=5', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + tickets = Ticket.order(:id).limit(10) + expect(json_response[0]['id']).to eq(tickets[5].id) + expect(json_response[4]['id']).to eq(tickets[9].id) + expect(json_response.count).to eq(5) + + end + + it 'does ticket create with customer minimal (03.01)' do + params = { + title: 'a new ticket #c1', + state: 'new', + priority: '2 normal', + group: ticket_group.name, + article: { + body: 'some body', + }, + } + authenticated_as(customer_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id) + expect(json_response['title']).to eq('a new ticket #c1') + expect(json_response['customer_id']).to eq(customer_user.id) + expect(json_response['updated_by_id']).to eq(customer_user.id) + expect(json_response['created_by_id']).to eq(customer_user.id) + end + + it 'does ticket create with customer with wrong customer (03.02)' do + params = { + title: 'a new ticket #c2', + state: 'new', + priority: '2 normal', + group: ticket_group.name, + customer_id: agent_user.id, + article: { + content_type: 'text/plain', # or text/html + body: 'some body', + sender: 'System', + }, + } + authenticated_as(customer_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id) + expect(json_response['title']).to eq('a new ticket #c2') + expect(json_response['customer_id']).to eq(customer_user.id) + expect(json_response['updated_by_id']).to eq(customer_user.id) + expect(json_response['created_by_id']).to eq(customer_user.id) + end + + it 'does ticket create with customer with wrong customer hash (03.03)' do + params = { + title: 'a new ticket #c2', + state: 'new', + priority: '2 normal', + group: ticket_group.name, + customer: { + firstname: agent_user.firstname, + lastname: agent_user.lastname, + email: agent_user.email, + }, + article: { + content_type: 'text/plain', # or text/html + body: 'some body', + sender: 'System', + }, + } + authenticated_as(customer_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id) + expect(json_response['title']).to eq('a new ticket #c2') + expect(json_response['customer_id']).to eq(customer_user.id) + expect(json_response['updated_by_id']).to eq(customer_user.id) + expect(json_response['created_by_id']).to eq(customer_user.id) + end + + it 'does ticket with wrong ticket id (03.04)' do + ticket = create( + :ticket, + title: 'ticket with wrong ticket id', + group: ticket_group, + customer_id: agent_user.id, + ) + authenticated_as(customer_user) + get "/api/v1/tickets/#{ticket.id}", params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Not authorized') + + params = { + title: 'ticket with wrong ticket id - 2', + } + put "/api/v1/tickets/#{ticket.id}", params: params, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Not authorized') + + delete "/api/v1/tickets/#{ticket.id}", params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Not authorized') + end + + it 'does ticket with correct ticket id (03.05)' do + title = "ticket with corret ticket id testme#{rand(999_999_999)}" + ticket = create( + :ticket, + title: title, + group: ticket_group, + customer_id: customer_user.id, + ) + authenticated_as(customer_user) + get "/api/v1/tickets/#{ticket.id}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['id']).to eq(ticket.id) + expect(json_response['title']).to eq(title) + expect(json_response['customer_id']).to eq(ticket.customer_id) + expect(json_response['updated_by_id']).to eq(1) + expect(json_response['created_by_id']).to eq(1) + + params = { + title: "#{title} - 2", + customer_id: agent_user.id, + } + put "/api/v1/tickets/#{ticket.id}", params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['id']).to eq(ticket.id) + expect(json_response['title']).to eq("#{title} - 2") + expect(json_response['customer_id']).to eq(ticket.customer_id) + expect(json_response['updated_by_id']).to eq(customer_user.id) + expect(json_response['created_by_id']).to eq(1) + + params = { + ticket_id: ticket.id, + subject: 'some subject', + body: 'some body', + } + post '/api/v1/ticket_articles', params: params, as: :json + expect(response).to have_http_status(201) + article_json_response = json_response + expect(article_json_response).to be_a_kind_of(Hash) + expect(article_json_response['ticket_id']).to eq(ticket.id) + expect(article_json_response['from']).to eq('Tickets Customer1') + expect(article_json_response['subject']).to eq('some subject') + expect(article_json_response['body']).to eq('some body') + expect(article_json_response['content_type']).to eq('text/plain') + expect(article_json_response['created_by_id']).to eq(customer_user.id) + expect(article_json_response['sender_id']).to eq(Ticket::Article::Sender.lookup(name: 'Customer').id) + expect(article_json_response['type_id']).to eq(Ticket::Article::Type.lookup(name: 'note').id) + + Scheduler.worker(true) + get "/api/v1/tickets/search?query=#{CGI.escape(title)}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['tickets'][0]).to eq(ticket.id) + expect(json_response['tickets_count']).to eq(1) + + params = { + condition: { + 'ticket.title' => { + operator: 'contains', + value: title, + }, + }, + } + post '/api/v1/tickets/search', params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['tickets'][0]).to eq(ticket.id) + expect(json_response['tickets_count']).to eq(1) + + delete "/api/v1/ticket_articles/#{article_json_response['id']}", params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Not authorized (admin permission required)!') + + params = { + ticket_id: ticket.id, + subject: 'some subject', + body: 'some body', + type: 'email', + sender: 'Agent', + } + post '/api/v1/ticket_articles', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['ticket_id']).to eq(ticket.id) + expect(json_response['from']).to eq('Tickets Customer1') + expect(json_response['subject']).to eq('some subject') + expect(json_response['body']).to eq('some body') + expect(json_response['content_type']).to eq('text/plain') + expect(json_response['created_by_id']).to eq(customer_user.id) + expect(json_response['sender_id']).to eq(Ticket::Article::Sender.lookup(name: 'Customer').id) + expect(json_response['type_id']).to eq(Ticket::Article::Type.lookup(name: 'note').id) + + delete "/api/v1/ticket_articles/#{json_response['id']}", params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Not authorized (admin permission required)!') + + params = { + from: 'something which should not be changed on server side', + ticket_id: ticket.id, + subject: 'some subject', + body: 'some body', + type: 'web', + sender: 'Agent', + internal: true, + } + + post '/api/v1/ticket_articles', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['ticket_id']).to eq(ticket.id) + expect(json_response['from']).to eq('Tickets Customer1 ') + expect(json_response['subject']).to eq('some subject') + expect(json_response['body']).to eq('some body') + expect(json_response['content_type']).to eq('text/plain') + expect(json_response['internal']).to eq(false) + expect(json_response['created_by_id']).to eq(customer_user.id) + expect(json_response['sender_id']).to eq(Ticket::Article::Sender.lookup(name: 'Customer').id) + expect(json_response['type_id']).to eq(Ticket::Article::Type.lookup(name: 'web').id) + + params = { + subject: 'new subject', + } + put "/api/v1/ticket_articles/#{json_response['id']}", params: params, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Not authorized (ticket.agent or admin permission required)!') + + delete "/api/v1/tickets/#{ticket.id}", params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Not authorized (admin permission required)!') + end + + it 'does ticket create with agent - minimal article with customer hash with article.origin_by (03.6)' do + authenticated_as(customer_user) + params = { + title: 'a new ticket #3.6', + group: ticket_group.name, + customer: { + firstname: 'some firstname', + lastname: 'some lastname', + email: 'some_new_customer@example.com', + }, + article: { + body: 'some test 123', + origin_by: agent_user.login, + }, + } + + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id) + expect(json_response['title']).to eq('a new ticket #3.6') + expect(json_response['customer_id']).to eq(customer_user.id) + expect(json_response['updated_by_id']).to eq(customer_user.id) + expect(json_response['created_by_id']).to eq(customer_user.id) + ticket = Ticket.find(json_response['id']) + article = ticket.articles.first + expect(article.updated_by_id).to eq(customer_user.id) + expect(article.created_by_id).to eq(customer_user.id) + expect(article.origin_by_id).to eq(customer_user.id) + expect(article.sender.name).to eq('Customer') + expect(article.type.name).to eq('note') + expect(article.from).to eq('Tickets Customer1') + end + + it 'does ticket create with agent - minimal article with customer hash with article.origin_by (03.6)' do + authenticated_as(customer_user) + params = { + title: 'a new ticket #3.6.1', + group: ticket_group.name, + customer: { + firstname: 'some firstname', + lastname: 'some lastname', + email: 'some_new_customer@example.com', + }, + article: { + sender: 'Agent', + body: 'some test 123', + origin_by_id: agent_user.id, + }, + } + + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id) + expect(json_response['title']).to eq('a new ticket #3.6.1') + expect(json_response['customer_id']).to eq(customer_user.id) + expect(json_response['updated_by_id']).to eq(customer_user.id) + expect(json_response['created_by_id']).to eq(customer_user.id) + ticket = Ticket.find(json_response['id']) + article = ticket.articles.first + expect(article.updated_by_id).to eq(customer_user.id) + expect(article.created_by_id).to eq(customer_user.id) + expect(article.origin_by_id).to eq(customer_user.id) + expect(article.sender.name).to eq('Customer') + expect(article.type.name).to eq('note') + expect(article.from).to eq('Tickets Customer1') + end + + it 'does ticket show and response format (04.01)' do + title = "ticket testagent#{rand(999_999_999)}" + ticket = create( + :ticket, + title: title, + group: ticket_group, + customer_id: customer_user.id, + updated_by_id: agent_user.id, + created_by_id: agent_user.id, + ) + authenticated_as(agent_user) + get "/api/v1/tickets/#{ticket.id}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['id']).to eq(ticket.id) + expect(json_response['title']).to eq(ticket.title) + expect(json_response['group']).to be_falsey + expect(json_response['priority']).to be_falsey + expect(json_response['owner']).to be_falsey + expect(json_response['customer_id']).to eq(ticket.customer_id) + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + + get "/api/v1/tickets/#{ticket.id}?expand=true", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['id']).to eq(ticket.id) + expect(json_response['title']).to eq(ticket.title) + expect(json_response['customer_id']).to eq(ticket.customer_id) + expect(json_response['group']).to eq(ticket.group.name) + expect(json_response['priority']).to eq(ticket.priority.name) + expect(json_response['owner']).to eq(ticket.owner.login) + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + + get "/api/v1/tickets/#{ticket.id}?expand=false", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['id']).to eq(ticket.id) + expect(json_response['title']).to eq(ticket.title) + expect(json_response['group']).to be_falsey + expect(json_response['priority']).to be_falsey + expect(json_response['owner']).to be_falsey + expect(json_response['customer_id']).to eq(ticket.customer_id) + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + + get "/api/v1/tickets/#{ticket.id}?full=true", params: {}, as: :json + expect(response).to have_http_status(200) + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['id']).to eq(ticket.id) + expect(json_response['assets']).to be_truthy + expect(json_response['assets']['Ticket']).to be_truthy + expect(json_response['assets']['Ticket'][ticket.id.to_s]).to be_truthy + expect(json_response['assets']['Ticket'][ticket.id.to_s]['id']).to eq(ticket.id) + expect(json_response['assets']['Ticket'][ticket.id.to_s]['title']).to eq(ticket.title) + expect(json_response['assets']['Ticket'][ticket.id.to_s]['customer_id']).to eq(ticket.customer_id) + + expect(json_response['assets']['User']).to be_truthy + expect(json_response['assets']['User'][agent_user.id.to_s]).to be_truthy + expect(json_response['assets']['User'][agent_user.id.to_s]['id']).to eq(agent_user.id) + expect(json_response['assets']['User'][agent_user.id.to_s]['firstname']).to eq(agent_user.firstname) + expect(json_response['assets']['User'][agent_user.id.to_s]['lastname']).to eq(agent_user.lastname) + + expect(json_response['assets']['User']).to be_truthy + expect(json_response['assets']['User'][customer_user.id.to_s]).to be_truthy + expect(json_response['assets']['User'][customer_user.id.to_s]['id']).to eq(customer_user.id) + expect(json_response['assets']['User'][customer_user.id.to_s]['firstname']).to eq(customer_user.firstname) + expect(json_response['assets']['User'][customer_user.id.to_s]['lastname']).to eq(customer_user.lastname) + + get "/api/v1/tickets/#{ticket.id}?full=false", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['id']).to eq(ticket.id) + expect(json_response['title']).to eq(ticket.title) + expect(json_response['group']).to be_falsey + expect(json_response['priority']).to be_falsey + expect(json_response['owner']).to be_falsey + expect(json_response['customer_id']).to eq(ticket.customer_id) + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + end + + it 'does ticket index and response format (04.02)' do + title = "ticket testagent#{rand(999_999_999)}" + ticket = create( + :ticket, + title: title, + group: ticket_group, + customer_id: customer_user.id, + updated_by_id: agent_user.id, + created_by_id: agent_user.id, + ) + authenticated_as(agent_user) + get '/api/v1/tickets', params: {}, as: :json + expect(response).to have_http_status(200) + + expect(json_response).to be_a_kind_of(Array) + expect(json_response[0]).to be_a_kind_of(Hash) + expect(json_response[0]['id']).to eq(1) + expect(json_response[1]['id']).to eq(ticket.id) + expect(json_response[1]['title']).to eq(ticket.title) + expect(json_response[1]['group']).to be_falsey + expect(json_response[1]['priority']).to be_falsey + expect(json_response[1]['owner']).to be_falsey + expect(json_response[1]['customer_id']).to eq(ticket.customer_id) + expect(json_response[1]['updated_by_id']).to eq(agent_user.id) + expect(json_response[1]['created_by_id']).to eq(agent_user.id) + + get '/api/v1/tickets?expand=true', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response[0]).to be_a_kind_of(Hash) + expect(json_response[0]['id']).to eq(1) + expect(json_response[1]['id']).to eq(ticket.id) + expect(json_response[1]['title']).to eq(ticket.title) + expect(json_response[1]['customer_id']).to eq(ticket.customer_id) + expect(json_response[1]['group']).to eq(ticket.group.name) + expect(json_response[1]['priority']).to eq(ticket.priority.name) + expect(json_response[1]['owner']).to eq(ticket.owner.login) + expect(json_response[1]['updated_by_id']).to eq(agent_user.id) + expect(json_response[1]['created_by_id']).to eq(agent_user.id) + + get '/api/v1/tickets?expand=false', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response[0]).to be_a_kind_of(Hash) + expect(json_response[0]['id']).to eq(1) + expect(json_response[1]['id']).to eq(ticket.id) + expect(json_response[1]['title']).to eq(ticket.title) + expect(json_response[1]['group']).to be_falsey + expect(json_response[1]['priority']).to be_falsey + expect(json_response[1]['owner']).to be_falsey + expect(json_response[1]['customer_id']).to eq(ticket.customer_id) + expect(json_response[1]['updated_by_id']).to eq(agent_user.id) + expect(json_response[1]['created_by_id']).to eq(agent_user.id) + + get '/api/v1/tickets?full=true', params: {}, as: :json + expect(response).to have_http_status(200) + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['record_ids'].class).to eq(Array) + expect(json_response['record_ids'][0]).to eq(1) + expect(json_response['record_ids'][1]).to eq(ticket.id) + expect(json_response['assets']).to be_truthy + expect(json_response['assets']['Ticket']).to be_truthy + expect(json_response['assets']['Ticket'][ticket.id.to_s]).to be_truthy + expect(json_response['assets']['Ticket'][ticket.id.to_s]['id']).to eq(ticket.id) + expect(json_response['assets']['Ticket'][ticket.id.to_s]['title']).to eq(ticket.title) + expect(json_response['assets']['Ticket'][ticket.id.to_s]['customer_id']).to eq(ticket.customer_id) + + expect(json_response['assets']['User']).to be_truthy + expect(json_response['assets']['User'][agent_user.id.to_s]).to be_truthy + expect(json_response['assets']['User'][agent_user.id.to_s]['id']).to eq(agent_user.id) + expect(json_response['assets']['User'][agent_user.id.to_s]['firstname']).to eq(agent_user.firstname) + expect(json_response['assets']['User'][agent_user.id.to_s]['lastname']).to eq(agent_user.lastname) + + expect(json_response['assets']['User']).to be_truthy + expect(json_response['assets']['User'][customer_user.id.to_s]).to be_truthy + expect(json_response['assets']['User'][customer_user.id.to_s]['id']).to eq(customer_user.id) + expect(json_response['assets']['User'][customer_user.id.to_s]['firstname']).to eq(customer_user.firstname) + expect(json_response['assets']['User'][customer_user.id.to_s]['lastname']).to eq(customer_user.lastname) + + get '/api/v1/tickets?full=false', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response[0]).to be_a_kind_of(Hash) + expect(json_response[0]['id']).to eq(1) + expect(json_response[1]['id']).to eq(ticket.id) + expect(json_response[1]['title']).to eq(ticket.title) + expect(json_response[1]['group']).to be_falsey + expect(json_response[1]['priority']).to be_falsey + expect(json_response[1]['owner']).to be_falsey + expect(json_response[1]['customer_id']).to eq(ticket.customer_id) + expect(json_response[1]['updated_by_id']).to eq(agent_user.id) + expect(json_response[1]['created_by_id']).to eq(agent_user.id) + end + + it 'does ticket create and response format (04.03)' do + title = "ticket testagent#{rand(999_999_999)}" + params = { + title: title, + group: ticket_group.name, + customer_id: customer_user.id, + state: 'new', + priority: '2 normal', + article: { + body: 'some test 123', + }, + } + authenticated_as(agent_user) + post '/api/v1/tickets', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + + ticket = Ticket.find(json_response['id']) + expect(json_response['state_id']).to eq(ticket.state_id) + expect(json_response['state']).to be_falsey + expect(json_response['priority_id']).to eq(ticket.priority_id) + expect(json_response['priority']).to be_falsey + expect(json_response['group_id']).to eq(ticket.group_id) + expect(json_response['group']).to be_falsey + expect(json_response['title']).to eq(title) + expect(json_response['customer_id']).to eq(customer_user.id) + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + + post '/api/v1/tickets?expand=true', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + + ticket = Ticket.find(json_response['id']) + expect(json_response['state_id']).to eq(ticket.state_id) + expect(json_response['state']).to eq(ticket.state.name) + expect(json_response['priority_id']).to eq(ticket.priority_id) + expect(json_response['priority']).to eq(ticket.priority.name) + expect(json_response['group_id']).to eq(ticket.group_id) + expect(json_response['group']).to eq(ticket.group.name) + expect(json_response['title']).to eq(title) + expect(json_response['customer_id']).to eq(customer_user.id) + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + + post '/api/v1/tickets?full=true', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + + ticket = Ticket.find(json_response['id']) + expect(json_response['assets']).to be_truthy + expect(json_response['assets']['Ticket']).to be_truthy + expect(json_response['assets']['Ticket'][ticket.id.to_s]).to be_truthy + expect(json_response['assets']['Ticket'][ticket.id.to_s]['id']).to eq(ticket.id) + expect(json_response['assets']['Ticket'][ticket.id.to_s]['title']).to eq(title) + expect(json_response['assets']['Ticket'][ticket.id.to_s]['customer_id']).to eq(ticket.customer_id) + + expect(json_response['assets']['User']).to be_truthy + expect(json_response['assets']['User'][agent_user.id.to_s]).to be_truthy + expect(json_response['assets']['User'][agent_user.id.to_s]['id']).to eq(agent_user.id) + expect(json_response['assets']['User'][agent_user.id.to_s]['firstname']).to eq(agent_user.firstname) + expect(json_response['assets']['User'][agent_user.id.to_s]['lastname']).to eq(agent_user.lastname) + + expect(json_response['assets']['User']).to be_truthy + expect(json_response['assets']['User'][customer_user.id.to_s]).to be_truthy + expect(json_response['assets']['User'][customer_user.id.to_s]['id']).to eq(customer_user.id) + expect(json_response['assets']['User'][customer_user.id.to_s]['firstname']).to eq(customer_user.firstname) + expect(json_response['assets']['User'][customer_user.id.to_s]['lastname']).to eq(customer_user.lastname) + + end + + it 'does ticket update and response formats (04.04)' do + title = "ticket testagent#{rand(999_999_999)}" + ticket = create( + :ticket, + title: title, + group: ticket_group, + customer_id: customer_user.id, + updated_by_id: agent_user.id, + created_by_id: agent_user.id, + ) + + params = { + title: 'a update ticket #1', + } + authenticated_as(agent_user) + put "/api/v1/tickets/#{ticket.id}", params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + + ticket = Ticket.find(json_response['id']) + expect(json_response['state_id']).to eq(ticket.state_id) + expect(json_response['state']).to be_falsey + expect(json_response['priority_id']).to eq(ticket.priority_id) + expect(json_response['priority']).to be_falsey + expect(json_response['group_id']).to eq(ticket.group_id) + expect(json_response['group']).to be_falsey + expect(json_response['title']).to eq('a update ticket #1') + expect(json_response['customer_id']).to eq(customer_user.id) + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + + params = { + title: 'a update ticket #2', + } + put "/api/v1/tickets/#{ticket.id}?expand=true", params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + + ticket = Ticket.find(json_response['id']) + expect(json_response['state_id']).to eq(ticket.state_id) + expect(json_response['state']).to eq(ticket.state.name) + expect(json_response['priority_id']).to eq(ticket.priority_id) + expect(json_response['priority']).to eq(ticket.priority.name) + expect(json_response['group_id']).to eq(ticket.group_id) + expect(json_response['group']).to eq(ticket.group.name) + expect(json_response['title']).to eq('a update ticket #2') + expect(json_response['customer_id']).to eq(customer_user.id) + expect(json_response['updated_by_id']).to eq(agent_user.id) + expect(json_response['created_by_id']).to eq(agent_user.id) + + params = { + title: 'a update ticket #3', + } + put "/api/v1/tickets/#{ticket.id}?full=true", params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + + ticket = Ticket.find(json_response['id']) + expect(json_response['assets']).to be_truthy + expect(json_response['assets']['Ticket']).to be_truthy + expect(json_response['assets']['Ticket'][ticket.id.to_s]).to be_truthy + expect(json_response['assets']['Ticket'][ticket.id.to_s]['id']).to eq(ticket.id) + expect(json_response['assets']['Ticket'][ticket.id.to_s]['title']).to eq('a update ticket #3') + expect(json_response['assets']['Ticket'][ticket.id.to_s]['customer_id']).to eq(ticket.customer_id) + + expect(json_response['assets']['User']).to be_truthy + expect(json_response['assets']['User'][agent_user.id.to_s]).to be_truthy + expect(json_response['assets']['User'][agent_user.id.to_s]['id']).to eq(agent_user.id) + expect(json_response['assets']['User'][agent_user.id.to_s]['firstname']).to eq(agent_user.firstname) + expect(json_response['assets']['User'][agent_user.id.to_s]['lastname']).to eq(agent_user.lastname) + + expect(json_response['assets']['User']).to be_truthy + expect(json_response['assets']['User'][customer_user.id.to_s]).to be_truthy + expect(json_response['assets']['User'][customer_user.id.to_s]['id']).to eq(customer_user.id) + expect(json_response['assets']['User'][customer_user.id.to_s]['firstname']).to eq(customer_user.firstname) + expect(json_response['assets']['User'][customer_user.id.to_s]['lastname']).to eq(customer_user.lastname) + + end + + it 'does ticket split with html - check attachments (05.01)' do + ticket = create( + :ticket, + title: 'some title', + group: ticket_group, + customer_id: customer_user.id, + updated_by_id: agent_user.id, + created_by_id: agent_user.id, + ) + article = create( + :ticket_article, + type: Ticket::Article::Type.lookup(name: 'note'), + sender: Ticket::Article::Sender.lookup(name: 'Customer'), + body: 'test test ', + content_type: 'text/html', + ticket_id: ticket.id, + ) + Store.add( + object: 'Ticket::Article', + o_id: article.id, + data: 'content_file1_normally_should_be_an_image', + filename: 'some_file1.jpg', + preferences: { + 'Content-Type' => 'image/jpeg', + 'Mime-Type' => 'image/jpeg', + 'Content-ID' => '15.274327094.140938@zammad.example.com', + 'Content-Disposition' => 'inline', + }, + created_by_id: 1, + ) + Store.add( + object: 'Ticket::Article', + o_id: article.id, + data: 'content_file2_normally_should_be_an_image', + filename: 'some_file2.jpg', + preferences: { + 'Content-Type' => 'image/jpeg', + 'Mime-Type' => 'image/jpeg', + 'Content-ID' => '15.274327094.140938.2@zammad.example.com', + 'Content-Disposition' => 'inline', + }, + created_by_id: 1, + ) + Store.add( + object: 'Ticket::Article', + o_id: article.id, + data: 'content_file3_normally_should_be_an_image', + filename: 'some_file3.jpg', + preferences: { + 'Content-Type' => 'image/jpeg', + 'Mime-Type' => 'image/jpeg', + 'Content-ID' => '15.274327094.140938.3@zammad.example.com', + }, + created_by_id: 1, + ) + Store.add( + object: 'Ticket::Article', + o_id: article.id, + data: 'content_file4_normally_should_be_an_image', + filename: 'some_file4.jpg', + preferences: { + 'Content-Type' => 'image/jpeg', + 'Mime-Type' => 'image/jpeg', + 'Content-ID' => '15.274327094.140938.4@zammad.example.com', + }, + created_by_id: 1, + ) + Store.add( + object: 'Ticket::Article', + o_id: article.id, + data: 'content_file1_normally_should_be_an_pdf', + filename: 'Rechnung_RE-2018-200.pdf', + preferences: { + 'Content-Type' => 'application/octet-stream; name="Rechnung_RE-2018-200.pdf"', + 'Mime-Type' => 'application/octet-stream', + 'Content-ID' => '8AB0BEC88984EE4EBEF643C79C8E0346@zammad.example.com', + 'Content-Description' => 'Rechnung_RE-2018-200.pdf', + 'Content-Disposition' => 'attachment', + }, + created_by_id: 1, + ) + + authenticated_as(agent_user) + get "/api/v1/ticket_split?ticket_id=#{ticket.id}&article_id=#{article.id}&form_id=new_form_id123", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['assets']).to be_truthy + expect(json_response['assets']['Ticket']).to be_truthy + expect(json_response['assets']['Ticket'][ticket.id.to_s]).to be_truthy + expect(json_response['assets']['TicketArticle'][article.id.to_s]).to be_truthy + expect(json_response['attachments']).to be_truthy + expect(json_response['attachments'].count).to eq(3) + + get "/api/v1/ticket_split?ticket_id=#{ticket.id}&article_id=#{article.id}&form_id=new_form_id123", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['assets']).to be_truthy + expect(json_response['assets']['Ticket']).to be_truthy + expect(json_response['assets']['Ticket'][ticket.id.to_s]).to be_truthy + expect(json_response['assets']['TicketArticle'][article.id.to_s]).to be_truthy + expect(json_response['attachments']).to be_truthy + expect(json_response['attachments'].count).to eq(0) + + end + + it 'does ticket split with plain - check attachments (05.02)' do + ticket = create( + :ticket, + title: 'some title', + group: ticket_group, + customer_id: customer_user.id, + updated_by_id: agent_user.id, + created_by_id: agent_user.id, + ) + article = create( + :ticket_article, + type: Ticket::Article::Type.lookup(name: 'note'), + sender: Ticket::Article::Sender.lookup(name: 'Customer'), + body: 'test ', + content_type: 'text/plain', + ticket_id: ticket.id, + ) + Store.add( + object: 'Ticket::Article', + o_id: article.id, + data: 'content_file1_normally_should_be_an_image', + filename: 'some_file1.jpg', + preferences: { + 'Content-Type' => 'image/jpeg', + 'Mime-Type' => 'image/jpeg', + 'Content-ID' => '15.274327094.140938@zammad.example.com', + 'Content-Disposition' => 'inline', + }, + created_by_id: 1, + ) + Store.add( + object: 'Ticket::Article', + o_id: article.id, + data: 'content_file1_normally_should_be_an_image', + filename: 'some_file2.jpg', + preferences: { + 'Content-Type' => 'image/jpeg', + 'Mime-Type' => 'image/jpeg', + 'Content-ID' => '15.274327094.140938.2@zammad.example.com', + 'Content-Disposition' => 'inline', + }, + created_by_id: 1, + ) + Store.add( + object: 'Ticket::Article', + o_id: article.id, + data: 'content_file1_normally_should_be_an_pdf', + filename: 'Rechnung_RE-2018-200.pdf', + preferences: { + 'Content-Type' => 'application/octet-stream; name="Rechnung_RE-2018-200.pdf"', + 'Mime-Type' => 'application/octet-stream', + 'Content-ID' => '8AB0BEC88984EE4EBEF643C79C8E0346@zammad.example.com', + 'Content-Description' => 'Rechnung_RE-2018-200.pdf', + 'Content-Disposition' => 'attachment', + }, + created_by_id: 1, + ) + + authenticated_as(agent_user) + get "/api/v1/ticket_split?ticket_id=#{ticket.id}&article_id=#{article.id}&form_id=new_form_id123", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['assets']).to be_truthy + expect(json_response['assets']['Ticket']).to be_truthy + expect(json_response['assets']['Ticket'][ticket.id.to_s]).to be_truthy + expect(json_response['assets']['TicketArticle'][article.id.to_s]).to be_truthy + expect(json_response['attachments']).to be_truthy + expect(json_response['attachments'].count).to eq(3) + + get "/api/v1/ticket_split?ticket_id=#{ticket.id}&article_id=#{article.id}&form_id=new_form_id123", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['assets']).to be_truthy + expect(json_response['assets']['Ticket']).to be_truthy + expect(json_response['assets']['Ticket'][ticket.id.to_s]).to be_truthy + expect(json_response['assets']['TicketArticle'][article.id.to_s]).to be_truthy + expect(json_response['attachments']).to be_truthy + expect(json_response['attachments'].count).to eq(0) + + end + + it 'does ticket with follow up possible set to new_ticket (06.01)' do + group = create( + :group, + follow_up_possible: 'new_ticket' # disable follow up possible + ) + + ticket = create( + :ticket, + title: 'ticket with wrong ticket id', + group_id: group.id, + customer_id: customer_user.id, + state: Ticket::State.lookup(name: 'closed'), # set the ticket to closed + ) + + state = Ticket::State.find_by(name: 'open') # try to open a ticket from a closed state + + # customer + params = { + state_id: state.id, # set the state id + } + + authenticated_as(customer_user) + put "/api/v1/tickets/#{ticket.id}", params: params, as: :json + expect(response).to have_http_status(422) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Cannot follow up on a closed ticket. Please create a new ticket.') + + ticket = create( + :ticket, + title: 'ticket with wrong ticket id', + group_id: group.id, + customer_id: customer_user.id, + state: Ticket::State.lookup(name: 'closed'), # set the ticket to closed + ) + + authenticated_as(admin_user) + put "/api/v1/tickets/#{ticket.id}", params: params, as: :json + expect(response).to have_http_status(422) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Cannot follow up on a closed ticket. Please create a new ticket.') + + ticket = create( + :ticket, + title: 'ticket with wrong ticket id', + group_id: group.id, + customer_id: customer_user.id, + state: Ticket::State.lookup(name: 'closed'), # set the ticket to closed + ) + + # agent + authenticated_as(agent_user) + put "/api/v1/tickets/#{ticket.id}", params: params, as: :json + expect(response).to have_http_status(422) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Cannot follow up on a closed ticket. Please create a new ticket.') + end + + it 'does ticket merge (07.01)' do + group_no_permission = create(:group) + ticket1 = create( + :ticket, + title: 'ticket merge1', + group: ticket_group, + customer_id: customer_user.id, + ) + ticket2 = create( + :ticket, + title: 'ticket merge2', + group: ticket_group, + customer_id: customer_user.id, + ) + ticket3 = create( + :ticket, + title: 'ticket merge2', + group: group_no_permission, + customer_id: customer_user.id, + ) + + authenticated_as(agent_user) + get "/api/v1/ticket_merge/#{ticket2.id}/#{ticket1.id}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['result']).to eq('failed') + expect(json_response['message']).to eq('No such master ticket number!') + + get "/api/v1/ticket_merge/#{ticket3.id}/#{ticket1.number}", params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Not authorized') + expect(json_response['error_human']).to eq('Not authorized') + + get "/api/v1/ticket_merge/#{ticket1.id}/#{ticket3.number}", params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['error']).to eq('Not authorized') + expect(json_response['error_human']).to eq('Not authorized') + + get "/api/v1/ticket_merge/#{ticket1.id}/#{ticket2.number}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['result']).to eq('success') + expect(json_response['master_ticket']['id']).to eq(ticket2.id) + end + + it 'does ticket merge - change permission (07.02)' do + group_change_permission = Group.create!( + name: 'GroupWithChangePermission', + active: true, + updated_by_id: 1, + created_by_id: 1, + ) + ticket1 = create( + :ticket, + title: 'ticket merge1', + group: group_change_permission, + customer_id: customer_user.id, + ) + ticket2 = create( + :ticket, + title: 'ticket merge2', + group: group_change_permission, + customer_id: customer_user.id, + ) + + agent_user.group_names_access_map = { group_change_permission.name => %w[read change] } + + authenticated_as(agent_user) + get "/api/v1/ticket_merge/#{ticket1.id}/#{ticket2.number}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['result']).to eq('success') + expect(json_response['master_ticket']['id']).to eq(ticket2.id) + end + + it 'does ticket search sorted (08.01)' do + title = "ticket pagination #{rand(999_999_999)}" + tickets = [] + + ticket1 = create( + :ticket, + title: "#{title} A", + group: ticket_group, + customer_id: customer_user.id, + created_at: '2018-02-05 17:42:00', + updated_at: '2018-02-05 20:42:00', + ) + create( + :ticket_article, + type: Ticket::Article::Type.lookup(name: 'note'), + sender: Ticket::Article::Sender.lookup(name: 'Customer'), + ticket_id: ticket1.id, + ) + + ticket2 = create( + :ticket, + title: "#{title} B", + group: ticket_group, + customer_id: customer_user.id, + state: Ticket::State.lookup(name: 'new'), + priority: Ticket::Priority.lookup(name: '3 hoch'), + created_at: '2018-02-05 19:42:00', + updated_at: '2018-02-05 19:42:00', + ) + create( + :ticket_article, + type: Ticket::Article::Type.lookup(name: 'note'), + sender: Ticket::Article::Sender.lookup(name: 'Customer'), + ticket_id: ticket2.id, + ) + + authenticated_as(admin_user) + get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['tickets']).to eq([ticket2.id, ticket1.id]) + + authenticated_as(admin_user) + get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: { sort_by: 'created_at', order_by: 'asc' }, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['tickets']).to eq([ticket1.id, ticket2.id]) + + authenticated_as(admin_user) + get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: { sort_by: 'title', order_by: 'asc' }, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['tickets']).to eq([ticket1.id, ticket2.id]) + + authenticated_as(admin_user) + get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: { sort_by: 'title', order_by: 'desc' }, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['tickets']).to eq([ticket2.id, ticket1.id]) + + authenticated_as(admin_user) + get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: { sort_by: %w[created_at updated_at], order_by: %w[asc asc] }, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['tickets']).to eq([ticket1.id, ticket2.id]) + + authenticated_as(admin_user) + get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: { sort_by: %w[created_at updated_at], order_by: %w[desc asc] }, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['tickets']).to eq([ticket2.id, ticket1.id]) + end + end +end diff --git a/spec/requests/time_accounting_spec.rb b/spec/requests/time_accounting_spec.rb new file mode 100644 index 000000000..9bcc3b247 --- /dev/null +++ b/spec/requests/time_accounting_spec.rb @@ -0,0 +1,36 @@ +require 'rails_helper' + +RSpec.describe 'Time Accounting', type: :request do + + let(:admin_user) do + create(:admin_user) + end + let(:customer_user) do + create(:customer_user) + end + let(:year) do + DateTime.now.utc.year + end + let(:month) do + DateTime.now.utc.month + end + + describe 'request handling' do + + it 'does time account report' do + group = create(:group) + ticket = create(:ticket, state: Ticket::State.lookup(name: 'open'), customer: customer_user ) + article = create(:ticket_article, ticket_id: ticket.id, type: Ticket::Article::Type.lookup(name: 'note') ) + + create(:ticket_time_accounting, ticket_id: ticket.id, ticket_article_id: article.id) + + authenticated_as(admin_user) + get "/api/v1/time_accounting/log/by_ticket/#{year}/#{month}?download=true", params: {} + + expect(response).to have_http_status(200) + expect(response['Content-Disposition']).to be_truthy + expect(response['Content-Disposition']).to eq("attachment; filename=\"by_ticket-#{year}-#{month}.xls\"") + expect(response['Content-Type']).to eq('application/vnd.ms-excel') + end + end +end diff --git a/spec/requests/user/organization_spec.rb b/spec/requests/user/organization_spec.rb new file mode 100644 index 000000000..d6d504777 --- /dev/null +++ b/spec/requests/user/organization_spec.rb @@ -0,0 +1,160 @@ +require 'rails_helper' + +RSpec.describe 'User Organization', type: :request, searchindex: true do + + let!(:admin_user) do + create(:admin_user, groups: Group.all) + end + let!(:agent_user) do + create(:agent_user, groups: Group.all) + end + let!(:customer_user) do + create(:customer_user) + end + let!(:organization) do + create(:organization, name: 'Rest Org', note: 'Rest Org A') + end + let!(:organization2) do + create(:organization, name: 'Rest Org #2', note: 'Rest Org B') + end + let!(:organization3) do + create(:organization, name: 'Rest Org #3', note: 'Rest Org C') + end + let!(:customer_user2) do + create(:customer_user, organization: organization) + end + + before(:each) do + configure_elasticsearch do + + travel 1.minute + + rebuild_searchindex + + # execute background jobs + Scheduler.worker(true) + + sleep 6 + end + end + + describe 'request handling' do + + it 'does organization index with agent' do + authenticated_as(agent_user) + get '/api/v1/organizations', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response[0]['member_ids']).to be_a_kind_of(Array) + expect(json_response.length >= 3).to be_truthy + + get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response.class).to eq(Array) + organizations = Organization.order(:id).limit(2) + expect(json_response[0]['id']).to eq(organizations[0].id) + expect(json_response[0]['member_ids']).to eq(organizations[0].member_ids) + expect(json_response[1]['id']).to eq(organizations[1].id) + expect(json_response[1]['member_ids']).to eq(organizations[1].member_ids) + expect(json_response.count).to eq(2) + + get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response.class).to eq(Array) + organizations = Organization.order(:id).limit(4) + expect(json_response[0]['id']).to eq(organizations[2].id) + expect(json_response[0]['member_ids']).to eq(organizations[2].member_ids) + expect(json_response[1]['id']).to eq(organizations[3].id) + expect(json_response[1]['member_ids']).to eq(organizations[3].member_ids) + + expect(json_response.count).to eq(2) + + # show/:id + get "/api/v1/organizations/#{organization.id}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['member_ids']).to be_a_kind_of(Array) + expect(json_response['members']).to be_falsey + expect('Rest Org').to eq(json_response['name']) + + get "/api/v1/organizations/#{organization2.id}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['member_ids']).to be_a_kind_of(Array) + expect(json_response['members']).to be_falsey + expect('Rest Org #2').to eq(json_response['name']) + + # search as agent + Scheduler.worker(true) + get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response.class).to eq(Array) + expect(json_response[0]['name']).to eq('Zammad Foundation') + expect(json_response[0]['member_ids']).to be_truthy + expect(json_response[0]['members']).to be_falsey + + get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response.class).to eq(Array) + expect(json_response[0]['name']).to eq('Zammad Foundation') + expect(json_response[0]['member_ids']).to be_truthy + expect(json_response[0]['members']).to be_truthy + + get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response.class).to eq(Array) + expect(json_response[0]['label']).to eq('Zammad Foundation') + expect(json_response[0]['value']).to eq('Zammad Foundation') + expect(json_response[0]['member_ids']).to be_falsey + expect(json_response[0]['members']).to be_falsey + end + + it 'does organization index with customer1' do + authenticated_as(customer_user) + get '/api/v1/organizations', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response.length).to eq(0) + + # show/:id + get "/api/v1/organizations/#{organization.id}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['name']).to be_nil + + get "/api/v1/organizations/#{organization2.id}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['name']).to be_nil + + # search + Scheduler.worker(true) + get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, as: :json + expect(response).to have_http_status(401) + end + + it 'does organization index with customer2' do + authenticated_as(customer_user2) + get '/api/v1/organizations', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response.length).to eq(1) + + # show/:id + get "/api/v1/organizations/#{organization.id}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect('Rest Org').to eq(json_response['name']) + + get "/api/v1/organizations/#{organization2.id}", params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['name']).to be_nil + + # search + Scheduler.worker(true) + get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, as: :json + expect(response).to have_http_status(401) + end + end +end diff --git a/spec/requests/user/permission_spec.rb b/spec/requests/user/permission_spec.rb new file mode 100644 index 000000000..87c00c748 --- /dev/null +++ b/spec/requests/user/permission_spec.rb @@ -0,0 +1,676 @@ +require 'rails_helper' + +RSpec.describe 'User endpoint', type: :request do + + let(:role_with_admin_user_permissions) do + create(:role).tap do |role| + role.permission_grant('admin.user') + end + end + let(:admin_with_admin_user_permissions) { create(:user, roles: [role_with_admin_user_permissions]) } + + let(:role_without_admin_user_permissions) do + create(:role).tap do |role| + role.permission_grant('admin.tag') + end + end + let(:admin_without_admin_user_permissions) { create(:user, roles: [role_without_admin_user_permissions]) } + + describe 'User creation' do + + let(:attributes) { attributes_params_for(:user) } + + it 'responds unauthorized for customer' do + requester = create(:customer_user) + authenticated_as(requester) + + expect do + post api_v1_users_path, params: attributes + end.to not_change { + User.count + } + + expect(response).to have_http_status(:unauthorized) + end + + context 'privileged attributes' do + + context 'group assignment' do + + # group access assignment is in general only valid for agents + # see HasGroups.groups_access_permission? + let(:agent_attributes) do + attributes.merge( + roles: Role.where(name: 'Agent').map(&:name), + ) + end + + shared_examples 'group assignment' do |map_method_id| + + it 'responds success for admin.user' do + authenticated_as(admin_with_admin_user_permissions) + + expect do + post api_v1_users_path, params: payload + end.to change { + User.count + }.by(1) + + expect(response).to have_http_status(:success) + expect(User.last.send(map_method_id)).to eq(send(map_method_id)) + end + + it 'responds unauthorized for sub admin without admin.user' do + authenticated_as(admin_without_admin_user_permissions) + + expect do + post api_v1_users_path, params: payload + end.to not_change { + User.count + } + + expect(response).to have_http_status(:unauthorized) + end + + it 'responds successful for agent but removes assignment' do + requester = create(:agent_user) + authenticated_as(requester) + + expect do + post api_v1_users_path, params: payload + end.to change { + User.count + }.by(1) + + expect(response).to have_http_status(:success) + expect(User.last.send(map_method_id)).to be_blank + end + end + + context 'parameter groups' do + + let(:group_names_access_map) do + Group.all.map { |g| [g.name, ['full']] }.to_h + end + + let(:payload) do + agent_attributes.merge( + groups: group_names_access_map, + ) + end + + it_behaves_like 'group assignment', :group_names_access_map + end + + context 'parameter group_ids' do + + let(:group_ids_access_map) do + Group.all.map { |g| [g.id, ['full']] }.to_h + end + + let(:payload) do + agent_attributes.merge( + group_ids: group_ids_access_map, + ) + end + + it_behaves_like 'group assignment', :group_ids_access_map + end + end + + context 'role assignment' do + + shared_examples 'role assignment' do + + let(:privileged) { Role.where(name: 'Admin') } + + it 'responds success for admin.user' do + authenticated_as(admin_with_admin_user_permissions) + + expect do + post api_v1_users_path, params: payload + end.to change { + User.count + }.by(1) + + expect(response).to have_http_status(:success) + expect(User.last.roles).to eq(privileged) + end + + it 'responds unauthorized for sub admin without admin.user' do + authenticated_as(admin_without_admin_user_permissions) + + expect do + post api_v1_users_path, params: payload + end.to not_change { + User.count + } + + expect(response).to have_http_status(:unauthorized) + end + + it 'responds successful for agent but removes assignment' do + requester = create(:agent_user) + authenticated_as(requester) + + expect do + post api_v1_users_path, params: payload + end.to change { + User.count + }.by(1) + + expect(response).to have_http_status(:success) + expect(User.last.roles).to eq(Role.signup_roles) + end + end + + context 'parameter roles' do + let(:payload) do + attributes.merge( + roles: privileged.map(&:name), + ) + end + + it_behaves_like 'role assignment' + end + + context 'parameter role_ids' do + let(:payload) do + attributes.merge( + role_ids: privileged.map(&:id), + ) + end + + it_behaves_like 'role assignment' + end + end + end + end + + describe 'User update' do + + def authorized_update_request(requester:, requested:) + authenticated_as(requester) + + expect do + put api_v1_update_user_path(requested), params: cleaned_params_for(requested).merge(firstname: 'Changed') + end.to change { + requested.reload.firstname + } + + expect(response).to have_http_status(:success) + end + + def unauthorized_update_request(requester:, requested:) + authenticated_as(requester) + + expect do + put api_v1_update_user_path(requested), params: cleaned_params_for(requested).merge(firstname: 'Changed') + end.to not_change { + requested.reload.attributes + } + + expect(response).to have_http_status(:unauthorized) + end + + context 'request by admin.user' do + + let(:requester) { admin_with_admin_user_permissions } + + it 'is successful for same admin' do + authorized_update_request( + requester: requester, + requested: requester, + ) + end + + it 'is successful for other admin' do + authorized_update_request( + requester: requester, + requested: create(:admin_user), + ) + end + + it 'is successful for agent' do + authorized_update_request( + requester: requester, + requested: create(:agent_user), + ) + end + + it 'is successful for customer' do + authorized_update_request( + requester: requester, + requested: create(:customer_user), + ) + end + end + + context 'request by sub admin without admin.user' do + + let(:requester) { admin_without_admin_user_permissions } + + it 'is unauthorized for same admin' do + unauthorized_update_request( + requester: requester, + requested: requester, + ) + end + + it 'is unauthorized for other admin' do + unauthorized_update_request( + requester: requester, + requested: create(:admin_user), + ) + end + + it 'is unauthorized for agent' do + unauthorized_update_request( + requester: requester, + requested: create(:agent_user), + ) + end + + it 'is unauthorized for customer' do + unauthorized_update_request( + requester: requester, + requested: create(:customer_user), + ) + end + end + + context 'request by agent' do + + let(:requester) { create(:agent_user) } + + it 'is unauthorized for admin' do + unauthorized_update_request( + requester: requester, + requested: create(:admin_user), + ) + end + + it 'is unauthorized same agent' do + unauthorized_update_request( + requester: requester, + requested: requester, + ) + end + + it 'is unauthorized for other agent' do + unauthorized_update_request( + requester: requester, + requested: create(:agent_user), + ) + end + + it 'is successful for customer' do + authorized_update_request( + requester: requester, + requested: create(:customer_user), + ) + end + end + + context 'request by customer' do + + let(:requester) { create(:customer_user) } + + it 'is unauthorized for admin' do + unauthorized_update_request( + requester: requester, + requested: create(:admin_user), + ) + end + + it 'is unauthorized for agent' do + unauthorized_update_request( + requester: requester, + requested: create(:agent_user), + ) + end + + it 'is unauthorized for same customer' do + unauthorized_update_request( + requester: requester, + requested: requester, + ) + end + + it 'is unauthorized for other customer' do + unauthorized_update_request( + requester: requester, + requested: create(:customer_user), + ) + end + + it 'is unauthorized for same organization' do + same_organization = create(:organization) + + requester.update!(organization: same_organization) + + unauthorized_update_request( + requester: requester, + requested: create(:customer_user, organization: same_organization), + ) + end + end + + context 'privileged attributes' do + + let(:requested) { create(:user) } + let(:attribute) { privileged.keys.first } + let(:payload) { cleaned_params_for(requested).merge(privileged) } + + def value_of_attribute + # we need to call .to_a otherwise Rails will load the + # ActiveRecord::Associations::CollectionProxy + # on comparsion which is to late + requested.reload.public_send(attribute).to_a + end + + shared_examples 'admin types requests' do + + it 'responds success for admin.user' do + authenticated_as(admin_with_admin_user_permissions) + + expect do + put api_v1_update_user_path(requested), params: payload + end.to change { + value_of_attribute + } + expect(response).to have_http_status(:success) + end + + it 'responds unauthorized for sub admin without admin.user' do + authenticated_as(admin_without_admin_user_permissions) + + expect do + put api_v1_update_user_path(requested), params: payload + end.to not_change { + value_of_attribute + } + + expect(response).to have_http_status(:unauthorized) + end + end + + shared_examples 'permitted agent update' do + + it 'responds successful for agent but removes assignment' do + requester = create(:agent_user) + authenticated_as(requester) + + expect do + put api_v1_update_user_path(requested), params: payload + end.to change { + value_of_attribute + } + + expect(response).to have_http_status(:success) + end + end + + shared_examples 'forbidden agent update' do + + it 'responds successful for agent but removes assignment' do + requester = create(:agent_user) + authenticated_as(requester) + + expect do + put api_v1_update_user_path(requested), params: payload + end.to not_change { + value_of_attribute + } + + expect(response).to have_http_status(:success) + end + end + + context 'group assignment' do + + context 'parameter groups' do + + let(:privileged) do + { + groups: Group.all.map { |g| [g.name, ['full']] }.to_h + } + end + + it_behaves_like 'admin types requests' + it_behaves_like 'forbidden agent update' + end + + context 'parameter group_ids' do + + let(:privileged) do + { + group_ids: Group.all.map { |g| [g.id, ['full']] }.to_h + } + end + + it_behaves_like 'admin types requests' + it_behaves_like 'forbidden agent update' + end + end + + context 'role assignment' do + + let(:admin_role) { Role.where(name: 'Admin') } + + context 'parameter roles' do + let(:privileged) do + { + roles: admin_role.map(&:name), + } + end + + it_behaves_like 'admin types requests' + it_behaves_like 'forbidden agent update' + end + + context 'parameter role_ids' do + let(:privileged) do + { + role_ids: admin_role.map(&:id), + } + end + + it_behaves_like 'admin types requests' + it_behaves_like 'forbidden agent update' + end + end + + context 'organization assignment' do + + let(:new_organizations) { create_list(:organization, 2) } + + context 'parameter organizations' do + let(:privileged) do + { + organizations: new_organizations.map(&:name), + } + end + + it_behaves_like 'admin types requests' + it_behaves_like 'permitted agent update' + end + + context 'parameter organization_ids' do + let(:privileged) do + { + organization_ids: new_organizations.map(&:id), + } + end + + it_behaves_like 'admin types requests' + it_behaves_like 'permitted agent update' + end + end + end + end + + describe 'User deletion' do + + def authorized_destroy_request(requester:, requested:) + authenticated_as(requester) + + delete api_v1_delete_user_path(requested) + + expect(response).to have_http_status(:success) + expect(requested).not_to exist_in_database + end + + def unauthorized_destroy_request(requester:, requested:) + authenticated_as(requester) + + delete api_v1_delete_user_path(requested) + + expect(response).to have_http_status(:unauthorized) + expect(requested).to exist_in_database + end + + context 'request by admin.user' do + + let(:requester) { admin_with_admin_user_permissions } + + it 'is successful for same admin' do + authorized_destroy_request( + requester: requester, + requested: requester, + ) + end + + it 'is successful for other admin' do + authorized_destroy_request( + requester: requester, + requested: create(:admin_user), + ) + end + + it 'is successful for agent' do + authorized_destroy_request( + requester: requester, + requested: create(:agent_user), + ) + end + + it 'is successful for customer' do + authorized_destroy_request( + requester: requester, + requested: create(:customer_user), + ) + end + end + + context 'request by sub admin without admin.user' do + + let(:requester) { admin_without_admin_user_permissions } + + it 'is unauthorized for same admin' do + unauthorized_destroy_request( + requester: requester, + requested: requester, + ) + end + + it 'is unauthorized for other admin' do + unauthorized_destroy_request( + requester: requester, + requested: create(:admin_user), + ) + end + + it 'is unauthorized for agent' do + unauthorized_destroy_request( + requester: requester, + requested: create(:agent_user), + ) + end + + it 'is unauthorized for customer' do + unauthorized_destroy_request( + requester: requester, + requested: create(:customer_user), + ) + end + end + + context 'request by agent' do + + let(:requester) { create(:agent_user) } + + it 'is unauthorized for admin' do + unauthorized_destroy_request( + requester: requester, + requested: create(:admin_user), + ) + end + + it 'is unauthorized same agent' do + unauthorized_destroy_request( + requester: requester, + requested: requester, + ) + end + + it 'is unauthorized for other agent' do + unauthorized_destroy_request( + requester: requester, + requested: create(:agent_user), + ) + end + + it 'is unauthorized for customer' do + unauthorized_destroy_request( + requester: requester, + requested: create(:customer_user), + ) + end + end + + context 'request by customer' do + + let(:requester) { create(:customer_user) } + + it 'is unauthorized for admin' do + unauthorized_destroy_request( + requester: requester, + requested: create(:admin_user), + ) + end + + it 'is unauthorized for agent' do + unauthorized_destroy_request( + requester: requester, + requested: create(:agent_user), + ) + end + + it 'is unauthorized for same customer' do + unauthorized_destroy_request( + requester: requester, + requested: requester, + ) + end + + it 'is unauthorized for other customer' do + unauthorized_destroy_request( + requester: requester, + requested: create(:customer_user), + ) + end + + it 'is unauthorized for same organization' do + same_organization = create(:organization) + + requester.update!(organization: same_organization) + + unauthorized_destroy_request( + requester: requester, + requested: create(:customer_user, organization: same_organization), + ) + end + end + end +end diff --git a/spec/requests/user_spec.rb b/spec/requests/user_spec.rb index 87c00c748..f0d6168cb 100644 --- a/spec/requests/user_spec.rb +++ b/spec/requests/user_spec.rb @@ -1,676 +1,1013 @@ require 'rails_helper' -RSpec.describe 'User endpoint', type: :request do +RSpec.describe 'User', type: :request, searchindex: true do - let(:role_with_admin_user_permissions) do - create(:role).tap do |role| - role.permission_grant('admin.user') + let!(:admin_user) do + create( + :admin_user, + groups: Group.all, + login: 'rest-admin', + firstname: 'Rest', + lastname: 'Agent', + email: 'rest-admin@example.com', + ) + end + let!(:admin_user_pw) do + create( + :admin_user, + groups: Group.all, + login: 'rest-admin-pw', + firstname: 'Rest', + lastname: 'Agent', + email: 'rest-admin-pw@example.com', + password: 'adminpw', + ) + end + let!(:agent_user) do + create( + :agent_user, + groups: Group.all, + login: 'rest-agent@example.com', + firstname: 'Rest', + lastname: 'Agent', + email: 'rest-agent@example.com', + ) + end + let!(:customer_user) do + create( + :customer_user, + login: 'rest-customer1@example.com', + firstname: 'Rest', + lastname: 'Customer1', + email: 'rest-customer1@example.com', + ) + end + let!(:organization) do + create(:organization, name: 'Rest Org') + end + let!(:organization2) do + create(:organization, name: 'Rest Org #2') + end + let!(:organization3) do + create(:organization, name: 'Rest Org #3') + end + let!(:customer_user2) do + create( + :customer_user, + organization: organization, + login: 'rest-customer2@example.com', + firstname: 'Rest', + lastname: 'Customer2', + email: 'rest-customer2@example.com', + ) + end + + before(:each) do + configure_elasticsearch do + + travel 1.minute + + rebuild_searchindex + + # execute background jobs + Scheduler.worker(true) + + sleep 6 end end - let(:admin_with_admin_user_permissions) { create(:user, roles: [role_with_admin_user_permissions]) } - let(:role_without_admin_user_permissions) do - create(:role).tap do |role| - role.permission_grant('admin.tag') + describe 'request handling' do + + it 'does user create tests - no user' do + + post '/api/v1/signshow', params: {}, as: :json + + # create user with disabled feature + Setting.set('user_create_account', false) + token = @response.headers['CSRF-TOKEN'] + + # token based on form + params = { email: 'some_new_customer@example.com', authenticity_token: token } + post '/api/v1/users', params: params, as: :json + expect(response).to have_http_status(422) + expect(json_response['error']).to be_truthy + expect(json_response['error']).to eq('Feature not enabled!') + + # token based on headers + headers = { 'X-CSRF-Token' => token } + params = { email: 'some_new_customer@example.com' } + post '/api/v1/users', params: params, headers: headers, as: :json + expect(response).to have_http_status(422) + expect(json_response['error']).to be_truthy + expect(json_response['error']).to eq('Feature not enabled!') + + Setting.set('user_create_account', true) + + # no signup param with enabled feature + params = { email: 'some_new_customer@example.com' } + post '/api/v1/users', params: params, headers: headers, as: :json + expect(response).to have_http_status(422) + expect(json_response['error']).to be_truthy + expect(json_response['error']).to eq('Only signup with not authenticate user possible!') + + # already existing user with enabled feature + params = { email: 'rest-customer1@example.com', signup: true } + post '/api/v1/users', params: params, headers: headers, as: :json + expect(response).to have_http_status(422) + expect(json_response['error']).to be_truthy + expect(json_response['error']).to eq('Email address is already used for other user.') + + # email missing with enabled feature + params = { firstname: 'some firstname', signup: true } + post '/api/v1/users', params: params, headers: headers, as: :json + expect(response).to have_http_status(422) + expect(json_response['error']).to be_truthy + expect(json_response['error']).to eq('Attribute \'email\' required!') + + # email missing with enabled feature + params = { firstname: 'some firstname', signup: true } + post '/api/v1/users', params: params, headers: headers, as: :json + expect(response).to have_http_status(422) + expect(json_response['error']).to be_truthy + expect(json_response['error']).to eq('Attribute \'email\' required!') + + # create user with enabled feature (take customer role) + params = { firstname: 'Me First', lastname: 'Me Last', email: 'new_here@example.com', signup: true } + post '/api/v1/users', params: params, headers: headers, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_truthy + + expect(json_response['firstname']).to eq('Me First') + expect(json_response['lastname']).to eq('Me Last') + expect(json_response['login']).to eq('new_here@example.com') + expect(json_response['email']).to eq('new_here@example.com') + user = User.find(json_response['id']) + expect(user.role?('Admin')).to be_falsey + expect(user.role?('Agent')).to be_falsey + expect(user.role?('Customer')).to be_truthy + + # create user with admin role (not allowed for signup, take customer role) + role = Role.lookup(name: 'Admin') + params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin@example.com', role_ids: [ role.id ], signup: true } + post '/api/v1/users', params: params, headers: headers, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_truthy + user = User.find(json_response['id']) + expect(user.role?('Admin')).to be_falsey + expect(user.role?('Agent')).to be_falsey + expect(user.role?('Customer')).to be_truthy + + # create user with agent role (not allowed for signup, take customer role) + role = Role.lookup(name: 'Agent') + params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent@example.com', role_ids: [ role.id ], signup: true } + post '/api/v1/users', params: params, headers: headers, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_truthy + user = User.find(json_response['id']) + expect(user.role?('Admin')).to be_falsey + expect(user.role?('Agent')).to be_falsey + expect(user.role?('Customer')).to be_truthy + + # no user (because of no session) + get '/api/v1/users', params: {}, headers: headers, as: :json + expect(response).to have_http_status(401) + expect(json_response['error']).to eq('authentication failed') + + # me + get '/api/v1/users/me', params: {}, headers: headers, as: :json + expect(response).to have_http_status(401) + expect(json_response['error']).to eq('authentication failed') end - end - let(:admin_without_admin_user_permissions) { create(:user, roles: [role_without_admin_user_permissions]) } - describe 'User creation' do + it 'does auth tests - not existing user' do + authenticated_as(nil, login: 'not_existing@example.com', password: 'adminpw') + get '/api/v1/users/me', params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response['error']).to eq('authentication failed') - let(:attributes) { attributes_params_for(:user) } + get '/api/v1/users', params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response['error']).to eq('authentication failed') + end - it 'responds unauthorized for customer' do - requester = create(:customer_user) - authenticated_as(requester) + it 'does auth tests - username auth, wrong pw' do + authenticated_as(admin_user, password: 'not_existing') + get '/api/v1/users', params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response['error']).to eq('authentication failed') + end - expect do - post api_v1_users_path, params: attributes - end.to not_change { - User.count + it 'does auth tests - email auth, wrong pw' do + authenticated_as(nil, login: 'rest-admin@example.com', password: 'not_existing') + get '/api/v1/users', params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response['error']).to eq('authentication failed') + end + + it 'does auth tests - username auth' do + authenticated_as(nil, login: 'rest-admin-pw', password: 'adminpw') + get '/api/v1/users', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_truthy + end + + it 'does auth tests - email auth' do + authenticated_as(nil, login: 'rest-admin-pw@example.com', password: 'adminpw') + get '/api/v1/users', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_truthy + end + + it 'does user index and create with admin' do + authenticated_as(admin_user) + get '/api/v1/users/me', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_truthy + expect('rest-admin@example.com').to eq(json_response['email']) + + # index + get '/api/v1/users', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_truthy + + # index + get '/api/v1/users', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_truthy + expect(Array).to eq(json_response.class) + expect(json_response.length >= 3).to be_truthy + + # show/:id + get "/api/v1/users/#{agent_user.id}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_truthy + expect(Hash).to eq(json_response.class) + expect('rest-agent@example.com').to eq(json_response['email']) + + get "/api/v1/users/#{customer_user.id}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_truthy + expect(Hash).to eq(json_response.class) + expect('rest-customer1@example.com').to eq(json_response['email']) + + # create user with admin role + role = Role.lookup(name: 'Admin') + params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_admin@example.com', role_ids: [ role.id ] } + post '/api/v1/users', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_truthy + user = User.find(json_response['id']) + expect(user.role?('Admin')).to be_truthy + expect(user.role?('Agent')).to be_falsey + expect(user.role?('Customer')).to be_falsey + expect(json_response['login']).to eq('new_admin_by_admin@example.com') + expect(json_response['email']).to eq('new_admin_by_admin@example.com') + + # create user with agent role + role = Role.lookup(name: 'Agent') + params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_admin1@example.com', role_ids: [ role.id ] } + post '/api/v1/users', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_truthy + user = User.find(json_response['id']) + expect(user.role?('Admin')).to be_falsey + expect(user.role?('Agent')).to be_truthy + expect(user.role?('Customer')).to be_falsey + expect(json_response['login']).to eq('new_agent_by_admin1@example.com') + expect(json_response['email']).to eq('new_agent_by_admin1@example.com') + + role = Role.lookup(name: 'Agent') + params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] } + post '/api/v1/users', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_truthy + user = User.find(json_response['id']) + expect(user.role?('Admin')).to be_falsey + expect(user.role?('Agent')).to be_truthy + expect(user.role?('Customer')).to be_falsey + expect(json_response['login']).to eq('new_agent_by_admin2@example.com') + expect(json_response['email']).to eq('new_agent_by_admin2@example.com') + expect(json_response['firstname']).to eq('Agent') + expect(json_response['lastname']).to eq('First') + + role = Role.lookup(name: 'Agent') + params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] } + post '/api/v1/users', params: params, as: :json + expect(response).to have_http_status(422) + expect(json_response).to be_truthy + expect(json_response['error']).to eq('Email address is already used for other user.') + + # missing required attributes + params = { note: 'some note' } + post '/api/v1/users', params: params, as: :json + expect(response).to have_http_status(422) + expect(json_response).to be_truthy + expect(json_response['error']).to eq('Minimum one identifier (login, firstname, lastname, phone or email) for user is required.') + + # invalid email + params = { firstname: 'newfirstname123', email: 'some_what', note: 'some note' } + post '/api/v1/users', params: params, as: :json + expect(response).to have_http_status(422) + expect(json_response).to be_truthy + expect(json_response['error']).to eq('Invalid email') + + # with valid attributes + params = { firstname: 'newfirstname123', note: 'some note' } + post '/api/v1/users', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_truthy + user = User.find(json_response['id']) + expect(user.role?('Admin')).to be_falsey + expect(user.role?('Agent')).to be_falsey + expect(user.role?('Customer')).to be_truthy + expect(json_response['login'].start_with?('auto-')).to be_truthy + expect(json_response['email']).to eq('') + expect(json_response['firstname']).to eq('newfirstname123') + expect(json_response['lastname']).to eq('') + end + + it 'does user index and create with agent' do + authenticated_as(agent_user) + get '/api/v1/users/me', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_truthy + expect('rest-agent@example.com').to eq(json_response['email']) + + # index + get '/api/v1/users', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_truthy + + # index + get '/api/v1/users', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_truthy + expect(Array).to eq(json_response.class) + expect(json_response.length >= 3).to be_truthy + + get '/api/v1/users?limit=40&page=1&per_page=2', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + users = User.order(:id).limit(2) + expect(json_response[0]['id']).to eq(users[0].id) + expect(json_response[1]['id']).to eq(users[1].id) + expect(json_response.count).to eq(2) + + get '/api/v1/users?limit=40&page=2&per_page=2', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + users = User.order(:id).limit(4) + expect(json_response[0]['id']).to eq(users[2].id) + expect(json_response[1]['id']).to eq(users[3].id) + expect(json_response.count).to eq(2) + + # create user with admin role + firstname = "First test#{rand(999_999_999)}" + role = Role.lookup(name: 'Admin') + params = { firstname: "Admin#{firstname}", lastname: 'Admin Last', email: 'new_admin_by_agent@example.com', role_ids: [ role.id ] } + post '/api/v1/users', params: params, as: :json + expect(response).to have_http_status(201) + json_response_user1 = JSON.parse(@response.body) + expect(json_response_user1).to be_truthy + user = User.find(json_response_user1['id']) + expect(user.role?('Admin')).to be_falsey + expect(user.role?('Agent')).to be_falsey + expect(user.role?('Customer')).to be_truthy + expect(json_response_user1['login']).to eq('new_admin_by_agent@example.com') + expect(json_response_user1['email']).to eq('new_admin_by_agent@example.com') + + # create user with agent role + role = Role.lookup(name: 'Agent') + params = { firstname: "Agent#{firstname}", lastname: 'Agent Last', email: 'new_agent_by_agent@example.com', role_ids: [ role.id ] } + post '/api/v1/users', params: params, as: :json + expect(response).to have_http_status(201) + json_response_user1 = JSON.parse(@response.body) + expect(json_response_user1).to be_truthy + user = User.find(json_response_user1['id']) + expect(user.role?('Admin')).to be_falsey + expect(user.role?('Agent')).to be_falsey + expect(user.role?('Customer')).to be_truthy + expect(json_response_user1['login']).to eq('new_agent_by_agent@example.com') + expect(json_response_user1['email']).to eq('new_agent_by_agent@example.com') + + # create user with customer role + role = Role.lookup(name: 'Customer') + params = { firstname: "Customer#{firstname}", lastname: 'Customer Last', email: 'new_customer_by_agent@example.com', role_ids: [ role.id ] } + post '/api/v1/users', params: params, as: :json + expect(response).to have_http_status(201) + json_response_user1 = JSON.parse(@response.body) + expect(json_response_user1).to be_truthy + user = User.find(json_response_user1['id']) + expect(user.role?('Admin')).to be_falsey + expect(user.role?('Agent')).to be_falsey + expect(user.role?('Customer')).to be_truthy + expect(json_response_user1['login']).to eq('new_customer_by_agent@example.com') + expect(json_response_user1['email']).to eq('new_customer_by_agent@example.com') + + # search as agent + Scheduler.worker(true) + sleep 2 # let es time to come ready + get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + + expect(json_response[0]['id']).to eq(json_response_user1['id']) + expect(json_response[0]['firstname']).to eq("Customer#{firstname}") + expect(json_response[0]['lastname']).to eq('Customer Last') + expect(json_response[0]['role_ids']).to be_truthy + expect(json_response[0]['roles']).to be_falsey + + get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&expand=true", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response[0]['id']).to eq(json_response_user1['id']) + expect(json_response[0]['firstname']).to eq("Customer#{firstname}") + expect(json_response[0]['lastname']).to eq('Customer Last') + expect(json_response[0]['role_ids']).to be_truthy + expect(json_response[0]['roles']).to be_truthy + + get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&label=true", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response[0]['id']).to eq(json_response_user1['id']) + expect(json_response[0]['label']).to eq("Customer#{firstname} Customer Last ") + expect(json_response[0]['value']).to eq("Customer#{firstname} Customer Last ") + expect(json_response[0]['role_ids']).to be_falsey + expect(json_response[0]['roles']).to be_falsey + + get "/api/v1/users/search?term=#{CGI.escape("Customer#{firstname}")}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response[0]['id']).to eq(json_response_user1['id']) + expect(json_response[0]['label']).to eq("Customer#{firstname} Customer Last ") + expect(json_response[0]['value']).to eq('new_customer_by_agent@example.com') + expect(json_response[0]['role_ids']).to be_falsey + expect(json_response[0]['roles']).to be_falsey + + role = Role.find_by(name: 'Agent') + get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response.count).to eq(0) + + role = Role.find_by(name: 'Customer') + get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response[0]['id']).to eq(json_response_user1['id']) + expect(json_response[0]['label']).to eq("Customer#{firstname} Customer Last ") + expect(json_response[0]['value']).to eq("Customer#{firstname} Customer Last ") + expect(json_response[0]['role_ids']).to be_falsey + expect(json_response[0]['roles']).to be_falsey + + permission = Permission.find_by(name: 'ticket.agent') + get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response.count).to eq(0) + + permission = Permission.find_by(name: 'ticket.customer') + get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response[0]['id']).to eq(json_response_user1['id']) + expect(json_response[0]['label']).to eq("Customer#{firstname} Customer Last ") + expect(json_response[0]['value']).to eq("Customer#{firstname} Customer Last ") + expect(json_response[0]['role_ids']).to be_falsey + expect(json_response[0]['roles']).to be_falsey + end + + it 'does user index and create with customer1' do + authenticated_as(customer_user) + get '/api/v1/users/me', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_truthy + expect('rest-customer1@example.com').to eq(json_response['email']) + + # index + get '/api/v1/users', params: {}, as: :json + expect(response).to have_http_status(200) + expect(Array).to eq(json_response.class) + expect(1).to eq(json_response.length) + + # show/:id + get "/api/v1/users/#{customer_user.id}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(Hash).to eq(json_response.class) + expect('rest-customer1@example.com').to eq(json_response['email']) + + get "/api/v1/users/#{customer_user2.id}", params: {}, as: :json + expect(response).to have_http_status(401) + expect(Hash).to eq(json_response.class) + expect(json_response['error']).to be_truthy + + # create user with admin role + role = Role.lookup(name: 'Admin') + params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_customer1@example.com', role_ids: [ role.id ] } + post '/api/v1/users', params: params, as: :json + expect(response).to have_http_status(401) + + # create user with agent role + role = Role.lookup(name: 'Agent') + params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_customer1@example.com', role_ids: [ role.id ] } + post '/api/v1/users', params: params, as: :json + expect(response).to have_http_status(401) + + # search + Scheduler.worker(true) + get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, as: :json + expect(response).to have_http_status(401) + end + + it 'does user index with customer2' do + authenticated_as(customer_user2) + get '/api/v1/users/me', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_truthy + expect('rest-customer2@example.com').to eq(json_response['email']) + + # index + get '/api/v1/users', params: {}, as: :json + expect(response).to have_http_status(200) + expect(Array).to eq(json_response.class) + expect(1).to eq(json_response.length) + + # show/:id + get "/api/v1/users/#{customer_user2.id}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(Hash).to eq(json_response.class) + expect('rest-customer2@example.com').to eq(json_response['email']) + + get "/api/v1/users/#{customer_user.id}", params: {}, as: :json + expect(response).to have_http_status(401) + expect(Hash).to eq(json_response.class) + expect(json_response['error']).to be_truthy + + # search + Scheduler.worker(true) + get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, as: :json + expect(response).to have_http_status(401) + end + + it 'does users show and response format (04.01)' do + user = create( + :customer_user, + login: 'rest-customer3@example.com', + firstname: 'Rest', + lastname: 'Customer3', + email: 'rest-customer3@example.com', + password: 'customer3pw', + active: true, + organization: organization, + updated_by_id: admin_user.id, + created_by_id: admin_user.id, + ) + + authenticated_as(admin_user) + get "/api/v1/users/#{user.id}", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['id']).to eq(user.id) + expect(json_response['firstname']).to eq(user.firstname) + expect(json_response['organization']).to be_falsey + expect(json_response['organization_id']).to eq(user.organization_id) + expect(json_response['password']).to be_falsey + expect(json_response['role_ids']).to eq(user.role_ids) + expect(json_response['updated_by_id']).to eq(admin_user.id) + expect(json_response['created_by_id']).to eq(admin_user.id) + + get "/api/v1/users/#{user.id}?expand=true", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['id']).to eq(user.id) + expect(json_response['firstname']).to eq(user.firstname) + expect(json_response['organization_id']).to eq(user.organization_id) + expect(json_response['organization']).to eq(user.organization.name) + expect(json_response['role_ids']).to eq(user.role_ids) + expect(json_response['password']).to be_falsey + expect(json_response['updated_by_id']).to eq(admin_user.id) + expect(json_response['created_by_id']).to eq(admin_user.id) + + get "/api/v1/users/#{user.id}?expand=false", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['id']).to eq(user.id) + expect(json_response['firstname']).to eq(user.firstname) + expect(json_response['organization']).to be_falsey + expect(json_response['organization_id']).to eq(user.organization_id) + expect(json_response['password']).to be_falsey + expect(json_response['role_ids']).to eq(user.role_ids) + expect(json_response['updated_by_id']).to eq(admin_user.id) + expect(json_response['created_by_id']).to eq(admin_user.id) + + get "/api/v1/users/#{user.id}?full=true", params: {}, as: :json + expect(response).to have_http_status(200) + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['id']).to eq(user.id) + expect(json_response['assets']).to be_truthy + expect(json_response['assets']['User']).to be_truthy + expect(json_response['assets']['User'][user.id.to_s]).to be_truthy + expect(json_response['assets']['User'][user.id.to_s]['id']).to eq(user.id) + expect(json_response['assets']['User'][user.id.to_s]['firstname']).to eq(user.firstname) + expect(json_response['assets']['User'][user.id.to_s]['organization_id']).to eq(user.organization_id) + expect(json_response['assets']['User'][user.id.to_s]['role_ids']).to eq(user.role_ids) + + get "/api/v1/users/#{user.id}?full=false", params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['id']).to eq(user.id) + expect(json_response['firstname']).to eq(user.firstname) + expect(json_response['organization']).to be_falsey + expect(json_response['organization_id']).to eq(user.organization_id) + expect(json_response['password']).to be_falsey + expect(json_response['role_ids']).to eq(user.role_ids) + expect(json_response['updated_by_id']).to eq(admin_user.id) + expect(json_response['created_by_id']).to eq(admin_user.id) + end + + it 'does user index and response format (04.02)' do + user = create( + :customer_user, + login: 'rest-customer3@example.com', + firstname: 'Rest', + lastname: 'Customer3', + email: 'rest-customer3@example.com', + password: 'customer3pw', + active: true, + organization: organization, + updated_by_id: admin_user.id, + created_by_id: admin_user.id, + ) + + authenticated_as(admin_user) + get '/api/v1/users', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response[0].class).to eq(Hash) + expect(json_response.last['id']).to eq(user.id) + expect(json_response.last['lastname']).to eq(user.lastname) + expect(json_response.last['organization']).to be_falsey + expect(json_response.last['role_ids']).to eq(user.role_ids) + expect(json_response.last['organization_id']).to eq(user.organization_id) + expect(json_response.last['password']).to be_falsey + expect(json_response.last['updated_by_id']).to eq(admin_user.id) + expect(json_response.last['created_by_id']).to eq(admin_user.id) + + get '/api/v1/users?expand=true', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response[0].class).to eq(Hash) + expect(json_response.last['id']).to eq(user.id) + expect(json_response.last['lastname']).to eq(user.lastname) + expect(json_response.last['organization_id']).to eq(user.organization_id) + expect(json_response.last['organization']).to eq(user.organization.name) + expect(json_response.last['password']).to be_falsey + expect(json_response.last['updated_by_id']).to eq(admin_user.id) + expect(json_response.last['created_by_id']).to eq(admin_user.id) + + get '/api/v1/users?expand=false', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response[0].class).to eq(Hash) + expect(json_response.last['id']).to eq(user.id) + expect(json_response.last['lastname']).to eq(user.lastname) + expect(json_response.last['organization']).to be_falsey + expect(json_response.last['role_ids']).to eq(user.role_ids) + expect(json_response.last['organization_id']).to eq(user.organization_id) + expect(json_response.last['password']).to be_falsey + expect(json_response.last['updated_by_id']).to eq(admin_user.id) + expect(json_response.last['created_by_id']).to eq(admin_user.id) + + get '/api/v1/users?full=true', params: {}, as: :json + expect(response).to have_http_status(200) + + expect(json_response).to be_a_kind_of(Hash) + expect(json_response['record_ids'].class).to eq(Array) + expect(json_response['record_ids'][0]).to eq(1) + expect(json_response['record_ids'].last).to eq(user.id) + expect(json_response['assets']).to be_truthy + expect(json_response['assets']['User']).to be_truthy + expect(json_response['assets']['User'][user.id.to_s]).to be_truthy + expect(json_response['assets']['User'][user.id.to_s]['id']).to eq(user.id) + expect(json_response['assets']['User'][user.id.to_s]['lastname']).to eq(user.lastname) + expect(json_response['assets']['User'][user.id.to_s]['organization_id']).to eq(user.organization_id) + expect(json_response['assets']['User'][user.id.to_s]['password']).to be_falsey + + get '/api/v1/users?full=false', params: {}, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + expect(json_response[0].class).to eq(Hash) + expect(json_response.last['id']).to eq(user.id) + expect(json_response.last['lastname']).to eq(user.lastname) + expect(json_response.last['organization']).to be_falsey + expect(json_response.last['role_ids']).to eq(user.role_ids) + expect(json_response.last['organization_id']).to eq(user.organization_id) + expect(json_response.last['password']).to be_falsey + expect(json_response.last['updated_by_id']).to eq(admin_user.id) + expect(json_response.last['created_by_id']).to eq(admin_user.id) + end + + it 'does ticket create and response format (04.03)' do + organization = Organization.first + params = { + firstname: 'newfirstname123', + note: 'some note', + organization: organization.name, } - expect(response).to have_http_status(:unauthorized) + authenticated_as(admin_user) + post '/api/v1/users', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + + user = User.find(json_response['id']) + expect(json_response['firstname']).to eq(user.firstname) + expect(json_response['organization_id']).to eq(user.organization_id) + expect(json_response['organization']).to be_falsey + expect(json_response['password']).to be_falsey + expect(json_response['updated_by_id']).to eq(admin_user.id) + expect(json_response['created_by_id']).to eq(admin_user.id) + + post '/api/v1/users?expand=true', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + + user = User.find(json_response['id']) + expect(json_response['firstname']).to eq(user.firstname) + expect(json_response['organization_id']).to eq(user.organization_id) + expect(json_response['organization']).to eq(user.organization.name) + expect(json_response['password']).to be_falsey + expect(json_response['updated_by_id']).to eq(admin_user.id) + expect(json_response['created_by_id']).to eq(admin_user.id) + + post '/api/v1/users?full=true', params: params, as: :json + expect(response).to have_http_status(201) + expect(json_response).to be_a_kind_of(Hash) + + user = User.find(json_response['id']) + expect(json_response['assets']).to be_truthy + expect(json_response['assets']['User']).to be_truthy + expect(json_response['assets']['User'][user.id.to_s]).to be_truthy + expect(json_response['assets']['User'][user.id.to_s]['id']).to eq(user.id) + expect(json_response['assets']['User'][user.id.to_s]['firstname']).to eq(user.firstname) + expect(json_response['assets']['User'][user.id.to_s]['lastname']).to eq(user.lastname) + expect(json_response['assets']['User'][user.id.to_s]['password']).to be_falsey + + expect(json_response['assets']['User'][admin_user.id.to_s]).to be_truthy + expect(json_response['assets']['User'][admin_user.id.to_s]['id']).to eq(admin_user.id) + expect(json_response['assets']['User'][admin_user.id.to_s]['firstname']).to eq(admin_user.firstname) + expect(json_response['assets']['User'][admin_user.id.to_s]['lastname']).to eq(admin_user.lastname) + expect(json_response['assets']['User'][admin_user.id.to_s]['password']).to be_falsey + end - context 'privileged attributes' do + it 'does ticket update and response formats (04.04)' do + user = create( + :customer_user, + login: 'rest-customer3@example.com', + firstname: 'Rest', + lastname: 'Customer3', + email: 'rest-customer3@example.com', + password: 'customer3pw', + active: true, + organization: organization, + updated_by_id: admin_user.id, + created_by_id: admin_user.id, + ) - context 'group assignment' do - - # group access assignment is in general only valid for agents - # see HasGroups.groups_access_permission? - let(:agent_attributes) do - attributes.merge( - roles: Role.where(name: 'Agent').map(&:name), - ) - end - - shared_examples 'group assignment' do |map_method_id| - - it 'responds success for admin.user' do - authenticated_as(admin_with_admin_user_permissions) - - expect do - post api_v1_users_path, params: payload - end.to change { - User.count - }.by(1) - - expect(response).to have_http_status(:success) - expect(User.last.send(map_method_id)).to eq(send(map_method_id)) - end - - it 'responds unauthorized for sub admin without admin.user' do - authenticated_as(admin_without_admin_user_permissions) - - expect do - post api_v1_users_path, params: payload - end.to not_change { - User.count - } - - expect(response).to have_http_status(:unauthorized) - end - - it 'responds successful for agent but removes assignment' do - requester = create(:agent_user) - authenticated_as(requester) - - expect do - post api_v1_users_path, params: payload - end.to change { - User.count - }.by(1) - - expect(response).to have_http_status(:success) - expect(User.last.send(map_method_id)).to be_blank - end - end - - context 'parameter groups' do - - let(:group_names_access_map) do - Group.all.map { |g| [g.name, ['full']] }.to_h - end - - let(:payload) do - agent_attributes.merge( - groups: group_names_access_map, - ) - end - - it_behaves_like 'group assignment', :group_names_access_map - end - - context 'parameter group_ids' do - - let(:group_ids_access_map) do - Group.all.map { |g| [g.id, ['full']] }.to_h - end - - let(:payload) do - agent_attributes.merge( - group_ids: group_ids_access_map, - ) - end - - it_behaves_like 'group assignment', :group_ids_access_map - end - end - - context 'role assignment' do - - shared_examples 'role assignment' do - - let(:privileged) { Role.where(name: 'Admin') } - - it 'responds success for admin.user' do - authenticated_as(admin_with_admin_user_permissions) - - expect do - post api_v1_users_path, params: payload - end.to change { - User.count - }.by(1) - - expect(response).to have_http_status(:success) - expect(User.last.roles).to eq(privileged) - end - - it 'responds unauthorized for sub admin without admin.user' do - authenticated_as(admin_without_admin_user_permissions) - - expect do - post api_v1_users_path, params: payload - end.to not_change { - User.count - } - - expect(response).to have_http_status(:unauthorized) - end - - it 'responds successful for agent but removes assignment' do - requester = create(:agent_user) - authenticated_as(requester) - - expect do - post api_v1_users_path, params: payload - end.to change { - User.count - }.by(1) - - expect(response).to have_http_status(:success) - expect(User.last.roles).to eq(Role.signup_roles) - end - end - - context 'parameter roles' do - let(:payload) do - attributes.merge( - roles: privileged.map(&:name), - ) - end - - it_behaves_like 'role assignment' - end - - context 'parameter role_ids' do - let(:payload) do - attributes.merge( - role_ids: privileged.map(&:id), - ) - end - - it_behaves_like 'role assignment' - end - end - end - end - - describe 'User update' do - - def authorized_update_request(requester:, requested:) - authenticated_as(requester) - - expect do - put api_v1_update_user_path(requested), params: cleaned_params_for(requested).merge(firstname: 'Changed') - end.to change { - requested.reload.firstname + authenticated_as(admin_user) + params = { + firstname: 'a update firstname #1', } + put "/api/v1/users/#{user.id}", params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) - expect(response).to have_http_status(:success) - end + user = User.find(json_response['id']) + expect(json_response['lastname']).to eq(user.lastname) + expect(json_response['firstname']).to eq(params[:firstname]) + expect(json_response['organization_id']).to eq(user.organization_id) + expect(json_response['organization']).to be_falsey + expect(json_response['password']).to be_falsey + expect(json_response['updated_by_id']).to eq(admin_user.id) + expect(json_response['created_by_id']).to eq(admin_user.id) - def unauthorized_update_request(requester:, requested:) - authenticated_as(requester) - - expect do - put api_v1_update_user_path(requested), params: cleaned_params_for(requested).merge(firstname: 'Changed') - end.to not_change { - requested.reload.attributes + params = { + firstname: 'a update firstname #2', } + put "/api/v1/users/#{user.id}?expand=true", params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + + user = User.find(json_response['id']) + expect(json_response['lastname']).to eq(user.lastname) + expect(json_response['firstname']).to eq(params[:firstname]) + expect(json_response['organization_id']).to eq(user.organization_id) + expect(json_response['organization']).to eq(user.organization.name) + expect(json_response['password']).to be_falsey + expect(json_response['updated_by_id']).to eq(admin_user.id) + expect(json_response['created_by_id']).to eq(admin_user.id) + + params = { + firstname: 'a update firstname #3', + } + put "/api/v1/users/#{user.id}?full=true", params: params, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + + user = User.find(json_response['id']) + expect(json_response['assets']).to be_truthy + expect(json_response['assets']['User']).to be_truthy + expect(json_response['assets']['User'][user.id.to_s]).to be_truthy + expect(json_response['assets']['User'][user.id.to_s]['id']).to eq(user.id) + expect(json_response['assets']['User'][user.id.to_s]['firstname']).to eq(params[:firstname]) + expect(json_response['assets']['User'][user.id.to_s]['lastname']).to eq(user.lastname) + expect(json_response['assets']['User'][user.id.to_s]['password']).to be_falsey + + expect(json_response['assets']['User'][admin_user.id.to_s]).to be_truthy + expect(json_response['assets']['User'][admin_user.id.to_s]['id']).to eq(admin_user.id) + expect(json_response['assets']['User'][admin_user.id.to_s]['firstname']).to eq(admin_user.firstname) + expect(json_response['assets']['User'][admin_user.id.to_s]['lastname']).to eq(admin_user.lastname) + expect(json_response['assets']['User'][admin_user.id.to_s]['password']).to be_falsey - expect(response).to have_http_status(:unauthorized) end - context 'request by admin.user' do + it 'does csv example - customer no access (05.01)' do - let(:requester) { admin_with_admin_user_permissions } - - it 'is successful for same admin' do - authorized_update_request( - requester: requester, - requested: requester, - ) - end - - it 'is successful for other admin' do - authorized_update_request( - requester: requester, - requested: create(:admin_user), - ) - end - - it 'is successful for agent' do - authorized_update_request( - requester: requester, - requested: create(:agent_user), - ) - end - - it 'is successful for customer' do - authorized_update_request( - requester: requester, - requested: create(:customer_user), - ) - end + authenticated_as(customer_user) + get '/api/v1/users/import_example', params: {}, as: :json + expect(response).to have_http_status(401) + expect(json_response['error']).to eq('Not authorized (user)!') end - context 'request by sub admin without admin.user' do + it 'does csv example - admin access (05.02)' do - let(:requester) { admin_without_admin_user_permissions } + authenticated_as(admin_user) + get '/api/v1/users/import_example', params: {}, as: :json + expect(response).to have_http_status(200) - it 'is unauthorized for same admin' do - unauthorized_update_request( - requester: requester, - requested: requester, - ) - end + rows = CSV.parse(@response.body) + header = rows.shift - it 'is unauthorized for other admin' do - unauthorized_update_request( - requester: requester, - requested: create(:admin_user), - ) - end - - it 'is unauthorized for agent' do - unauthorized_update_request( - requester: requester, - requested: create(:agent_user), - ) - end - - it 'is unauthorized for customer' do - unauthorized_update_request( - requester: requester, - requested: create(:customer_user), - ) - end + expect(header[0]).to eq('id') + expect(header[1]).to eq('login') + expect(header[2]).to eq('firstname') + expect(header[3]).to eq('lastname') + expect(header[4]).to eq('email') + expect(header.include?('organization')).to be_truthy end - context 'request by agent' do + it 'does csv import - admin access (05.03)' do - let(:requester) { create(:agent_user) } + # invalid file + csv_file_path = Rails.root.join('test', 'data', 'csv', 'user_simple_col_not_existing.csv') + csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') + authenticated_as(admin_user) + post '/api/v1/users/import?try=true', params: { file: csv_file, col_sep: ';' } + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) - it 'is unauthorized for admin' do - unauthorized_update_request( - requester: requester, - requested: create(:admin_user), - ) - end + expect(json_response['try']).to eq(true) + expect(json_response['records'].count).to eq(2) + expect(json_response['result']).to eq('failed') + expect(json_response['errors'].count).to eq(2) + expect(json_response['errors'][0]).to eq("Line 1: unknown attribute 'firstname2' for User.") + expect(json_response['errors'][1]).to eq("Line 2: unknown attribute 'firstname2' for User.") - it 'is unauthorized same agent' do - unauthorized_update_request( - requester: requester, - requested: requester, - ) - end + # valid file try + csv_file_path = Rails.root.join('test', 'data', 'csv', 'user_simple.csv') + csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') + post '/api/v1/users/import?try=true', params: { file: csv_file, col_sep: ';' } + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) - it 'is unauthorized for other agent' do - unauthorized_update_request( - requester: requester, - requested: create(:agent_user), - ) - end + expect(json_response['try']).to eq(true) + expect(json_response['records'].count).to eq(2) + expect(json_response['result']).to eq('success') - it 'is successful for customer' do - authorized_update_request( - requester: requester, - requested: create(:customer_user), - ) - end + expect(User.find_by(login: 'user-simple-import1')).to be_nil + expect(User.find_by(login: 'user-simple-import2')).to be_nil + + # valid file + csv_file_path = Rails.root.join('test', 'data', 'csv', 'user_simple.csv') + csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') + post '/api/v1/users/import', params: { file: csv_file, col_sep: ';' } + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Hash) + + expect(json_response['try']).to eq(false) + expect(json_response['records'].count).to eq(2) + expect(json_response['result']).to eq('success') + + user1 = User.find_by(login: 'user-simple-import1') + expect(user1).to be_truthy + expect(user1.login).to eq('user-simple-import1') + expect(user1.firstname).to eq('firstname-simple-import1') + expect(user1.lastname).to eq('lastname-simple-import1') + expect(user1.email).to eq('user-simple-import1@example.com') + expect(user1.active).to eq(true) + user2 = User.find_by(login: 'user-simple-import2') + expect(user2).to be_truthy + expect(user2.login).to eq('user-simple-import2') + expect(user2.firstname).to eq('firstname-simple-import2') + expect(user2.lastname).to eq('lastname-simple-import2') + expect(user2.email).to eq('user-simple-import2@example.com') + expect(user2.active).to eq(false) + + user1.destroy! + user2.destroy! end - context 'request by customer' do - - let(:requester) { create(:customer_user) } - - it 'is unauthorized for admin' do - unauthorized_update_request( - requester: requester, - requested: create(:admin_user), - ) - end - - it 'is unauthorized for agent' do - unauthorized_update_request( - requester: requester, - requested: create(:agent_user), - ) - end - - it 'is unauthorized for same customer' do - unauthorized_update_request( - requester: requester, - requested: requester, - ) - end - - it 'is unauthorized for other customer' do - unauthorized_update_request( - requester: requester, - requested: create(:customer_user), - ) - end - - it 'is unauthorized for same organization' do - same_organization = create(:organization) - - requester.update!(organization: same_organization) - - unauthorized_update_request( - requester: requester, - requested: create(:customer_user, organization: same_organization), - ) - end - end - - context 'privileged attributes' do - - let(:requested) { create(:user) } - let(:attribute) { privileged.keys.first } - let(:payload) { cleaned_params_for(requested).merge(privileged) } - - def value_of_attribute - # we need to call .to_a otherwise Rails will load the - # ActiveRecord::Associations::CollectionProxy - # on comparsion which is to late - requested.reload.public_send(attribute).to_a - end - - shared_examples 'admin types requests' do - - it 'responds success for admin.user' do - authenticated_as(admin_with_admin_user_permissions) - - expect do - put api_v1_update_user_path(requested), params: payload - end.to change { - value_of_attribute - } - expect(response).to have_http_status(:success) - end - - it 'responds unauthorized for sub admin without admin.user' do - authenticated_as(admin_without_admin_user_permissions) - - expect do - put api_v1_update_user_path(requested), params: payload - end.to not_change { - value_of_attribute - } - - expect(response).to have_http_status(:unauthorized) - end - end - - shared_examples 'permitted agent update' do - - it 'responds successful for agent but removes assignment' do - requester = create(:agent_user) - authenticated_as(requester) - - expect do - put api_v1_update_user_path(requested), params: payload - end.to change { - value_of_attribute - } - - expect(response).to have_http_status(:success) - end - end - - shared_examples 'forbidden agent update' do - - it 'responds successful for agent but removes assignment' do - requester = create(:agent_user) - authenticated_as(requester) - - expect do - put api_v1_update_user_path(requested), params: payload - end.to not_change { - value_of_attribute - } - - expect(response).to have_http_status(:success) - end - end - - context 'group assignment' do - - context 'parameter groups' do - - let(:privileged) do - { - groups: Group.all.map { |g| [g.name, ['full']] }.to_h - } - end - - it_behaves_like 'admin types requests' - it_behaves_like 'forbidden agent update' - end - - context 'parameter group_ids' do - - let(:privileged) do - { - group_ids: Group.all.map { |g| [g.id, ['full']] }.to_h - } - end - - it_behaves_like 'admin types requests' - it_behaves_like 'forbidden agent update' - end - end - - context 'role assignment' do - - let(:admin_role) { Role.where(name: 'Admin') } - - context 'parameter roles' do - let(:privileged) do - { - roles: admin_role.map(&:name), - } - end - - it_behaves_like 'admin types requests' - it_behaves_like 'forbidden agent update' - end - - context 'parameter role_ids' do - let(:privileged) do - { - role_ids: admin_role.map(&:id), - } - end - - it_behaves_like 'admin types requests' - it_behaves_like 'forbidden agent update' - end - end - - context 'organization assignment' do - - let(:new_organizations) { create_list(:organization, 2) } - - context 'parameter organizations' do - let(:privileged) do - { - organizations: new_organizations.map(&:name), - } - end - - it_behaves_like 'admin types requests' - it_behaves_like 'permitted agent update' - end - - context 'parameter organization_ids' do - let(:privileged) do - { - organization_ids: new_organizations.map(&:id), - } - end - - it_behaves_like 'admin types requests' - it_behaves_like 'permitted agent update' - end - end - end - end - - describe 'User deletion' do - - def authorized_destroy_request(requester:, requested:) - authenticated_as(requester) - - delete api_v1_delete_user_path(requested) - - expect(response).to have_http_status(:success) - expect(requested).not_to exist_in_database - end - - def unauthorized_destroy_request(requester:, requested:) - authenticated_as(requester) - - delete api_v1_delete_user_path(requested) - - expect(response).to have_http_status(:unauthorized) - expect(requested).to exist_in_database - end - - context 'request by admin.user' do - - let(:requester) { admin_with_admin_user_permissions } - - it 'is successful for same admin' do - authorized_destroy_request( - requester: requester, - requested: requester, - ) - end - - it 'is successful for other admin' do - authorized_destroy_request( - requester: requester, - requested: create(:admin_user), - ) - end - - it 'is successful for agent' do - authorized_destroy_request( - requester: requester, - requested: create(:agent_user), - ) - end - - it 'is successful for customer' do - authorized_destroy_request( - requester: requester, - requested: create(:customer_user), - ) - end - end - - context 'request by sub admin without admin.user' do - - let(:requester) { admin_without_admin_user_permissions } - - it 'is unauthorized for same admin' do - unauthorized_destroy_request( - requester: requester, - requested: requester, - ) - end - - it 'is unauthorized for other admin' do - unauthorized_destroy_request( - requester: requester, - requested: create(:admin_user), - ) - end - - it 'is unauthorized for agent' do - unauthorized_destroy_request( - requester: requester, - requested: create(:agent_user), - ) - end - - it 'is unauthorized for customer' do - unauthorized_destroy_request( - requester: requester, - requested: create(:customer_user), - ) - end - end - - context 'request by agent' do - - let(:requester) { create(:agent_user) } - - it 'is unauthorized for admin' do - unauthorized_destroy_request( - requester: requester, - requested: create(:admin_user), - ) - end - - it 'is unauthorized same agent' do - unauthorized_destroy_request( - requester: requester, - requested: requester, - ) - end - - it 'is unauthorized for other agent' do - unauthorized_destroy_request( - requester: requester, - requested: create(:agent_user), - ) - end - - it 'is unauthorized for customer' do - unauthorized_destroy_request( - requester: requester, - requested: create(:customer_user), - ) - end - end - - context 'request by customer' do - - let(:requester) { create(:customer_user) } - - it 'is unauthorized for admin' do - unauthorized_destroy_request( - requester: requester, - requested: create(:admin_user), - ) - end - - it 'is unauthorized for agent' do - unauthorized_destroy_request( - requester: requester, - requested: create(:agent_user), - ) - end - - it 'is unauthorized for same customer' do - unauthorized_destroy_request( - requester: requester, - requested: requester, - ) - end - - it 'is unauthorized for other customer' do - unauthorized_destroy_request( - requester: requester, - requested: create(:customer_user), - ) - end - - it 'is unauthorized for same organization' do - same_organization = create(:organization) - - requester.update!(organization: same_organization) - - unauthorized_destroy_request( - requester: requester, - requested: create(:customer_user, organization: same_organization), - ) - end + it 'does user search sortable' do + firstname = "user_search_sortable #{rand(999_999_999)}" + + user1 = create( + :customer_user, + login: 'rest-user_search_sortableA@example.com', + firstname: "#{firstname} A", + lastname: 'user_search_sortableA', + email: 'rest-user_search_sortableA@example.com', + password: 'user_search_sortableA', + active: true, + organization_id: organization.id, + out_of_office: false, + created_at: '2016-02-05 17:42:00', + ) + user2 = create( + :customer_user, + login: 'rest-user_search_sortableB@example.com', + firstname: "#{firstname} B", + lastname: 'user_search_sortableB', + email: 'rest-user_search_sortableB@example.com', + password: 'user_search_sortableB', + active: true, + organization_id: organization.id, + out_of_office_start_at: '2016-02-06 19:42:00', + out_of_office_end_at: '2016-02-07 19:42:00', + out_of_office_replacement_id: 1, + out_of_office: true, + created_at: '2016-02-05 19:42:00', + ) + Scheduler.worker(true) + sleep 2 # let es time to come ready + + authenticated_as(admin_user) + get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'created_at', order_by: 'asc' }, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + result = json_response + result.collect! { |v| v['id'] } + expect(result).to eq([user1.id, user2.id]) + + get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'firstname', order_by: 'asc' }, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + result = json_response + result.collect! { |v| v['id'] } + expect(result).to eq([user1.id, user2.id]) + + get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'firstname', order_by: 'desc' }, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + result = json_response + result.collect! { |v| v['id'] } + expect(result).to eq([user2.id, user1.id]) + + get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[firstname created_at], order_by: %w[desc asc] }, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + result = json_response + result.collect! { |v| v['id'] } + expect(result).to eq([user2.id, user1.id]) + + get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[firstname created_at], order_by: %w[desc asc] }, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + result = json_response + result.collect! { |v| v['id'] } + expect(result).to eq([user2.id, user1.id]) + + get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'out_of_office', order_by: 'asc' }, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + result = json_response + result.collect! { |v| v['id'] } + expect(result).to eq([user1.id, user2.id]) + + get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'out_of_office', order_by: 'desc' }, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + result = json_response + result.collect! { |v| v['id'] } + expect(result).to eq([user2.id, user1.id]) + + get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[created_by_id created_at], order_by: %w[asc asc] }, as: :json + expect(response).to have_http_status(200) + expect(json_response).to be_a_kind_of(Array) + result = json_response + result.collect! { |v| v['id'] } + expect(result).to eq([user1.id, user2.id]) end end end diff --git a/spec/support/request.rb b/spec/support/request.rb index 762859a04..1ef7548b6 100644 --- a/spec/support/request.rb +++ b/spec/support/request.rb @@ -51,16 +51,38 @@ module ZammadSpecSupportRequest # @example # authenticated_as(some_admin_user) # + # @example + # authenticated_as(some_admin_user, on_behalf_of: customer_user) + # + # @example + # authenticated_as(some_admin_user, password: 'wrongpw') + # + # @example + # authenticated_as(some_admin_user, password: 'wrongpw', token: create(:token, action: 'api', user_id: some_admin_user.id) ) + # + # @example + # authenticated_as(nil, login: 'not_existing', password: 'wrongpw' ) + # # @return nil - def authenticated_as(user) + def authenticated_as(user, login: nil, password: nil, token: nil, on_behalf_of: nil) + password ||= user.password + login ||= user.login + # mock authentication otherwise login won't # if user has no password (which is expensive to create) - if user.password.nil? - allow(User).to receive(:authenticate).with(user.login, '').and_return(user) + if password.nil? + allow(User).to receive(:authenticate).with(login, '').and_return(user) end - credentials = ActionController::HttpAuthentication::Basic.encode_credentials(user.login, user.password) - add_headers('Authorization' => credentials) + # if we want to authenticate by token + if token.present? + credentials = "Token token=#{token.name}" + + return add_headers('Authorization' => credentials) + end + + credentials = ActionController::HttpAuthentication::Basic.encode_credentials(login, password) + add_headers('Authorization' => credentials, 'X-On-Behalf-Of' => on_behalf_of) end # Provides a Hash of attributes for the given FactoryBot @@ -106,4 +128,8 @@ end RSpec.configure do |config| config.include ZammadSpecSupportRequest, type: :request + + config.before(:each, type: :request) do + Setting.set('system_init_done', true) + end end diff --git a/spec/support/searchindex_backend.rb b/spec/support/searchindex_backend.rb new file mode 100644 index 000000000..263dbf1c9 --- /dev/null +++ b/spec/support/searchindex_backend.rb @@ -0,0 +1,56 @@ +require 'rake' + +module SearchindexBackendHelper + + def configure_elasticsearch(required: false) + if ENV['ES_URL'].blank? + return if !required + raise "ERROR: Need ES_URL - hint ES_URL='http://127.0.0.1:9200'" + end + + Setting.set('es_url', ENV['ES_URL']) + + # Setting.set('es_url', 'http://127.0.0.1:9200') + # Setting.set('es_index', 'estest.local_zammad') + # Setting.set('es_user', 'elasticsearch') + # Setting.set('es_password', 'zammad') + + if ENV['ES_INDEX_RAND'].present? + rand_id = ENV.fetch('CI_JOB_ID', "r#{rand(999)}") + test_method_name = subject.gsub(/[^\w]/, '_') + ENV['ES_INDEX'] = "es_index_#{test_method_name}_#{rand_id}_#{rand(999_999_999)}" + end + if ENV['ES_INDEX'].blank? + raise "ERROR: Need ES_INDEX - hint ES_INDEX='estest.local_zammad'" + end + Setting.set('es_index', ENV['ES_INDEX']) + + # set max attachment size in mb + Setting.set('es_attachment_max_size_in_mb', 1) + + yield if block_given? + end + + def rebuild_searchindex + Rake::Task.clear + Zammad::Application.load_tasks + Rake::Task['searchindex:rebuild'].execute + end + + def self.included(base) + + # Execute in RSpec class context + base.class_exec do + + after(:each) do + next if ENV['ES_URL'].blank? + + Rake::Task['searchindex:drop'].execute + end + end + end +end + +RSpec.configure do |config| + config.include SearchindexBackendHelper, searchindex: true +end diff --git a/test/controllers/api_auth_controller_test.rb b/test/controllers/api_auth_controller_test.rb deleted file mode 100644 index c60162269..000000000 --- a/test/controllers/api_auth_controller_test.rb +++ /dev/null @@ -1,443 +0,0 @@ - -require 'test_helper' - -class ApiAuthControllerTest < ActionDispatch::IntegrationTest - setup do - - # set accept header - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - - # create agent - roles = Role.where(name: %w[Admin Agent]) - groups = Group.all - - UserInfo.current_user_id = 1 - @admin = User.create!( - login: 'api-admin', - firstname: 'API', - lastname: 'Admin', - email: 'api-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - # create agent - roles = Role.where(name: 'Agent') - @agent = User.create!( - login: 'api-agent@example.com', - firstname: 'API', - lastname: 'Agent', - email: 'api-agent@example.com', - password: 'agentpw', - active: true, - roles: roles, - groups: groups, - ) - - # create customer without org - roles = Role.where(name: 'Customer') - @customer = User.create!( - login: 'api-customer1@example.com', - firstname: 'API', - lastname: 'Customer1', - email: 'api-customer1@example.com', - password: 'customer1pw', - active: true, - roles: roles, - ) - - end - - test 'basic auth - admin' do - - admin_credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-admin@example.com', 'adminpw') - - Setting.set('api_password_access', false) - get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials) - assert_response(401) - assert_not(@response.header.key?('Access-Control-Allow-Origin')) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('API password access disabled!', result['error']) - - Setting.set('api_password_access', true) - get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials) - assert_response(200) - assert_equal('*', @response.header['Access-Control-Allow-Origin']) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result) - end - - test 'basic auth - agent' do - - agent_credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-agent@example.com', 'agentpw') - - Setting.set('api_password_access', false) - get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => agent_credentials) - assert_response(401) - assert_not(@response.header.key?('Access-Control-Allow-Origin')) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('API password access disabled!', result['error']) - - Setting.set('api_password_access', true) - get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => agent_credentials) - assert_response(200) - assert_equal('*', @response.header['Access-Control-Allow-Origin']) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert(result) - end - - test 'basic auth - customer' do - - customer_credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-customer1@example.com', 'customer1pw') - - Setting.set('api_password_access', false) - get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => customer_credentials) - assert_response(401) - assert_not(@response.header.key?('Access-Control-Allow-Origin')) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('API password access disabled!', result['error']) - - Setting.set('api_password_access', true) - get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => customer_credentials) - assert_response(200) - assert_equal('*', @response.header['Access-Control-Allow-Origin']) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert(result) - end - - test 'token auth - admin' do - - admin_token = Token.create( - action: 'api', - persistent: true, - user_id: @admin.id, - preferences: { - permission: ['admin.session'], - }, - ) - admin_credentials = "Token token=#{admin_token.name}" - - Setting.set('api_token_access', false) - get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials) - assert_response(401) - assert_not(@response.header.key?('Access-Control-Allow-Origin')) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('API token access disabled!', result['error']) - - Setting.set('api_token_access', true) - get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials) - assert_response(200) - assert_equal('*', @response.header['Access-Control-Allow-Origin']) - - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result) - - admin_token.preferences[:permission] = ['admin.session_not_existing'] - admin_token.save! - - get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Not authorized (token)!', result['error']) - - admin_token.preferences[:permission] = [] - admin_token.save! - - get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Not authorized (token)!', result['error']) - - @admin.active = false - @admin.save! - - get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('User is inactive!', result['error']) - - admin_token.preferences[:permission] = ['admin.session'] - admin_token.save! - - get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('User is inactive!', result['error']) - - @admin.active = true - @admin.save! - - get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result) - - get '/api/v1/roles', params: {}, headers: @headers.merge('Authorization' => admin_credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Not authorized (token)!', result['error']) - - admin_token.preferences[:permission] = ['admin.session_not_existing', 'admin.role'] - admin_token.save! - - get '/api/v1/roles', params: {}, headers: @headers.merge('Authorization' => admin_credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert(result) - - admin_token.preferences[:permission] = ['ticket.agent'] - admin_token.save! - - get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => admin_credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert(result) - - name = "some org name #{rand(999_999_999)}" - post '/api/v1/organizations', params: { name: name }.to_json, headers: @headers.merge('Authorization' => admin_credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(name, result['name']) - assert(result) - - name = "some org name #{rand(999_999_999)} - 2" - put "/api/v1/organizations/#{result['id']}", params: { name: name }.to_json, headers: @headers.merge('Authorization' => admin_credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(name, result['name']) - assert(result) - - admin_token.preferences[:permission] = ['admin.organization'] - admin_token.save! - - get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => admin_credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert(result) - - name = "some org name #{rand(999_999_999)}" - post '/api/v1/organizations', params: { name: name }.to_json, headers: @headers.merge('Authorization' => admin_credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(name, result['name']) - assert(result) - - name = "some org name #{rand(999_999_999)} - 2" - put "/api/v1/organizations/#{result['id']}", params: { name: name }.to_json, headers: @headers.merge('Authorization' => admin_credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(name, result['name']) - assert(result) - - admin_token.preferences[:permission] = ['admin'] - admin_token.save! - - get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => admin_credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert(result) - - name = "some org name #{rand(999_999_999)}" - post '/api/v1/organizations', params: { name: name }.to_json, headers: @headers.merge('Authorization' => admin_credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(name, result['name']) - assert(result) - - name = "some org name #{rand(999_999_999)} - 2" - put "/api/v1/organizations/#{result['id']}", params: { name: name }.to_json, headers: @headers.merge('Authorization' => admin_credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(name, result['name']) - assert(result) - - end - - test 'token auth - agent' do - - agent_token = Token.create( - action: 'api', - persistent: true, - user_id: @agent.id, - ) - agent_credentials = "Token token=#{agent_token.name}" - - Setting.set('api_token_access', false) - get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => agent_credentials) - assert_response(401) - assert_not(@response.header.key?('Access-Control-Allow-Origin')) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('API token access disabled!', result['error']) - - Setting.set('api_token_access', true) - get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => agent_credentials) - assert_response(200) - assert_equal('*', @response.header['Access-Control-Allow-Origin']) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert(result) - - get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => agent_credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert(result) - - name = "some org name #{rand(999_999_999)}" - post '/api/v1/organizations', params: { name: name }.to_json, headers: @headers.merge('Authorization' => agent_credentials) - assert_response(401) - - end - - test 'token auth - customer' do - - customer_token = Token.create( - action: 'api', - persistent: true, - user_id: @customer.id, - ) - customer_credentials = "Token token=#{customer_token.name}" - - Setting.set('api_token_access', false) - get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => customer_credentials) - assert_response(401) - assert_not(@response.header.key?('Access-Control-Allow-Origin')) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('API token access disabled!', result['error']) - - Setting.set('api_token_access', true) - get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => customer_credentials) - assert_equal('*', @response.header['Access-Control-Allow-Origin']) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert(result) - - get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => customer_credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert(result) - - name = "some org name #{rand(999_999_999)}" - post '/api/v1/organizations', params: { name: name }.to_json, headers: @headers.merge('Authorization' => customer_credentials) - assert_response(401) - end - - test 'token auth - invalid user - admin' do - - admin_token = Token.create( - action: 'api', - persistent: true, - user_id: @admin.id, - ) - admin_credentials = "Token token=#{admin_token.name}" - - @admin.active = false - @admin.save! - - Setting.set('api_token_access', false) - get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials) - assert_response(401) - assert_not(@response.header.key?('Access-Control-Allow-Origin')) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('API token access disabled!', result['error']) - - Setting.set('api_token_access', true) - get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials) - assert_response(401) - assert_not(@response.header.key?('Access-Control-Allow-Origin')) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('User is inactive!', result['error']) - end - - test 'token auth - expired' do - - Setting.set('api_token_access', true) - - admin_token = Token.create( - action: 'api', - persistent: true, - user_id: @admin.id, - expires_at: Time.zone.today - ) - admin_credentials = "Token token=#{admin_token.name}" - - get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => admin_credentials) - assert_response(401) - assert_not(@response.header.key?('Access-Control-Allow-Origin')) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Not authorized (token expired)!', result['error']) - - admin_token.reload - assert_in_delta(admin_token.last_used_at, Time.zone.now, 1.second) - end - - test 'token auth - not expired' do - - Setting.set('api_token_access', true) - - admin_token = Token.create( - action: 'api', - persistent: true, - user_id: @admin.id, - expires_at: Time.zone.tomorrow - ) - admin_credentials = "Token token=#{admin_token.name}" - - get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => admin_credentials) - assert_response(200) - assert_equal('*', @response.header['Access-Control-Allow-Origin']) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert(result) - - admin_token.reload - assert_in_delta(admin_token.last_used_at, Time.zone.now, 1.second) - end - - test 'session auth - admin' do - - post '/api/v1/signin', params: { username: 'api-admin@example.com', password: 'adminpw', fingerprint: '123456789' } - assert_not(@response.header.key?('Access-Control-Allow-Origin')) - assert_response(201) - - get '/api/v1/sessions', params: {} - assert_response(200) - assert_not(@response.header.key?('Access-Control-Allow-Origin')) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result) - end -end diff --git a/test/controllers/api_auth_on_behalf_of_controller_test.rb b/test/controllers/api_auth_on_behalf_of_controller_test.rb deleted file mode 100644 index 492aaed27..000000000 --- a/test/controllers/api_auth_on_behalf_of_controller_test.rb +++ /dev/null @@ -1,231 +0,0 @@ - -require 'test_helper' - -class ApiAuthControllerTest < ActionDispatch::IntegrationTest - setup do - - # set accept header - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - - # create agent - roles = Role.where(name: %w[Admin Agent]) - groups = Group.all - - UserInfo.current_user_id = 1 - @admin = User.create!( - login: 'api-admin-auth-behalf', - firstname: 'API', - lastname: 'Admin', - email: 'api-admin-auth-behalf@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - # create customer without org - roles = Role.where(name: 'Customer') - @customer = User.create!( - login: 'api-customer1-auth-behalf@example.com', - firstname: 'API', - lastname: 'Customer1', - email: 'api-customer1-auth-behalf@example.com', - password: 'customer1pw', - active: true, - roles: roles, - ) - - end - - test 'X-On-Behalf-Of auth - ticket create admin for customer by id' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-admin-auth-behalf@example.com', 'adminpw') - - ticket_create_headers = @headers.merge( - 'Authorization' => credentials, - 'X-On-Behalf-Of' => @customer.id, - ) - - params = { - title: 'a new ticket #3', - group: 'Users', - priority: '2 normal', - state: 'new', - customer_id: @customer.id, - article: { - body: 'some test 123', - }, - } - post '/api/v1/tickets', params: params.to_json, headers: ticket_create_headers - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(result['created_by_id'], @customer.id) - end - - test 'X-On-Behalf-Of auth - ticket create admin for customer by login' do - ActivityStream.cleanup(1.year) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-admin-auth-behalf@example.com', 'adminpw') - - ticket_create_headers = @headers.merge( - 'Authorization' => credentials, - 'X-On-Behalf-Of' => @customer.login, - ) - admin_headers = @headers.merge( - 'Authorization' => credentials, - ) - - params = { - title: 'a new ticket #3', - group: 'Users', - priority: '2 normal', - state: 'new', - customer_id: @customer.id, - article: { - body: 'some test 123', - }, - } - post '/api/v1/tickets', params: params.to_json, headers: ticket_create_headers - assert_response(201) - result_ticket_create = JSON.parse(@response.body) - assert_equal(Hash, result_ticket_create.class) - assert_equal(result_ticket_create['created_by_id'], @customer.id) - - get '/api/v1/activity_stream?full=true', params: {}, headers: admin_headers - assert_response(200) - result_activity_stream = JSON.parse(@response.body) - assert_equal(Hash, result_activity_stream.class) - - ticket_created = nil - result_activity_stream['record_ids'].each do |record_id| - activity_stream = ActivityStream.find(record_id) - next if activity_stream.object.name != 'Ticket' - next if activity_stream.o_id != result_ticket_create['id'] - ticket_created = activity_stream - end - - assert(ticket_created) - assert_equal(ticket_created.created_by_id, @customer.id) - - get '/api/v1/activity_stream', params: {}, headers: admin_headers - assert_response(200) - result_activity_stream = JSON.parse(@response.body) - assert_equal(Array, result_activity_stream.class) - - ticket_created = nil - result_activity_stream.each do |record| - activity_stream = ActivityStream.find(record['id']) - next if activity_stream.object.name != 'Ticket' - next if activity_stream.o_id != result_ticket_create['id'] - ticket_created = activity_stream - end - - assert(ticket_created) - assert_equal(ticket_created.created_by_id, @customer.id) - - end - - test 'X-On-Behalf-Of auth - ticket create admin for customer by email' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-admin-auth-behalf@example.com', 'adminpw') - - ticket_create_headers = @headers.merge( - 'Authorization' => credentials, - 'X-On-Behalf-Of' => @customer.email, - ) - - params = { - title: 'a new ticket #3', - group: 'Users', - priority: '2 normal', - state: 'new', - customer_id: @customer.id, - article: { - body: 'some test 123', - }, - } - post '/api/v1/tickets', params: params.to_json, headers: ticket_create_headers - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(result['created_by_id'], @customer.id) - end - - test 'X-On-Behalf-Of auth - ticket create admin for unknown' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-admin-auth-behalf@example.com', 'adminpw') - - ticket_create_headers = @headers.merge( - 'Authorization' => credentials, - 'X-On-Behalf-Of' => 99_449_494_949, - ) - - params = { - title: 'a new ticket #3', - group: 'Users', - priority: '2 normal', - state: 'new', - customer_id: @customer.id, - article: { - body: 'some test 123', - }, - } - post '/api/v1/tickets', params: params.to_json, headers: ticket_create_headers - assert_response(401) - assert_not(@response.header.key?('Access-Control-Allow-Origin')) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal("No such user '99449494949'", result['error']) - end - - test 'X-On-Behalf-Of auth - ticket create customer for admin' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-customer1-auth-behalf@example.com', 'customer1pw') - - ticket_create_headers = @headers.merge( - 'Authorization' => credentials, - 'X-On-Behalf-Of' => @admin.email, - ) - - params = { - title: 'a new ticket #3', - group: 'Users', - priority: '2 normal', - state: 'new', - customer_id: @customer.id, - article: { - body: 'some test 123', - }, - } - post '/api/v1/tickets', params: params.to_json, headers: ticket_create_headers - assert_response(401) - assert_not(@response.header.key?('Access-Control-Allow-Origin')) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal("Current user has no permission to use 'X-On-Behalf-Of'!", result['error']) - end - - test 'X-On-Behalf-Of auth - ticket create admin for customer by email but no permitted action' do - group_secret = Group.new(name: 'secret1234') - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-admin-auth-behalf@example.com', 'adminpw') - - ticket_create_headers = @headers.merge( - 'Authorization' => credentials, - 'X-On-Behalf-Of' => @customer.email, - ) - - params = { - title: 'a new ticket #3', - group: group_secret.name, - priority: '2 normal', - state: 'new', - customer_id: @customer.id, - article: { - body: 'some test 123', - }, - } - post '/api/v1/tickets', params: params.to_json, headers: ticket_create_headers - assert_response(422) - assert_not(@response.header.key?('Access-Control-Allow-Origin')) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('No lookup value found for \'group\': "secret1234"', result['error']) - end -end diff --git a/test/controllers/basic_controller_test.rb b/test/controllers/basic_controller_test.rb deleted file mode 100644 index da6306be3..000000000 --- a/test/controllers/basic_controller_test.rb +++ /dev/null @@ -1,121 +0,0 @@ - -require 'test_helper' - -class BasicControllerTest < ActionDispatch::IntegrationTest - - test 'json requests' do - - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - - # 404 - get '/not_existing_url', params: {}, headers: @headers - assert_response(404) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert(result['error'], 'No route matches [GET] /not_existing_url') - - # 401 - get '/api/v1/organizations', params: {}, headers: @headers - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert(result['error'], 'authentication failed') - - # 422 - get '/tests/unprocessable_entity', params: {}, headers: @headers - assert_response(422) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert(result['error'], 'some error message') - - # 401 - get '/tests/not_authorized', params: {}, headers: @headers - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert(result['error'], 'some error message') - - # 401 - get '/tests/ar_not_found', params: {}, headers: @headers - assert_response(404) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert(result['error'], 'some error message') - - # 500 - get '/tests/standard_error', params: {}, headers: @headers - assert_response(500) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert(result['error'], 'some error message') - - # 422 - get '/tests/argument_error', params: {}, headers: @headers - assert_response(422) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert(result['error'], 'some error message') - - end - - test 'html requests' do - - # 404 - get '/not_existing_url', params: {}, headers: @headers - assert_response(404) - assert_match(/404: Not Found}, @response.body) - assert_match(%r{

404: Requested Ressource was not found.

}, @response.body) - assert_match(%r{No route matches \[GET\] /not_existing_url}, @response.body) - - # 401 - get '/api/v1/organizations', params: {}, headers: @headers - assert_response(401) - assert_match(/401: Unauthorized}, @response.body) - assert_match(%r{

401: Unauthorized

}, @response.body) - assert_match(/authentication failed/, @response.body) - - # 422 - get '/tests/unprocessable_entity', params: {}, headers: @headers - assert_response(422) - assert_match(/422: Unprocessable Entity}, @response.body) - assert_match(%r{

422: The change you wanted was rejected.

}, @response.body) - assert_match(/some error message/, @response.body) - - # 401 - get '/tests/not_authorized', params: {}, headers: @headers - assert_response(401) - assert_match(/401: Unauthorized}, @response.body) - assert_match(%r{

401: Unauthorized

}, @response.body) - assert_match(/some error message/, @response.body) - - # 401 - get '/tests/ar_not_found', params: {}, headers: @headers - assert_response(404) - assert_match(/404: Not Found}, @response.body) - assert_match(%r{

404: Requested Ressource was not found.

}, @response.body) - assert_match(/some error message/, @response.body) - - # 500 - get '/tests/standard_error', params: {}, headers: @headers - assert_response(500) - assert_match(/500: Something went wrong}, @response.body) - assert_match(%r{

500: We're sorry, but something went wrong.

}, @response.body) - assert_match(/some error message/, @response.body) - - # 422 - get '/tests/argument_error', params: {}, headers: @headers - assert_response(422) - assert_match(/422: Unprocessable Entity}, @response.body) - assert_match(%r{

422: The change you wanted was rejected.

}, @response.body) - assert_match(/some error message/, @response.body) - - end - -end diff --git a/test/controllers/calendar_controller_test.rb b/test/controllers/calendar_controller_test.rb deleted file mode 100644 index 927b952cd..000000000 --- a/test/controllers/calendar_controller_test.rb +++ /dev/null @@ -1,90 +0,0 @@ - -require 'test_helper' - -class CalendarControllerTest < ActionDispatch::IntegrationTest - setup do - - # set accept header - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - - # create agent - roles = Role.where(name: %w[Admin Agent]) - groups = Group.all - - UserInfo.current_user_id = 1 - @admin = User.create!( - login: 'calendar-admin', - firstname: 'Packages', - lastname: 'Admin', - email: 'calendar-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - end - - test '01 calendar index with nobody' do - - get '/api/v1/calendars', params: {}, headers: @headers - assert_response(401) - - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('authentication failed', result['error']) - - get '/api/v1/calendars_init', params: {}, headers: @headers - assert_response(401) - - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('authentication failed', result['error']) - end - - test '02 calendar index with admin' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('calendar-admin@example.com', 'adminpw') - - # index - get '/api/v1/calendars', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert(result) - assert_equal(1, result.count) - - get '/api/v1/calendars?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert(result) - assert_equal(1, result.count) - - get '/api/v1/calendars?full=true', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result) - assert(result['record_ids']) - assert_equal(1, result['record_ids'].count) - assert(result['assets']) - assert(result['assets'].present?) - - # index - get '/api/v1/calendars_init', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result['record_ids']) - assert(result['ical_feeds']) - assert_equal('Denmark', result['ical_feeds']['http://www.google.com/calendar/ical/da.danish%23holiday%40group.v.calendar.google.com/public/basic.ics']) - assert_equal('Austria', result['ical_feeds']['http://www.google.com/calendar/ical/de.austrian%23holiday%40group.v.calendar.google.com/public/basic.ics']) - assert(result['timezones']) - assert_equal(2, result['timezones']['Africa/Johannesburg']) - assert_equal(-8, result['timezones']['America/Sitka']) - assert(result['assets']) - - end - -end diff --git a/test/controllers/calendars_controller_test.rb b/test/controllers/calendars_controller_test.rb deleted file mode 100644 index 4f1938a96..000000000 --- a/test/controllers/calendars_controller_test.rb +++ /dev/null @@ -1,90 +0,0 @@ - -require 'test_helper' - -class CalendarsControllerTest < ActionDispatch::IntegrationTest - setup do - - # set accept header - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - - # create agent - roles = Role.where(name: %w[Admin Agent]) - groups = Group.all - - UserInfo.current_user_id = 1 - @admin = User.create!( - login: 'calendar-admin', - firstname: 'Packages', - lastname: 'Admin', - email: 'calendar-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - end - - test '01 calendar index with nobody' do - - get '/api/v1/calendars', params: {}, headers: @headers - assert_response(401) - - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('authentication failed', result['error']) - - get '/api/v1/calendars_init', params: {}, headers: @headers - assert_response(401) - - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('authentication failed', result['error']) - end - - test '02 calendar index with admin' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('calendar-admin@example.com', 'adminpw') - - # index - get '/api/v1/calendars', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert(result) - assert_equal(1, result.count) - - get '/api/v1/calendars?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert(result) - assert_equal(1, result.count) - - get '/api/v1/calendars?full=true', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result) - assert(result['record_ids']) - assert_equal(1, result['record_ids'].count) - assert(result['assets']) - assert(result['assets'].present?) - - # index - get '/api/v1/calendars_init', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result['record_ids']) - assert(result['ical_feeds']) - assert_equal('Denmark', result['ical_feeds']['http://www.google.com/calendar/ical/da.danish%23holiday%40group.v.calendar.google.com/public/basic.ics']) - assert_equal('Austria', result['ical_feeds']['http://www.google.com/calendar/ical/de.austrian%23holiday%40group.v.calendar.google.com/public/basic.ics']) - assert(result['timezones']) - assert_equal(2, result['timezones']['Africa/Johannesburg']) - assert_equal(-8, result['timezones']['America/Sitka']) - assert(result['assets']) - - end - -end diff --git a/test/controllers/form_controller_test.rb b/test/controllers/form_controller_test.rb deleted file mode 100644 index 69d47de62..000000000 --- a/test/controllers/form_controller_test.rb +++ /dev/null @@ -1,244 +0,0 @@ -require 'test_helper' - -class FormControllerTest < ActionDispatch::IntegrationTest - include SearchindexHelper - - setup do - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json', 'REMOTE_ADDR' => '1.2.3.4' } - - configure_elasticsearch - - Ticket.destroy_all - - rebuild_searchindex - end - - test '01 - get config call' do - post '/api/v1/form_config', params: {}.to_json, headers: @headers - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['error'], 'Not authorized') - end - - test '02 - get config call' do - Setting.set('form_ticket_create', true) - post '/api/v1/form_config', params: {}.to_json, headers: @headers - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['error'], 'Not authorized') - - end - - test '03 - get config call & do submit' do - Setting.set('form_ticket_create', true) - fingerprint = SecureRandom.hex(40) - post '/api/v1/form_config', params: { fingerprint: fingerprint }.to_json, headers: @headers - - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['enabled'], true) - assert_equal(result['endpoint'], 'http://zammad.example.com/api/v1/form_submit') - assert(result['token']) - token = result['token'] - - post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: 'invalid' }.to_json, headers: @headers - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['error'], 'Not authorized') - - post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token }.to_json, headers: @headers - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - - assert(result['errors']) - assert_equal(result['errors']['name'], 'required') - assert_equal(result['errors']['email'], 'required') - assert_equal(result['errors']['title'], 'required') - assert_equal(result['errors']['body'], 'required') - - post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, email: 'some' }.to_json, headers: @headers - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - - assert(result['errors']) - assert_equal(result['errors']['name'], 'required') - assert_equal(result['errors']['email'], 'invalid') - assert_equal(result['errors']['title'], 'required') - assert_equal(result['errors']['body'], 'required') - - post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }.to_json, headers: @headers - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - - assert_not(result['errors']) - assert(result['ticket']) - assert(result['ticket']['id']) - assert(result['ticket']['number']) - - travel 5.hours - - post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }.to_json, headers: @headers - - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - - assert_not(result['errors']) - assert(result['ticket']) - assert(result['ticket']['id']) - assert(result['ticket']['number']) - - travel 20.hours - - post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }.to_json, headers: @headers - assert_response(401) - - end - - test '04 - get config call & do submit' do - Setting.set('form_ticket_create', true) - fingerprint = SecureRandom.hex(40) - post '/api/v1/form_config', params: { fingerprint: fingerprint }.to_json, headers: @headers - - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['enabled'], true) - assert_equal(result['endpoint'], 'http://zammad.example.com/api/v1/form_submit') - assert(result['token']) - token = result['token'] - - post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: 'invalid' }.to_json, headers: @headers - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['error'], 'Not authorized') - - post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token }.to_json, headers: @headers - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - - assert(result['errors']) - assert_equal(result['errors']['name'], 'required') - assert_equal(result['errors']['email'], 'required') - assert_equal(result['errors']['title'], 'required') - assert_equal(result['errors']['body'], 'required') - - post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, email: 'some' }.to_json, headers: @headers - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - - assert(result['errors']) - assert_equal(result['errors']['name'], 'required') - assert_equal(result['errors']['email'], 'invalid') - assert_equal(result['errors']['title'], 'required') - assert_equal(result['errors']['body'], 'required') - - post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'somebody@example.com', title: 'test', body: 'hello' }.to_json, headers: @headers - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - - assert(result['errors']) - assert_equal(result['errors']['email'], 'invalid') - - end - - test '05 - limits' do - return if !SearchIndexBackend.enabled? - - Setting.set('form_ticket_create', true) - fingerprint = SecureRandom.hex(40) - post '/api/v1/form_config', params: { fingerprint: fingerprint }.to_json, headers: @headers - - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['enabled'], true) - assert_equal(result['endpoint'], 'http://zammad.example.com/api/v1/form_submit') - assert(result['token']) - token = result['token'] - - (1..20).each do |count| - travel 10.seconds - post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: "test#{count}", body: 'hello' }.to_json, headers: @headers - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - - assert_not(result['errors']) - assert(result['ticket']) - assert(result['ticket']['id']) - assert(result['ticket']['number']) - Scheduler.worker(true) - sleep 1 # wait until elasticsearch is index - end - - sleep 10 # wait until elasticsearch is index - - post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test-last', body: 'hello' }.to_json, headers: @headers - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert(result['error']) - - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json', 'REMOTE_ADDR' => '1.2.3.5' } - - (1..20).each do |count| - travel 10.seconds - post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: "test-2-#{count}", body: 'hello' }.to_json, headers: @headers - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - - assert_not(result['errors']) - assert(result['ticket']) - assert(result['ticket']['id']) - assert(result['ticket']['number']) - Scheduler.worker(true) - sleep 1 # wait until elasticsearch is index - end - - sleep 10 # wait until elasticsearch is index - - post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test-2-last', body: 'hello' }.to_json, headers: @headers - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert(result['error']) - end - - test '06 - customer_ticket_create false disables form' do - Setting.set('form_ticket_create', false) - Setting.set('customer_ticket_create', true) - - fingerprint = SecureRandom.hex(40) - - post '/api/v1/form_config', params: { fingerprint: fingerprint }.to_json, headers: @headers - - result = JSON.parse(@response.body) - token = result['token'] - params = { - fingerprint: fingerprint, - token: token, - name: 'Bob Smith', - email: 'discard@znuny.com', - title: 'test', - body: 'hello' - } - - post '/api/v1/form_submit', params: params.to_json, headers: @headers - - assert_response(401) - end - -end diff --git a/test/controllers/integration_check_mk_controller_test.rb b/test/controllers/integration_check_mk_controller_test.rb deleted file mode 100644 index d14a7534a..000000000 --- a/test/controllers/integration_check_mk_controller_test.rb +++ /dev/null @@ -1,270 +0,0 @@ - -require 'test_helper' - -class IntegationCheckMkControllerTest < ActionDispatch::IntegrationTest - setup do - token = SecureRandom.urlsafe_base64(16) - Setting.set('check_mk_token', token) - Setting.set('check_mk_integration', true) - end - - test '01 without token' do - post '/api/v1/integration/check_mk/', params: {} - assert_response(404) - end - - test '01 invalid token & enabled feature' do - post '/api/v1/integration/check_mk/invalid_token', params: {} - assert_response(422) - - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Invalid token!', result['error']) - end - - test '01 invalid token & disabled feature' do - Setting.set('check_mk_integration', false) - - post '/api/v1/integration/check_mk/invalid_token', params: {} - assert_response(422) - - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Feature is disable, please contact your admin to enable it!', result['error']) - end - - test '02 ticket create & close' do - params = { - event_id: '123', - state: 'down', - host: 'some host', - service: 'some service', - } - post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params - assert_response(200) - - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert(result['result']) - assert(result['ticket_id']) - assert(result['ticket_number']) - - ticket = Ticket.find(result['ticket_id']) - assert_equal('new', ticket.state.name) - assert_equal(1, ticket.articles.count) - - params = { - event_id: '123', - state: 'up', - host: 'some host', - service: 'some service', - } - post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params - assert_response(200) - - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert(result['result']) - assert(result['ticket_ids'].include?(ticket.id)) - - ticket.reload - assert_equal('closed', ticket.state.name) - assert_equal(2, ticket.articles.count) - end - - test '02 ticket create & create & auto close' do - params = { - event_id: '123', - state: 'down', - host: 'some host', - service: 'some service', - } - post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params - assert_response(200) - - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert(result['result']) - assert(result['ticket_id']) - assert(result['ticket_number']) - - ticket = Ticket.find(result['ticket_id']) - assert_equal('new', ticket.state.name) - assert_equal(1, ticket.articles.count) - - params = { - event_id: '123', - state: 'down', - host: 'some host', - service: 'some service', - } - post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params - assert_response(200) - - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert_equal('ticket already open, added note', result['result']) - assert(result['ticket_ids'].include?(ticket.id)) - - ticket.reload - assert_equal('new', ticket.state.name) - assert_equal(2, ticket.articles.count) - - params = { - event_id: '123', - state: 'up', - host: 'some host', - service: 'some service', - } - post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params - assert_response(200) - - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert(result['result']) - assert(result['ticket_ids'].include?(ticket.id)) - - ticket.reload - assert_equal('closed', ticket.state.name) - assert_equal(3, ticket.articles.count) - end - - test '02 ticket close' do - params = { - event_id: '123', - state: 'up', - host: 'some host', - service: 'some service', - } - post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params - assert_response(200) - - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert_equal('no open tickets found, ignore action', result['result']) - end - - test '02 ticket create & create & no auto close' do - Setting.set('check_mk_auto_close', false) - params = { - event_id: '123', - state: 'down', - host: 'some host', - service: 'some service', - } - post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params - assert_response(200) - - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert(result['result']) - assert(result['ticket_id']) - assert(result['ticket_number']) - - ticket = Ticket.find(result['ticket_id']) - assert_equal('new', ticket.state.name) - assert_equal(1, ticket.articles.count) - - params = { - event_id: '123', - state: 'down', - host: 'some host', - service: 'some service', - } - post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params - assert_response(200) - - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert_equal('ticket already open, added note', result['result']) - assert(result['ticket_ids'].include?(ticket.id)) - - ticket.reload - assert_equal('new', ticket.state.name) - assert_equal(2, ticket.articles.count) - - params = { - event_id: '123', - state: 'up', - host: 'some host', - service: 'some service', - } - post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params - assert_response(200) - - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert_equal('ticket already open, added note', result['result']) - assert(result['ticket_ids'].include?(ticket.id)) - - ticket.reload - assert_equal('new', ticket.state.name) - assert_equal(3, ticket.articles.count) - end - - test '02 ticket create & create & auto close - host only' do - params = { - event_id: '123', - state: 'down', - host: 'some host', - } - post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params - assert_response(200) - - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert(result['result']) - assert(result['ticket_id']) - assert(result['ticket_number']) - - ticket = Ticket.find(result['ticket_id']) - assert_equal('new', ticket.state.name) - assert_equal(1, ticket.articles.count) - - params = { - event_id: '123', - state: 'down', - host: 'some host', - } - post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params - assert_response(200) - - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert_equal('ticket already open, added note', result['result']) - assert(result['ticket_ids'].include?(ticket.id)) - - ticket.reload - assert_equal('new', ticket.state.name) - assert_equal(2, ticket.articles.count) - - params = { - event_id: '123', - state: 'up', - host: 'some host', - } - post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params - assert_response(200) - - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert(result['result']) - assert(result['ticket_ids'].include?(ticket.id)) - - ticket.reload - assert_equal('closed', ticket.state.name) - assert_equal(3, ticket.articles.count) - end -end diff --git a/test/controllers/integration_cti_controller_test.rb b/test/controllers/integration_cti_controller_test.rb deleted file mode 100644 index 8e92f911c..000000000 --- a/test/controllers/integration_cti_controller_test.rb +++ /dev/null @@ -1,508 +0,0 @@ - -require 'test_helper' -require 'rexml/document' - -class IntegrationCtiControllerTest < ActionDispatch::IntegrationTest - setup do - - Cti::Log.destroy_all - - Setting.set('cti_integration', true) - Setting.set('cti_config', { - outbound: { - routing_table: [ - { - dest: '41*', - caller_id: '41715880339000', - }, - { - dest: '491714000000', - caller_id: '41715880339000', - }, - ], - default_caller_id: '4930777000000', - }, - inbound: { - block_caller_ids: [ - { - caller_id: '491715000000', - note: 'some note', - } - ], - notify_user_ids: { - 2 => true, - 4 => false, - }, - } - },) - - groups = Group.where(name: 'Users') - roles = Role.where(name: %w[Agent]) - agent = User.create_or_update( - login: 'cti-agent@example.com', - firstname: 'E', - lastname: 'S', - email: 'cti-agent@example.com', - password: 'agentpw', - active: true, - roles: roles, - groups: groups, - updated_by_id: 1, - created_by_id: 1, - ) - - customer1 = User.create_or_update( - login: 'ticket-caller_id_cti-customer1@example.com', - firstname: 'CallerId', - lastname: 'Customer1', - email: 'ticket-caller_id_cti-customer1@example.com', - password: 'customerpw', - active: true, - phone: '+49 99999 222222', - fax: '+49 99999 222223', - mobile: '+4912347114711', - note: 'Phone at home: +49 99999 222224', - updated_by_id: 1, - created_by_id: 1, - ) - customer2 = User.create_or_update( - login: 'ticket-caller_id_cti-customer2@example.com', - firstname: 'CallerId', - lastname: 'Customer2', - email: 'ticket-caller_id_cti-customer2@example.com', - password: 'customerpw', - active: true, - phone: '+49 99999 222222 2', - updated_by_id: 1, - created_by_id: 1, - ) - customer3 = User.create_or_update( - login: 'ticket-caller_id_cti-customer3@example.com', - firstname: 'CallerId', - lastname: 'Customer3', - email: 'ticket-caller_id_cti-customer3@example.com', - password: 'customerpw', - active: true, - phone: '+49 99999 222222 2', - updated_by_id: 1, - created_by_id: 1, - ) - Cti::CallerId.rebuild - - end - - test 'token check' do - params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&call_id=4991155921769858278-1&user%5B%5D=user+1&user%5B%5D=user+2' - post '/api/v1/cti/not_existing_token', params: params - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Invalid token, please contact your admin!', result['error']) - end - - test 'basic call' do - token = Setting.get('cti_token') - - # inbound - I - params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&call_id=4991155921769858278-1&user%5B%5D=user+1&user%5B%5D=user+2' - post "/api/v1/cti/#{token}", params: params - assert_response(200) - - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result.blank?) - - # inbound - II - block caller - params = 'event=newCall&direction=in&from=491715000000&to=4930600000000&call_id=4991155921769858278-2&user%5B%5D=user+1&user%5B%5D=user+2' - post "/api/v1/cti/#{token}", params: params - assert_response(200) - - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('reject', result['action']) - assert_equal('busy', result['reason']) - - # outbound - I - set default_caller_id - params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&call_id=8621106404543334274-3&user%5B%5D=user+1' - post "/api/v1/cti/#{token}", params: params - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('dial', result['action']) - assert_equal('4912347114711', result['number']) - assert_equal('4930777000000', result['caller_id']) - - # outbound - II - set caller_id based on routing_table by explicite number - params = 'event=newCall&direction=out&from=4930600000000&to=491714000000&call_id=8621106404543334274-4&user%5B%5D=user+1' - post "/api/v1/cti/#{token}", params: params - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('dial', result['action']) - assert_equal('491714000000', result['number']) - assert_equal('41715880339000', result['caller_id']) - - # outbound - III - set caller_id based on routing_table by 41* - params = 'event=newCall&direction=out&from=4930600000000&to=4147110000000&call_id=8621106404543334274-5&user%5B%5D=user+1' - post "/api/v1/cti/#{token}", params: params - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('dial', result['action']) - assert_equal('4147110000000', result['number']) - assert_equal('41715880339000', result['caller_id']) - - # no config - Setting.set('cti_config', {}) - params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&call_id=4991155921769858278-6&user%5B%5D=user+1&user%5B%5D=user+2' - post "/api/v1/cti/#{token}", params: params - assert_response(422) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Feature not configured, please contact your admin!', result['error']) - - end - - test 'log call' do - token = Setting.get('cti_token') - - # outbound - I - new call - params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&call_id=1234567890-1&user%5B%5D=user+1' - post "/api/v1/cti/#{token}", params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-1') - assert(log) - assert_equal('4930777000000', log.from) - assert_equal('4912347114711', log.to) - assert_equal('out', log.direction) - assert_equal('user 1', log.from_comment) - assert_equal('CallerId Customer1', log.to_comment) - assert_nil(log.comment) - assert_equal('newCall', log.state) - assert_equal(true, log.done) - assert(log.initialized_at) - assert_nil(log.start_at) - assert_nil(log.end_at) - assert_nil(log.duration_waiting_time) - assert_nil(log.duration_talking_time) - - # outbound - I - hangup by agent - params = 'event=hangup&direction=out&call_id=1234567890-1&cause=cancel' - post "/api/v1/cti/#{token}", params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-1') - assert(log) - assert_equal('4930777000000', log.from) - assert_equal('4912347114711', log.to) - assert_equal('out', log.direction) - assert_equal('user 1', log.from_comment) - assert_equal('CallerId Customer1', log.to_comment) - assert_equal('cancel', log.comment) - assert_equal('hangup', log.state) - assert_equal(true, log.done) - assert(log.initialized_at) - assert_nil(log.start_at) - assert(log.end_at) - assert(log.duration_waiting_time) - assert_nil(log.duration_talking_time) - - # outbound - II - new call - params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&call_id=1234567890-2&user%5B%5D=user+1' - post "/api/v1/cti/#{token}", params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-2') - assert(log) - assert_equal('4930777000000', log.from) - assert_equal('4912347114711', log.to) - assert_equal('out', log.direction) - assert_equal('user 1', log.from_comment) - assert_equal('CallerId Customer1', log.to_comment) - assert_nil(log.comment) - assert_equal('newCall', log.state) - assert_equal(true, log.done) - assert(log.initialized_at) - assert_nil(log.start_at) - assert_nil(log.end_at) - assert_nil(log.duration_waiting_time) - assert_nil(log.duration_talking_time) - - # outbound - II - answer by customer - params = 'event=answer&direction=out&call_id=1234567890-2&from=4930600000000&to=4912347114711' - post "/api/v1/cti/#{token}", params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-2') - assert(log) - assert_equal('4930777000000', log.from) - assert_equal('4912347114711', log.to) - assert_equal('out', log.direction) - assert_equal('user 1', log.from_comment) - assert_equal('CallerId Customer1', log.to_comment) - assert_nil(log.comment) - assert_equal('answer', log.state) - assert_equal(true, log.done) - assert(log.initialized_at) - assert(log.start_at) - assert_nil(log.end_at) - assert(log.duration_waiting_time) - assert_nil(log.duration_talking_time) - - # outbound - II - hangup by customer - params = 'event=hangup&direction=out&call_id=1234567890-2&cause=normalClearing&from=4930600000000&to=4912347114711' - post "/api/v1/cti/#{token}", params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-2') - assert(log) - assert_equal('4930777000000', log.from) - assert_equal('4912347114711', log.to) - assert_equal('out', log.direction) - assert_equal('user 1', log.from_comment) - assert_equal('CallerId Customer1', log.to_comment) - assert_equal('normalClearing', log.comment) - assert_equal('hangup', log.state) - assert_equal(true, log.done) - assert(log.initialized_at) - assert(log.start_at) - assert(log.end_at) - assert(log.duration_waiting_time) - assert(log.duration_talking_time) - - # inbound - I - new call - params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&call_id=1234567890-3&user%5B%5D=user+1' - post "/api/v1/cti/#{token}", params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-3') - assert(log) - assert_equal('4930600000000', log.to) - assert_equal('4912347114711', log.from) - assert_equal('in', log.direction) - assert_equal('user 1', log.to_comment) - assert_equal('CallerId Customer1', log.from_comment) - assert_nil(log.comment) - assert_equal('newCall', log.state) - assert_equal(false, log.done) - assert(log.initialized_at) - assert_nil(log.start_at) - assert_nil(log.end_at) - assert_nil(log.duration_waiting_time) - assert_nil(log.duration_talking_time) - - # inbound - I - answer by customer - params = 'event=answer&direction=in&call_id=1234567890-3&to=4930600000000&from=4912347114711' - post "/api/v1/cti/#{token}", params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-3') - assert(log) - assert_equal('4930600000000', log.to) - assert_equal('4912347114711', log.from) - assert_equal('in', log.direction) - assert_equal('user 1', log.to_comment) - assert_equal('CallerId Customer1', log.from_comment) - assert_nil(log.comment) - assert_equal('answer', log.state) - assert_equal(true, log.done) - assert(log.initialized_at) - assert(log.start_at) - assert_nil(log.end_at) - assert(log.duration_waiting_time) - assert_nil(log.duration_talking_time) - - # inbound - I - hangup by customer - params = 'event=hangup&direction=in&call_id=1234567890-3&cause=normalClearing&to=4930600000000&from=4912347114711' - post "/api/v1/cti/#{token}", params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-3') - assert(log) - assert_equal('4930600000000', log.to) - assert_equal('4912347114711', log.from) - assert_equal('in', log.direction) - assert_equal('user 1', log.to_comment) - assert_equal('CallerId Customer1', log.from_comment) - assert_equal('normalClearing', log.comment) - assert_equal('hangup', log.state) - assert_equal(true, log.done) - assert(log.initialized_at) - assert(log.start_at) - assert(log.end_at) - assert(log.duration_waiting_time) - assert(log.duration_talking_time) - - # inbound - II - new call - params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&call_id=1234567890-4&user%5B%5D=user+1,user+2' - post "/api/v1/cti/#{token}", params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-4') - assert(log) - assert_equal('4930600000000', log.to) - assert_equal('4912347114711', log.from) - assert_equal('in', log.direction) - assert_equal('user 1,user 2', log.to_comment) - assert_equal('CallerId Customer1', log.from_comment) - assert_nil(log.comment) - assert_equal('newCall', log.state) - assert_equal(false, log.done) - assert(log.initialized_at) - assert_nil(log.start_at) - assert_nil(log.end_at) - assert_nil(log.duration_waiting_time) - assert_nil(log.duration_talking_time) - - # inbound - II - answer by voicemail - params = 'event=answer&direction=in&call_id=1234567890-4&to=4930600000000&from=4912347114711&user=voicemail' - post "/api/v1/cti/#{token}", params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-4') - assert(log) - assert_equal('4930600000000', log.to) - assert_equal('4912347114711', log.from) - assert_equal('in', log.direction) - assert_equal('voicemail', log.to_comment) - assert_equal('CallerId Customer1', log.from_comment) - assert_nil(log.comment) - assert_equal('answer', log.state) - assert_equal(true, log.done) - assert(log.initialized_at) - assert(log.start_at) - assert_nil(log.end_at) - assert(log.duration_waiting_time) - assert_nil(log.duration_talking_time) - - # inbound - II - hangup by customer - params = 'event=hangup&direction=in&call_id=1234567890-4&cause=normalClearing&to=4930600000000&from=4912347114711' - post "/api/v1/cti/#{token}", params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-4') - assert(log) - assert_equal('4930600000000', log.to) - assert_equal('4912347114711', log.from) - assert_equal('in', log.direction) - assert_equal('voicemail', log.to_comment) - assert_equal('CallerId Customer1', log.from_comment) - assert_equal('normalClearing', log.comment) - assert_equal('hangup', log.state) - assert_equal(false, log.done) - assert(log.initialized_at) - assert(log.start_at) - assert(log.end_at) - assert(log.duration_waiting_time) - assert(log.duration_talking_time) - - # inbound - III - new call - params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&call_id=1234567890-5&user%5B%5D=user+1,user+2' - post "/api/v1/cti/#{token}", params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-5') - assert(log) - assert_equal('4930600000000', log.to) - assert_equal('4912347114711', log.from) - assert_equal('in', log.direction) - assert_equal('user 1,user 2', log.to_comment) - assert_equal('CallerId Customer1', log.from_comment) - assert_nil(log.comment) - assert_equal('newCall', log.state) - assert_equal(false, log.done) - assert(log.initialized_at) - assert_nil(log.start_at) - assert_nil(log.end_at) - assert_nil(log.duration_waiting_time) - assert_nil(log.duration_talking_time) - - # inbound - III - hangup by customer - params = 'event=hangup&direction=in&call_id=1234567890-5&cause=normalClearing&to=4930600000000&from=4912347114711' - post "/api/v1/cti/#{token}", params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-5') - assert(log) - assert_equal('4930600000000', log.to) - assert_equal('4912347114711', log.from) - assert_equal('in', log.direction) - assert_equal('user 1,user 2', log.to_comment) - assert_equal('CallerId Customer1', log.from_comment) - assert_equal('normalClearing', log.comment) - assert_equal('hangup', log.state) - assert_equal(false, log.done) - assert(log.initialized_at) - assert_nil(log.start_at) - assert(log.end_at) - assert(log.duration_waiting_time) - assert_nil(log.duration_talking_time) - - # inbound - IV - new call - params = 'event=newCall&direction=in&to=4930600000000&from=49999992222222&call_id=1234567890-6&user%5B%5D=user+1,user+2' - post "/api/v1/cti/#{token}", params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-6') - assert(log) - assert_equal('4930600000000', log.to) - assert_equal('49999992222222', log.from) - assert_equal('in', log.direction) - assert_equal('user 1,user 2', log.to_comment) - assert_equal('CallerId Customer3,CallerId Customer2', log.from_comment) - assert_not(log.preferences['to']) - assert(log.preferences['from']) - assert_nil(log.comment) - assert_equal('newCall', log.state) - assert_equal(false, log.done) - assert(log.initialized_at) - assert_nil(log.start_at) - assert_nil(log.end_at) - assert_nil(log.duration_waiting_time) - assert_nil(log.duration_talking_time) - - # inbound - IV - new call - params = 'event=newCall&direction=in&to=4930600000000&from=anonymous&call_id=1234567890-7&user%5B%5D=user+1,user+2' - post "/api/v1/cti/#{token}", params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-7') - assert(log) - assert_equal('4930600000000', log.to) - assert_equal('anonymous', log.from) - assert_equal('in', log.direction) - assert_equal('user 1,user 2', log.to_comment) - assert_nil(log.from_comment) - assert_not(log.preferences['to']) - assert_not(log.preferences['from']) - assert_nil(log.comment) - assert_equal('newCall', log.state) - assert_equal(false, log.done) - assert(log.initialized_at) - assert_nil(log.start_at) - assert_nil(log.end_at) - assert_nil(log.duration_waiting_time) - assert_nil(log.duration_talking_time) - - # get caller list - get '/api/v1/cti/log' - assert_response(401) - - customer2 = User.lookup(login: 'ticket-caller_id_cti-customer2@example.com') - customer3 = User.lookup(login: 'ticket-caller_id_cti-customer3@example.com') - - headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('cti-agent@example.com', 'agentpw') - get '/api/v1/cti/log', headers: headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result['list'].class, Array) - assert_equal(7, result['list'].count) - assert(result['assets']) - assert(result['assets']['User']) - assert(result['assets']['User'][customer2.id.to_s]) - assert(result['assets']['User'][customer3.id.to_s]) - assert_equal('1234567890-7', result['list'][0]['call_id']) - assert_equal('1234567890-6', result['list'][1]['call_id']) - assert_equal('1234567890-5', result['list'][2]['call_id']) - assert_equal('1234567890-4', result['list'][3]['call_id']) - assert_equal('1234567890-3', result['list'][4]['call_id']) - assert_equal('1234567890-2', result['list'][5]['call_id']) - assert_equal('hangup', result['list'][5]['state']) - assert_equal('4930777000000', result['list'][5]['from']) - assert_equal('user 1', result['list'][5]['from_comment']) - assert_equal('4912347114711', result['list'][5]['to']) - assert_equal('CallerId Customer1', result['list'][5]['to_comment']) - assert_equal('normalClearing', result['list'][5]['comment']) - assert_equal('hangup', result['list'][5]['state']) - assert_equal('1234567890-1', result['list'][6]['call_id']) - - end - -end diff --git a/test/controllers/integration_sipgate_controller_test.rb b/test/controllers/integration_sipgate_controller_test.rb deleted file mode 100644 index 97462d054..000000000 --- a/test/controllers/integration_sipgate_controller_test.rb +++ /dev/null @@ -1,469 +0,0 @@ - -require 'test_helper' -require 'rexml/document' - -class IntegrationSipgateControllerTest < ActionDispatch::IntegrationTest - setup do - - Cti::Log.destroy_all - - Setting.set('sipgate_integration', true) - Setting.set('sipgate_config', { - outbound: { - routing_table: [ - { - dest: '41*', - caller_id: '41715880339000', - }, - { - dest: '491714000000', - caller_id: '41715880339000', - }, - ], - default_caller_id: '4930777000000', - }, - inbound: { - block_caller_ids: [ - { - caller_id: '491715000000', - note: 'some note', - } - ], - notify_user_ids: { - 2 => true, - 4 => false, - }, - } - },) - - groups = Group.where(name: 'Users') - roles = Role.where(name: %w[Agent]) - agent = User.create_or_update( - login: 'cti-agent@example.com', - firstname: 'E', - lastname: 'S', - email: 'cti-agent@example.com', - password: 'agentpw', - active: true, - roles: roles, - groups: groups, - updated_by_id: 1, - created_by_id: 1, - ) - - customer1 = User.create_or_update( - login: 'ticket-caller_id_sipgate-customer1@example.com', - firstname: 'CallerId', - lastname: 'Customer1', - email: 'ticket-caller_id_sipgate-customer1@example.com', - password: 'customerpw', - active: true, - phone: '+49 99999 222222', - fax: '+49 99999 222223', - mobile: '+4912347114711', - note: 'Phone at home: +49 99999 222224', - updated_by_id: 1, - created_by_id: 1, - ) - customer2 = User.create_or_update( - login: 'ticket-caller_id_sipgate-customer2@example.com', - firstname: 'CallerId', - lastname: 'Customer2', - email: 'ticket-caller_id_sipgate-customer2@example.com', - password: 'customerpw', - active: true, - phone: '+49 99999 222222 2', - updated_by_id: 1, - created_by_id: 1, - ) - customer3 = User.create_or_update( - login: 'ticket-caller_id_sipgate-customer3@example.com', - firstname: 'CallerId', - lastname: 'Customer3', - email: 'ticket-caller_id_sipgate-customer3@example.com', - password: 'customerpw', - active: true, - phone: '+49 99999 222222 2', - updated_by_id: 1, - created_by_id: 1, - ) - Cti::CallerId.rebuild - - end - - test 'basic call' do - - # inbound - I - params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&callId=4991155921769858278-1&user%5B%5D=user+1&user%5B%5D=user+2' - post '/api/v1/sipgate/in', params: params - assert_response(200) - on_hangup = nil - on_answer = nil - content = @response.body - response = REXML::Document.new(content) - response.elements.each('Response') do |element| - on_hangup = element.attributes['onHangup'] - on_answer = element.attributes['onAnswer'] - end - assert_equal('http://zammad.example.com/api/v1/sipgate/in', on_hangup) - assert_equal('http://zammad.example.com/api/v1/sipgate/in', on_answer) - - # inbound - II - block caller - params = 'event=newCall&direction=in&from=491715000000&to=4930600000000&callId=4991155921769858278-2&user%5B%5D=user+1&user%5B%5D=user+2' - post '/api/v1/sipgate/in', params: params - assert_response(200) - on_hangup = nil - on_answer = nil - content = @response.body - response = REXML::Document.new(content) - response.elements.each('Response') do |element| - on_hangup = element.attributes['onHangup'] - on_answer = element.attributes['onAnswer'] - end - assert_equal('http://zammad.example.com/api/v1/sipgate/in', on_hangup) - assert_equal('http://zammad.example.com/api/v1/sipgate/in', on_answer) - reason = nil - response.elements.each('Response/Reject') do |element| - reason = element.attributes['reason'] - end - assert_equal('busy', reason) - - # outbound - I - set default_caller_id - params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&callId=8621106404543334274-3&user%5B%5D=user+1' - post '/api/v1/sipgate/out', params: params - assert_response(200) - on_hangup = nil - on_answer = nil - caller_id = nil - number_to_dail = nil - content = @response.body - response = REXML::Document.new(content) - response.elements.each('Response') do |element| - on_hangup = element.attributes['onHangup'] - on_answer = element.attributes['onAnswer'] - end - response.elements.each('Response/Dial') do |element| - caller_id = element.attributes['callerId'] - end - response.elements.each('Response/Dial/Number') do |element| - number_to_dail = element.text - end - assert_equal('4930777000000', caller_id) - assert_equal('4912347114711', number_to_dail) - assert_equal('http://zammad.example.com/api/v1/sipgate/out', on_hangup) - assert_equal('http://zammad.example.com/api/v1/sipgate/out', on_answer) - - # outbound - II - set caller_id based on routing_table by explicite number - params = 'event=newCall&direction=out&from=4930600000000&to=491714000000&callId=8621106404543334274-4&user%5B%5D=user+1' - post '/api/v1/sipgate/out', params: params - assert_response(200) - on_hangup = nil - on_answer = nil - caller_id = nil - number_to_dail = nil - content = @response.body - response = REXML::Document.new(content) - response.elements.each('Response') do |element| - on_hangup = element.attributes['onHangup'] - on_answer = element.attributes['onAnswer'] - end - response.elements.each('Response/Dial') do |element| - caller_id = element.attributes['callerId'] - end - response.elements.each('Response/Dial/Number') do |element| - number_to_dail = element.text - end - assert_equal('41715880339000', caller_id) - assert_equal('491714000000', number_to_dail) - assert_equal('http://zammad.example.com/api/v1/sipgate/out', on_hangup) - assert_equal('http://zammad.example.com/api/v1/sipgate/out', on_answer) - - # outbound - III - set caller_id based on routing_table by 41* - params = 'event=newCall&direction=out&from=4930600000000&to=4147110000000&callId=8621106404543334274-5&user%5B%5D=user+1' - post '/api/v1/sipgate/out', params: params - assert_response(200) - on_hangup = nil - on_answer = nil - caller_id = nil - number_to_dail = nil - content = @response.body - response = REXML::Document.new(content) - response.elements.each('Response') do |element| - on_hangup = element.attributes['onHangup'] - on_answer = element.attributes['onAnswer'] - end - response.elements.each('Response/Dial') do |element| - caller_id = element.attributes['callerId'] - end - response.elements.each('Response/Dial/Number') do |element| - number_to_dail = element.text - end - assert_equal('41715880339000', caller_id) - assert_equal('4147110000000', number_to_dail) - assert_equal('http://zammad.example.com/api/v1/sipgate/out', on_hangup) - assert_equal('http://zammad.example.com/api/v1/sipgate/out', on_answer) - - # no config - Setting.set('sipgate_config', {}) - params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&callId=4991155921769858278-6&user%5B%5D=user+1&user%5B%5D=user+2' - post '/api/v1/sipgate/in', params: params - assert_response(422) - error = nil - content = @response.body - response = REXML::Document.new(content) - response.elements.each('Response/Error') do |element| - error = element.text - end - assert_equal('Feature not configured, please contact your admin!', error) - - end - - test 'log call' do - - # outbound - I - new call - params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&callId=1234567890-1&user%5B%5D=user+1' - post '/api/v1/sipgate/out', params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-1') - assert(log) - assert_equal('4930777000000', log.from) - assert_equal('4912347114711', log.to) - assert_equal('out', log.direction) - assert_equal('user 1', log.from_comment) - assert_equal('CallerId Customer1', log.to_comment) - assert_nil(log.comment) - assert_equal('newCall', log.state) - assert_equal(true, log.done) - - # outbound - I - hangup by agent - params = 'event=hangup&direction=out&callId=1234567890-1&cause=cancel' - post '/api/v1/sipgate/out', params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-1') - assert(log) - assert_equal('4930777000000', log.from) - assert_equal('4912347114711', log.to) - assert_equal('out', log.direction) - assert_equal('user 1', log.from_comment) - assert_equal('CallerId Customer1', log.to_comment) - assert_equal('cancel', log.comment) - assert_equal('hangup', log.state) - assert_equal(true, log.done) - - # outbound - II - new call - params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&callId=1234567890-2&user%5B%5D=user+1' - post '/api/v1/sipgate/out', params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-2') - assert(log) - assert_equal('4930777000000', log.from) - assert_equal('4912347114711', log.to) - assert_equal('out', log.direction) - assert_equal('user 1', log.from_comment) - assert_equal('CallerId Customer1', log.to_comment) - assert_nil(log.comment) - assert_equal('newCall', log.state) - assert_equal(true, log.done) - - # outbound - II - answer by customer - params = 'event=answer&direction=out&callId=1234567890-2&from=4930600000000&to=4912347114711' - post '/api/v1/sipgate/out', params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-2') - assert(log) - assert_equal('4930777000000', log.from) - assert_equal('4912347114711', log.to) - assert_equal('out', log.direction) - assert_equal('user 1', log.from_comment) - assert_equal('CallerId Customer1', log.to_comment) - assert_nil(log.comment) - assert_equal('answer', log.state) - assert_equal(true, log.done) - - # outbound - II - hangup by customer - params = 'event=hangup&direction=out&callId=1234567890-2&cause=normalClearing&from=4930600000000&to=4912347114711' - post '/api/v1/sipgate/out', params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-2') - assert(log) - assert_equal('4930777000000', log.from) - assert_equal('4912347114711', log.to) - assert_equal('out', log.direction) - assert_equal('user 1', log.from_comment) - assert_equal('CallerId Customer1', log.to_comment) - assert_equal('normalClearing', log.comment) - assert_equal('hangup', log.state) - assert_equal(true, log.done) - - # inbound - I - new call - params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&callId=1234567890-3&user%5B%5D=user+1' - post '/api/v1/sipgate/in', params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-3') - assert(log) - assert_equal('4930600000000', log.to) - assert_equal('4912347114711', log.from) - assert_equal('in', log.direction) - assert_equal('user 1', log.to_comment) - assert_equal('CallerId Customer1', log.from_comment) - assert_nil(log.comment) - assert_equal('newCall', log.state) - assert_equal(false, log.done) - - # inbound - I - answer by customer - params = 'event=answer&direction=in&callId=1234567890-3&to=4930600000000&from=4912347114711' - post '/api/v1/sipgate/in', params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-3') - assert(log) - assert_equal('4930600000000', log.to) - assert_equal('4912347114711', log.from) - assert_equal('in', log.direction) - assert_equal('user 1', log.to_comment) - assert_equal('CallerId Customer1', log.from_comment) - assert_nil(log.comment) - assert_equal('answer', log.state) - assert_equal(true, log.done) - - # inbound - I - hangup by customer - params = 'event=hangup&direction=in&callId=1234567890-3&cause=normalClearing&to=4930600000000&from=4912347114711' - post '/api/v1/sipgate/in', params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-3') - assert(log) - assert_equal('4930600000000', log.to) - assert_equal('4912347114711', log.from) - assert_equal('in', log.direction) - assert_equal('user 1', log.to_comment) - assert_equal('CallerId Customer1', log.from_comment) - assert_equal('normalClearing', log.comment) - assert_equal('hangup', log.state) - assert_equal(true, log.done) - - # inbound - II - new call - params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&callId=1234567890-4&user%5B%5D=user+1,user+2' - post '/api/v1/sipgate/in', params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-4') - assert(log) - assert_equal('4930600000000', log.to) - assert_equal('4912347114711', log.from) - assert_equal('in', log.direction) - assert_equal('user 1,user 2', log.to_comment) - assert_equal('CallerId Customer1', log.from_comment) - assert_nil(log.comment) - assert_equal('newCall', log.state) - assert_equal(false, log.done) - - # inbound - II - answer by voicemail - params = 'event=answer&direction=in&callId=1234567890-4&to=4930600000000&from=4912347114711&user=voicemail' - post '/api/v1/sipgate/in', params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-4') - assert(log) - assert_equal('4930600000000', log.to) - assert_equal('4912347114711', log.from) - assert_equal('in', log.direction) - assert_equal('voicemail', log.to_comment) - assert_equal('CallerId Customer1', log.from_comment) - assert_nil(log.comment) - assert_equal('answer', log.state) - assert_equal(true, log.done) - - # inbound - II - hangup by customer - params = 'event=hangup&direction=in&callId=1234567890-4&cause=normalClearing&to=4930600000000&from=4912347114711' - post '/api/v1/sipgate/in', params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-4') - assert(log) - assert_equal('4930600000000', log.to) - assert_equal('4912347114711', log.from) - assert_equal('in', log.direction) - assert_equal('voicemail', log.to_comment) - assert_equal('CallerId Customer1', log.from_comment) - assert_equal('normalClearing', log.comment) - assert_equal('hangup', log.state) - assert_equal(false, log.done) - - # inbound - III - new call - params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&callId=1234567890-5&user%5B%5D=user+1,user+2' - post '/api/v1/sipgate/in', params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-5') - assert(log) - assert_equal('4930600000000', log.to) - assert_equal('4912347114711', log.from) - assert_equal('in', log.direction) - assert_equal('user 1,user 2', log.to_comment) - assert_equal('CallerId Customer1', log.from_comment) - assert_nil(log.comment) - assert_equal('newCall', log.state) - assert_equal(false, log.done) - - # inbound - III - hangup by customer - params = 'event=hangup&direction=in&callId=1234567890-5&cause=normalClearing&to=4930600000000&from=4912347114711' - post '/api/v1/sipgate/in', params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-5') - assert(log) - assert_equal('4930600000000', log.to) - assert_equal('4912347114711', log.from) - assert_equal('in', log.direction) - assert_equal('user 1,user 2', log.to_comment) - assert_equal('CallerId Customer1', log.from_comment) - assert_equal('normalClearing', log.comment) - assert_equal('hangup', log.state) - assert_equal(false, log.done) - - # inbound - IV - new call - params = 'event=newCall&direction=in&to=4930600000000&from=49999992222222&callId=1234567890-6&user%5B%5D=user+1,user+2' - post '/api/v1/sipgate/in', params: params - assert_response(200) - log = Cti::Log.find_by(call_id: '1234567890-6') - assert(log) - assert_equal('4930600000000', log.to) - assert_equal('49999992222222', log.from) - assert_equal('in', log.direction) - assert_equal('user 1,user 2', log.to_comment) - assert_equal('CallerId Customer3,CallerId Customer2', log.from_comment) - assert_not(log.preferences['to']) - assert(log.preferences['from']) - assert_nil(log.comment) - assert_equal('newCall', log.state) - assert_equal(false, log.done) - - # get caller list - get '/api/v1/cti/log' - assert_response(401) - - customer2 = User.lookup(login: 'ticket-caller_id_sipgate-customer2@example.com') - customer3 = User.lookup(login: 'ticket-caller_id_sipgate-customer3@example.com') - - headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('cti-agent@example.com', 'agentpw') - get '/api/v1/cti/log', headers: headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result['list'].class, Array) - assert_equal(6, result['list'].count) - assert(result['assets']) - assert(result['assets']['User']) - assert(result['assets']['User'][customer2.id.to_s]) - assert(result['assets']['User'][customer3.id.to_s]) - assert_equal('1234567890-6', result['list'][0]['call_id']) - assert_equal('1234567890-5', result['list'][1]['call_id']) - assert_equal('1234567890-4', result['list'][2]['call_id']) - assert_equal('1234567890-3', result['list'][3]['call_id']) - assert_equal('1234567890-2', result['list'][4]['call_id']) - assert_equal('hangup', result['list'][4]['state']) - assert_equal('4930777000000', result['list'][4]['from']) - assert_equal('user 1', result['list'][4]['from_comment']) - assert_equal('4912347114711', result['list'][4]['to']) - assert_equal('CallerId Customer1', result['list'][4]['to_comment']) - assert_equal('normalClearing', result['list'][4]['comment']) - assert_equal('hangup', result['list'][4]['state']) - assert_equal('1234567890-1', result['list'][5]['call_id']) - - end - -end diff --git a/test/controllers/o_auth_controller_test.rb b/test/controllers/o_auth_controller_test.rb deleted file mode 100644 index ac342c907..000000000 --- a/test/controllers/o_auth_controller_test.rb +++ /dev/null @@ -1,29 +0,0 @@ - -require 'test_helper' - -class OAuthControllerTest < ActionDispatch::IntegrationTest - - test 'o365 - start' do - get '/auth/microsoft_office365', params: {} - assert_response(302) - assert_match('https://login.microsoftonline.com/common/oauth2/v2.0/authorize', @response.body) - assert_match('redirect_uri=http%3A%2F%2Fzammad.example.com%2Fauth%2Fmicrosoft_office365%2Fcallback', @response.body) - assert_match('scope=openid+email+profile', @response.body) - assert_match('response_type=code', @response.body) - end - - test 'o365 - callback' do - get '/auth/microsoft_office365/callback?code=1234&state=1234', params: {} - assert_response(302) - assert_match('302 Moved', @response.body) - end - - test 'auth failure' do - get '/auth/failure?message=123&strategy=some_provider', params: {} - assert_response(422) - assert_match('422: Unprocessable Entity', @response.body) - assert_match('

422: The change you wanted was rejected.

', @response.body) - assert_match('
Message from some_provider: 123
', @response.body) - end - -end diff --git a/test/controllers/organization_controller_test.rb b/test/controllers/organization_controller_test.rb deleted file mode 100644 index 994331559..000000000 --- a/test/controllers/organization_controller_test.rb +++ /dev/null @@ -1,590 +0,0 @@ -require 'test_helper' - -class OrganizationControllerTest < ActionDispatch::IntegrationTest - include SearchindexHelper - - setup do - - # set accept header - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - - # create agent - roles = Role.where(name: %w[Admin Agent]) - groups = Group.all - - UserInfo.current_user_id = 1 - - @admin = User.create!( - login: 'rest-admin', - firstname: 'Rest', - lastname: 'Agent', - email: 'rest-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - # create agent - roles = Role.where(name: 'Agent') - @agent = User.create!( - login: 'rest-agent@example.com', - firstname: 'Rest', - lastname: 'Agent', - email: 'rest-agent@example.com', - password: 'agentpw', - active: true, - roles: roles, - groups: groups, - ) - - # create customer without org - roles = Role.where(name: 'Customer') - @customer_without_org = User.create!( - login: 'rest-customer1@example.com', - firstname: 'Rest', - lastname: 'Customer1', - email: 'rest-customer1@example.com', - password: 'customer1pw', - active: true, - roles: roles, - ) - - # create orgs - @organization = Organization.create!( - name: 'Rest Org', - ) - @organization2 = Organization.create!( - name: 'Rest Org #2', - ) - @organization3 = Organization.create!( - name: 'Rest Org #3', - ) - - # create customer with org - @customer_with_org = User.create!( - login: 'rest-customer2@example.com', - firstname: 'Rest', - lastname: 'Customer2', - email: 'rest-customer2@example.com', - password: 'customer2pw', - active: true, - roles: roles, - organization_id: @organization.id, - ) - - configure_elasticsearch do - - travel 1.minute - - rebuild_searchindex - - # execute background jobs - Scheduler.worker(true) - - sleep 6 - end - - UserInfo.current_user_id = nil - end - - test 'organization index with agent' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw') - - # index - get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Array) - assert_equal(result[0]['member_ids'].class, Array) - assert(result.length >= 3) - - get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - organizations = Organization.order(:id).limit(2) - assert_equal(organizations[0].id, result[0]['id']) - assert_equal(organizations[0].member_ids, result[0]['member_ids']) - assert_equal(organizations[1].id, result[1]['id']) - assert_equal(organizations[1].member_ids, result[1]['member_ids']) - assert_equal(2, result.count) - - get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - organizations = Organization.order(:id).limit(4) - assert_equal(organizations[2].id, result[0]['id']) - assert_equal(organizations[2].member_ids, result[0]['member_ids']) - assert_equal(organizations[3].id, result[1]['id']) - assert_equal(organizations[3].member_ids, result[1]['member_ids']) - - assert_equal(2, result.count) - - # show/:id - get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['member_ids'].class, Array) - assert_not(result['members']) - assert_equal(result['name'], 'Rest Org') - - get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['member_ids'].class, Array) - assert_not(result['members']) - assert_equal(result['name'], 'Rest Org #2') - - # search as agent - Scheduler.worker(true) - get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal('Zammad Foundation', result[0]['name']) - assert(result[0]['member_ids']) - assert_not(result[0]['members']) - - get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal('Zammad Foundation', result[0]['name']) - assert(result[0]['member_ids']) - assert(result[0]['members']) - - get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal('Zammad Foundation', result[0]['label']) - assert_equal('Zammad Foundation', result[0]['value']) - assert_not(result[0]['member_ids']) - assert_not(result[0]['members']) - end - - test 'organization index with customer1' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw') - - # index - get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Array) - assert_equal(result.length, 0) - - # show/:id - get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_nil(result['name']) - - get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_nil(result['name']) - - # search - Scheduler.worker(true) - get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - end - - test 'organization index with customer2' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw') - - # index - get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Array) - assert_equal(result.length, 1) - - # show/:id - get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['name'], 'Rest Org') - - get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_nil(result['name']) - - # search - Scheduler.worker(true) - get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - end - - test '04.01 organization show and response format' do - organization = Organization.create!( - name: 'Rest Org NEW', - members: [@customer_without_org], - updated_by_id: @admin.id, - created_by_id: @admin.id, - ) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - get "/api/v1/organizations/#{organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(organization.id, result['id']) - assert_equal(organization.name, result['name']) - assert_not(result['members']) - assert_equal([@customer_without_org.id], result['member_ids']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - get "/api/v1/organizations/#{organization.id}?expand=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(organization.id, result['id']) - assert_equal(organization.name, result['name']) - assert(result['members']) - assert_equal([@customer_without_org.id], result['member_ids']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - get "/api/v1/organizations/#{organization.id}?expand=false", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(organization.id, result['id']) - assert_equal(organization.name, result['name']) - assert_not(result['members']) - assert_equal([@customer_without_org.id], result['member_ids']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - get "/api/v1/organizations/#{organization.id}?full=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - - assert_equal(Hash, result.class) - assert_equal(organization.id, result['id']) - assert(result['assets']) - assert(result['assets']['Organization']) - assert(result['assets']['Organization'][organization.id.to_s]) - assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id']) - assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name']) - assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids']) - assert_not(result['assets']['Organization'][organization.id.to_s]['members']) - - get "/api/v1/organizations/#{organization.id}?full=false", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(organization.id, result['id']) - assert_equal(organization.name, result['name']) - assert_not(result['members']) - assert_equal([@customer_without_org.id], result['member_ids']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - end - - test '04.02 organization index and response format' do - organization = Organization.create!( - name: 'Rest Org NEW', - members: [@customer_without_org], - updated_by_id: @admin.id, - created_by_id: @admin.id, - ) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(Hash, result[0].class) - assert_equal(organization.id, result.last['id']) - assert_equal(organization.name, result.last['name']) - assert_not(result.last['members']) - assert_equal(organization.member_ids, result.last['member_ids']) - assert_equal(@admin.id, result.last['updated_by_id']) - assert_equal(@admin.id, result.last['created_by_id']) - - get '/api/v1/organizations?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(Hash, result[0].class) - assert_equal(organization.id, result.last['id']) - assert_equal(organization.name, result.last['name']) - assert_equal(organization.member_ids, result.last['member_ids']) - assert_equal(organization.members.pluck(:login), [@customer_without_org.login]) - assert_equal(@admin.id, result.last['updated_by_id']) - assert_equal(@admin.id, result.last['created_by_id']) - - get '/api/v1/organizations?expand=false', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(Hash, result[0].class) - assert_equal(organization.id, result.last['id']) - assert_equal(organization.name, result.last['name']) - assert_not(result.last['members']) - assert_equal(organization.member_ids, result.last['member_ids']) - assert_equal(@admin.id, result.last['updated_by_id']) - assert_equal(@admin.id, result.last['created_by_id']) - - get '/api/v1/organizations?full=true', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - - assert_equal(Hash, result.class) - assert_equal(Array, result['record_ids'].class) - assert_equal(1, result['record_ids'][0]) - assert_equal(organization.id, result['record_ids'].last) - assert(result['assets']) - assert(result['assets']['Organization']) - assert(result['assets']['Organization'][organization.id.to_s]) - assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id']) - assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name']) - assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids']) - assert_not(result['assets']['Organization'][organization.id.to_s]['members']) - - get '/api/v1/organizations?full=false', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(Hash, result[0].class) - assert_equal(organization.id, result.last['id']) - assert_equal(organization.name, result.last['name']) - assert_not(result.last['members']) - assert_equal(organization.member_ids, result.last['member_ids']) - assert_equal(@admin.id, result.last['updated_by_id']) - assert_equal(@admin.id, result.last['created_by_id']) - end - - test '04.03 ticket create and response format' do - params = { - name: 'Rest Org NEW', - members: [@customer_without_org.login], - } - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - post '/api/v1/organizations', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - organization = Organization.find(result['id']) - assert_equal(organization.name, result['name']) - assert_equal(organization.member_ids, result['member_ids']) - assert_not(result['members']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - params[:name] = 'Rest Org NEW #2' - post '/api/v1/organizations?expand=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - organization = Organization.find(result['id']) - assert_equal(organization.name, result['name']) - assert_equal(organization.member_ids, result['member_ids']) - assert_equal(organization.members.pluck(:login), result['members']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - params[:name] = 'Rest Org NEW #3' - post '/api/v1/organizations?full=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - organization = Organization.find(result['id']) - assert(result['assets']) - assert(result['assets']['Organization']) - assert(result['assets']['Organization'][organization.id.to_s]) - assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id']) - assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name']) - assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids']) - assert_not(result['assets']['Organization'][organization.id.to_s]['members']) - - end - - test '04.04 ticket update and response formats' do - organization = Organization.create!( - name: 'Rest Org NEW', - members: [@customer_without_org], - updated_by_id: @admin.id, - created_by_id: @admin.id, - ) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - params = { - name: 'a update name #1', - } - put "/api/v1/organizations/#{organization.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - organization = Organization.find(result['id']) - assert_equal(params[:name], result['name']) - assert_equal(organization.member_ids, result['member_ids']) - assert_not(result['members']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - params = { - name: 'a update name #2', - } - put "/api/v1/organizations/#{organization.id}?expand=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - organization = Organization.find(result['id']) - assert_equal(params[:name], result['name']) - assert_equal(organization.member_ids, result['member_ids']) - assert_equal(organization.members.pluck(:login), [@customer_without_org.login]) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - params = { - name: 'a update name #3', - } - put "/api/v1/organizations/#{organization.id}?full=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - organization = Organization.find(result['id']) - assert(result['assets']) - assert(result['assets']['Organization']) - assert(result['assets']['Organization'][organization.id.to_s]) - assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id']) - assert_equal(params[:name], result['assets']['Organization'][organization.id.to_s]['name']) - assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids']) - assert_not(result['assets']['Organization'][organization.id.to_s]['members']) - - end - - test '05.01 csv example - customer no access' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw') - - get '/api/v1/organizations/import_example', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('Not authorized (user)!', result['error']) - end - - test '05.02 csv example - admin access' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - get '/api/v1/organizations/import_example', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - - rows = CSV.parse(@response.body) - header = rows.shift - - assert_equal('id', header[0]) - assert_equal('name', header[1]) - assert_equal('shared', header[2]) - assert_equal('domain', header[3]) - assert_equal('domain_assignment', header[4]) - assert_equal('active', header[5]) - assert_equal('note', header[6]) - assert(header.include?('members')) - end - - test '05.03 csv import - admin access' do - - UserInfo.current_user_id = 1 - customer1 = User.create!( - login: 'customer1-members@example.com', - firstname: 'Member', - lastname: 'Customer', - email: 'customer1-members@example.com', - password: 'customerpw', - active: true, - ) - customer2 = User.create!( - login: 'customer2-members@example.com', - firstname: 'Member', - lastname: 'Customer', - email: 'customer2-members@example.com', - password: 'customerpw', - active: true, - ) - UserInfo.current_user_id = nil - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - # invalid file - csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple_col_not_existing.csv') - csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') - post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials } - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert_equal(true, result['try']) - assert_equal(2, result['records'].count) - assert_equal('failed', result['result']) - assert_equal(2, result['errors'].count) - assert_equal("Line 1: unknown attribute 'name2' for Organization.", result['errors'][0]) - assert_equal("Line 2: unknown attribute 'name2' for Organization.", result['errors'][1]) - - # valid file try - csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv') - csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') - post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials } - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert_equal(true, result['try']) - assert_equal(2, result['records'].count) - assert_equal('success', result['result']) - - assert_nil(Organization.find_by(name: 'organization-member-import1')) - assert_nil(Organization.find_by(name: 'organization-member-import2')) - - # valid file - csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv') - csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') - post '/api/v1/organizations/import', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials } - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert_equal(false, result['try']) - assert_equal(2, result['records'].count) - assert_equal('success', result['result']) - - organization1 = Organization.find_by(name: 'organization-member-import1') - assert(organization1) - assert_equal(organization1.name, 'organization-member-import1') - assert_equal(organization1.members.count, 1) - assert_equal(organization1.members.first.login, customer1.login) - assert_equal(organization1.active, true) - organization2 = Organization.find_by(name: 'organization-member-import2') - assert(organization2) - assert_equal(organization2.name, 'organization-member-import2') - assert_equal(organization2.members.count, 1) - assert_equal(organization2.members.first.login, customer2.login) - assert_equal(organization2.active, false) - - end - -end diff --git a/test/controllers/organizations_controller_test.rb b/test/controllers/organizations_controller_test.rb deleted file mode 100644 index fa18d9f99..000000000 --- a/test/controllers/organizations_controller_test.rb +++ /dev/null @@ -1,638 +0,0 @@ -require 'test_helper' - -class OrganizationsControllerTest < ActionDispatch::IntegrationTest - include SearchindexHelper - - setup do - - # set accept header - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - - # create agent - roles = Role.where(name: %w[Admin Agent]) - groups = Group.all - - UserInfo.current_user_id = 1 - - @admin = User.create!( - login: 'rest-admin', - firstname: 'Rest', - lastname: 'Agent', - email: 'rest-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - # create agent - roles = Role.where(name: 'Agent') - @agent = User.create!( - login: 'rest-agent@example.com', - firstname: 'Rest', - lastname: 'Agent', - email: 'rest-agent@example.com', - password: 'agentpw', - active: true, - roles: roles, - groups: groups, - ) - - # create customer without org - roles = Role.where(name: 'Customer') - @customer_without_org = User.create!( - login: 'rest-customer1@example.com', - firstname: 'Rest', - lastname: 'Customer1', - email: 'rest-customer1@example.com', - password: 'customer1pw', - active: true, - roles: roles, - ) - - # create orgs - @organization = Organization.create!( - name: 'Rest Org #1', - note: 'Rest Org A', - created_at: '2018-02-05 17:42:00', - updated_at: '2018-02-05 20:42:00', - ) - @organization2 = Organization.create!( - name: 'Rest Org #2', - note: 'Rest Org B', - created_at: '2018-02-05 18:42:00', - updated_at: '2018-02-05 18:42:00', - ) - @organization3 = Organization.create!( - name: 'Rest Org #3', - note: 'Rest Org C', - created_at: '2018-02-05 19:42:00', - updated_at: '2018-02-05 19:42:00', - ) - - # create customer with org - @customer_with_org = User.create!( - login: 'rest-customer2@example.com', - firstname: 'Rest', - lastname: 'Customer2', - email: 'rest-customer2@example.com', - password: 'customer2pw', - active: true, - roles: roles, - organization_id: @organization.id, - ) - - configure_elasticsearch do - - travel 1.minute - - rebuild_searchindex - - # execute background jobs - Scheduler.worker(true) - - sleep 6 - end - - UserInfo.current_user_id = nil - end - - test 'organization index with agent' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw') - - # index - get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Array) - assert_equal(result[0]['member_ids'].class, Array) - assert(result.length >= 3) - - get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - organizations = Organization.order(:id).limit(2) - assert_equal(organizations[0].id, result[0]['id']) - assert_equal(organizations[0].member_ids, result[0]['member_ids']) - assert_equal(organizations[1].id, result[1]['id']) - assert_equal(organizations[1].member_ids, result[1]['member_ids']) - assert_equal(2, result.count) - - get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - organizations = Organization.order(:id).limit(4) - assert_equal(organizations[2].id, result[0]['id']) - assert_equal(organizations[2].member_ids, result[0]['member_ids']) - assert_equal(organizations[3].id, result[1]['id']) - assert_equal(organizations[3].member_ids, result[1]['member_ids']) - - assert_equal(2, result.count) - - # show/:id - get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['member_ids'].class, Array) - assert_not(result['members']) - assert_equal(result['name'], 'Rest Org #1') - - get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['member_ids'].class, Array) - assert_not(result['members']) - assert_equal(result['name'], 'Rest Org #2') - - # search as agent - Scheduler.worker(true) - get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal('Zammad Foundation', result[0]['name']) - assert(result[0]['member_ids']) - assert_not(result[0]['members']) - - get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal('Zammad Foundation', result[0]['name']) - assert(result[0]['member_ids']) - assert(result[0]['members']) - - get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal('Zammad Foundation', result[0]['label']) - assert_equal('Zammad Foundation', result[0]['value']) - assert_not(result[0]['member_ids']) - assert_not(result[0]['members']) - end - - test 'organization index with customer1' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw') - - # index - get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Array) - assert_equal(result.length, 0) - - # show/:id - get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_nil(result['name']) - - get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_nil(result['name']) - - # search - Scheduler.worker(true) - get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - end - - test 'organization index with customer2' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw') - - # index - get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Array) - assert_equal(result.length, 1) - - # show/:id - get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['name'], 'Rest Org #1') - - get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_nil(result['name']) - - # search - Scheduler.worker(true) - get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - end - - test 'organization search sortable' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'adminpw') - - get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - result.collect! { |v| v['id'] } - assert_equal(Array, result.class) - assert_equal([ @organization.id, @organization3.id, @organization2.id ], result) - - get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'created_at', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - result.collect! { |v| v['id'] } - assert_equal(Array, result.class) - assert_equal([ @organization.id, @organization2.id, @organization3.id ], result) - - get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'note', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - result.collect! { |v| v['id'] } - assert_equal(Array, result.class) - assert_equal([ @organization.id, @organization2.id, @organization3.id ], result) - - get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'note', order_by: 'desc' }, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - result.collect! { |v| v['id'] } - assert_equal(Array, result.class) - assert_equal([ @organization3.id, @organization2.id, @organization.id ], result) - - get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: %w[note created_at], order_by: %w[desc asc] }, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - result.collect! { |v| v['id'] } - assert_equal(Array, result.class) - assert_equal([ @organization3.id, @organization2.id, @organization.id ], result) - end - - test '04.01 organization show and response format' do - organization = Organization.create!( - name: 'Rest Org NEW', - members: [@customer_without_org], - updated_by_id: @admin.id, - created_by_id: @admin.id, - ) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - get "/api/v1/organizations/#{organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(organization.id, result['id']) - assert_equal(organization.name, result['name']) - assert_not(result['members']) - assert_equal([@customer_without_org.id], result['member_ids']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - get "/api/v1/organizations/#{organization.id}?expand=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(organization.id, result['id']) - assert_equal(organization.name, result['name']) - assert(result['members']) - assert_equal([@customer_without_org.id], result['member_ids']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - get "/api/v1/organizations/#{organization.id}?expand=false", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(organization.id, result['id']) - assert_equal(organization.name, result['name']) - assert_not(result['members']) - assert_equal([@customer_without_org.id], result['member_ids']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - get "/api/v1/organizations/#{organization.id}?full=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - - assert_equal(Hash, result.class) - assert_equal(organization.id, result['id']) - assert(result['assets']) - assert(result['assets']['Organization']) - assert(result['assets']['Organization'][organization.id.to_s]) - assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id']) - assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name']) - assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids']) - assert_not(result['assets']['Organization'][organization.id.to_s]['members']) - - get "/api/v1/organizations/#{organization.id}?full=false", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(organization.id, result['id']) - assert_equal(organization.name, result['name']) - assert_not(result['members']) - assert_equal([@customer_without_org.id], result['member_ids']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - end - - test '04.02 organization index and response format' do - organization = Organization.create!( - name: 'Rest Org NEW', - members: [@customer_without_org], - updated_by_id: @admin.id, - created_by_id: @admin.id, - ) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(Hash, result[0].class) - assert_equal(organization.id, result.last['id']) - assert_equal(organization.name, result.last['name']) - assert_not(result.last['members']) - assert_equal(organization.member_ids, result.last['member_ids']) - assert_equal(@admin.id, result.last['updated_by_id']) - assert_equal(@admin.id, result.last['created_by_id']) - - get '/api/v1/organizations?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(Hash, result[0].class) - assert_equal(organization.id, result.last['id']) - assert_equal(organization.name, result.last['name']) - assert_equal(organization.member_ids, result.last['member_ids']) - assert_equal(organization.members.pluck(:login), [@customer_without_org.login]) - assert_equal(@admin.id, result.last['updated_by_id']) - assert_equal(@admin.id, result.last['created_by_id']) - - get '/api/v1/organizations?expand=false', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(Hash, result[0].class) - assert_equal(organization.id, result.last['id']) - assert_equal(organization.name, result.last['name']) - assert_not(result.last['members']) - assert_equal(organization.member_ids, result.last['member_ids']) - assert_equal(@admin.id, result.last['updated_by_id']) - assert_equal(@admin.id, result.last['created_by_id']) - - get '/api/v1/organizations?full=true', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - - assert_equal(Hash, result.class) - assert_equal(Array, result['record_ids'].class) - assert_equal(1, result['record_ids'][0]) - assert_equal(organization.id, result['record_ids'].last) - assert(result['assets']) - assert(result['assets']['Organization']) - assert(result['assets']['Organization'][organization.id.to_s]) - assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id']) - assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name']) - assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids']) - assert_not(result['assets']['Organization'][organization.id.to_s]['members']) - - get '/api/v1/organizations?full=false', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(Hash, result[0].class) - assert_equal(organization.id, result.last['id']) - assert_equal(organization.name, result.last['name']) - assert_not(result.last['members']) - assert_equal(organization.member_ids, result.last['member_ids']) - assert_equal(@admin.id, result.last['updated_by_id']) - assert_equal(@admin.id, result.last['created_by_id']) - end - - test '04.03 ticket create and response format' do - params = { - name: 'Rest Org NEW', - members: [@customer_without_org.login], - } - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - post '/api/v1/organizations', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - organization = Organization.find(result['id']) - assert_equal(organization.name, result['name']) - assert_equal(organization.member_ids, result['member_ids']) - assert_not(result['members']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - params[:name] = 'Rest Org NEW #2' - post '/api/v1/organizations?expand=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - organization = Organization.find(result['id']) - assert_equal(organization.name, result['name']) - assert_equal(organization.member_ids, result['member_ids']) - assert_equal(organization.members.pluck(:login), result['members']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - params[:name] = 'Rest Org NEW #3' - post '/api/v1/organizations?full=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - organization = Organization.find(result['id']) - assert(result['assets']) - assert(result['assets']['Organization']) - assert(result['assets']['Organization'][organization.id.to_s]) - assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id']) - assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name']) - assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids']) - assert_not(result['assets']['Organization'][organization.id.to_s]['members']) - - end - - test '04.04 ticket update and response formats' do - organization = Organization.create!( - name: 'Rest Org NEW', - members: [@customer_without_org], - updated_by_id: @admin.id, - created_by_id: @admin.id, - ) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - params = { - name: 'a update name #1', - } - put "/api/v1/organizations/#{organization.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - organization = Organization.find(result['id']) - assert_equal(params[:name], result['name']) - assert_equal(organization.member_ids, result['member_ids']) - assert_not(result['members']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - params = { - name: 'a update name #2', - } - put "/api/v1/organizations/#{organization.id}?expand=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - organization = Organization.find(result['id']) - assert_equal(params[:name], result['name']) - assert_equal(organization.member_ids, result['member_ids']) - assert_equal(organization.members.pluck(:login), [@customer_without_org.login]) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - params = { - name: 'a update name #3', - } - put "/api/v1/organizations/#{organization.id}?full=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - organization = Organization.find(result['id']) - assert(result['assets']) - assert(result['assets']['Organization']) - assert(result['assets']['Organization'][organization.id.to_s]) - assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id']) - assert_equal(params[:name], result['assets']['Organization'][organization.id.to_s]['name']) - assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids']) - assert_not(result['assets']['Organization'][organization.id.to_s]['members']) - - end - - test '05.01 csv example - customer no access' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw') - - get '/api/v1/organizations/import_example', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('Not authorized (user)!', result['error']) - end - - test '05.02 csv example - admin access' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - get '/api/v1/organizations/import_example', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - - rows = CSV.parse(@response.body) - header = rows.shift - - assert_equal('id', header[0]) - assert_equal('name', header[1]) - assert_equal('shared', header[2]) - assert_equal('domain', header[3]) - assert_equal('domain_assignment', header[4]) - assert_equal('active', header[5]) - assert_equal('note', header[6]) - assert(header.include?('members')) - end - - test '05.03 csv import - admin access' do - - UserInfo.current_user_id = 1 - customer1 = User.create!( - login: 'customer1-members@example.com', - firstname: 'Member', - lastname: 'Customer', - email: 'customer1-members@example.com', - password: 'customerpw', - active: true, - ) - customer2 = User.create!( - login: 'customer2-members@example.com', - firstname: 'Member', - lastname: 'Customer', - email: 'customer2-members@example.com', - password: 'customerpw', - active: true, - ) - UserInfo.current_user_id = nil - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - # invalid file - csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple_col_not_existing.csv') - csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') - post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials } - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert_equal(true, result['try']) - assert_equal(2, result['records'].count) - assert_equal('failed', result['result']) - assert_equal(2, result['errors'].count) - assert_equal("Line 1: unknown attribute 'name2' for Organization.", result['errors'][0]) - assert_equal("Line 2: unknown attribute 'name2' for Organization.", result['errors'][1]) - - # valid file try - csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv') - csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') - post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials } - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert_equal(true, result['try']) - assert_equal(2, result['records'].count) - assert_equal('success', result['result']) - - assert_nil(Organization.find_by(name: 'organization-member-import1')) - assert_nil(Organization.find_by(name: 'organization-member-import2')) - - # valid file - csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv') - csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') - post '/api/v1/organizations/import', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials } - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert_equal(false, result['try']) - assert_equal(2, result['records'].count) - assert_equal('success', result['result']) - - organization1 = Organization.find_by(name: 'organization-member-import1') - assert(organization1) - assert_equal(organization1.name, 'organization-member-import1') - assert_equal(organization1.members.count, 1) - assert_equal(organization1.members.first.login, customer1.login) - assert_equal(organization1.active, true) - organization2 = Organization.find_by(name: 'organization-member-import2') - assert(organization2) - assert_equal(organization2.name, 'organization-member-import2') - assert_equal(organization2.members.count, 1) - assert_equal(organization2.members.first.login, customer2.login) - assert_equal(organization2.active, false) - - end - -end diff --git a/test/controllers/overviews_controller_test.rb b/test/controllers/overviews_controller_test.rb deleted file mode 100644 index 639a04ec8..000000000 --- a/test/controllers/overviews_controller_test.rb +++ /dev/null @@ -1,221 +0,0 @@ - -require 'test_helper' - -class OverviewsControllerTest < ActionDispatch::IntegrationTest - setup do - - # set accept header - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - - # create agent - roles = Role.where(name: %w[Admin Agent]) - groups = Group.all - - UserInfo.current_user_id = 1 - @admin = User.create!( - login: 'tickets-admin', - firstname: 'Tickets', - lastname: 'Admin', - email: 'tickets-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - # create agent - roles = Role.where(name: 'Agent') - @agent = User.create!( - login: 'tickets-agent@example.com', - firstname: 'Tickets', - lastname: 'Agent', - email: 'tickets-agent@example.com', - password: 'agentpw', - active: true, - roles: roles, - groups: Group.all, - ) - - end - - test 'no permissions' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent', 'agentpw') - - params = { - name: 'Overview2', - link: 'my_overview', - roles: Role.where(name: 'Agent').pluck(:name), - condition: { - 'ticket.state_id' => { - operator: 'is', - value: [1, 2, 3], - }, - }, - order: { - by: 'created_at', - direction: 'DESC', - }, - view: { - d: %w[title customer state created_at], - s: %w[number title customer state created_at], - m: %w[number title customer state created_at], - view_mode_default: 's', - }, - } - - post '/api/v1/overviews', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('authentication failed', result['error']) - end - - test 'create overviews' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw') - - params = { - name: 'Overview2', - link: 'my_overview', - roles: Role.where(name: 'Agent').pluck(:name), - condition: { - 'ticket.state_id' => { - operator: 'is', - value: [1, 2, 3], - }, - }, - order: { - by: 'created_at', - direction: 'DESC', - }, - view: { - d: %w[title customer state created_at], - s: %w[number title customer state created_at], - m: %w[number title customer state created_at], - view_mode_default: 's', - }, - } - - post '/api/v1/overviews', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Overview2', result['name']) - assert_equal('my_overview', result['link']) - - post '/api/v1/overviews', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Overview2', result['name']) - assert_equal('my_overview_1', result['link']) - end - - test 'set mass prio' do - roles = Role.where(name: 'Agent') - overview1 = Overview.create!( - name: 'Overview1', - link: 'my_overview', - roles: roles, - condition: { - 'ticket.state_id' => { - operator: 'is', - value: [1, 2, 3], - }, - }, - order: { - by: 'created_at', - direction: 'DESC', - }, - view: { - d: %w[title customer state created_at], - s: %w[number title customer state created_at], - m: %w[number title customer state created_at], - view_mode_default: 's', - }, - prio: 1, - updated_by_id: 1, - created_by_id: 1, - ) - overview2 = Overview.create!( - name: 'Overview2', - link: 'my_overview', - roles: roles, - condition: { - 'ticket.state_id' => { - operator: 'is', - value: [1, 2, 3], - }, - }, - order: { - by: 'created_at', - direction: 'DESC', - }, - view: { - d: %w[title customer state created_at], - s: %w[number title customer state created_at], - m: %w[number title customer state created_at], - view_mode_default: 's', - }, - prio: 2, - updated_by_id: 1, - created_by_id: 1, - ) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw') - params = { - prios: [ - [overview2.id, 1], - [overview1.id, 2], - ] - } - post '/api/v1/overviews_prio', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(true, result['success']) - - overview1.reload - overview2.reload - - assert_equal(2, overview1.prio) - assert_equal(1, overview2.prio) - end - - test 'create an overview with group_by direction' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw') - - params = { - name: 'Overview2', - link: 'my_overview', - roles: Role.where(name: 'Agent').pluck(:name), - condition: { - 'ticket.state_id' => { - operator: 'is', - value: [1, 2, 3], - }, - }, - order: { - by: 'created_at', - direction: 'DESC', - }, - group_by: 'priority', - group_direction: 'ASC', - view: { - d: %w[title customer state created_at], - s: %w[number title customer state created_at], - m: %w[number title customer state created_at], - view_mode_default: 's', - }, - } - - post '/api/v1/overviews', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Overview2', result['name']) - assert_equal('my_overview', result['link']) - assert_equal('priority', result['group_by']) - assert_equal('ASC', result['group_direction']) - end - -end diff --git a/test/controllers/packages_controller_test.rb b/test/controllers/packages_controller_test.rb deleted file mode 100644 index 25f254d92..000000000 --- a/test/controllers/packages_controller_test.rb +++ /dev/null @@ -1,131 +0,0 @@ - -require 'test_helper' - -class PackagesControllerTest < ActionDispatch::IntegrationTest - setup do - - # set accept header - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - - # create agent - roles = Role.where(name: %w[Admin Agent]) - groups = Group.all - - UserInfo.current_user_id = 1 - @admin = User.create!( - login: 'packages-admin', - firstname: 'Packages', - lastname: 'Admin', - email: 'packages-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - # create agent - roles = Role.where(name: 'Agent') - @agent = User.create!( - login: 'packages-agent@example.com', - firstname: 'Rest', - lastname: 'Agent', - email: 'packages-agent@example.com', - password: 'agentpw', - active: true, - roles: roles, - groups: groups, - ) - - # create customer without org - roles = Role.where(name: 'Customer') - @customer_without_org = User.create!( - login: 'packages-customer1@example.com', - firstname: 'Packages', - lastname: 'Customer1', - email: 'packages-customer1@example.com', - password: 'customer1pw', - active: true, - roles: roles, - ) - - end - - test '01 packages index with nobody' do - - # index - get '/api/v1/packages', params: {}, headers: @headers - assert_response(401) - - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_not(result['packages']) - assert_equal('authentication failed', result['error']) - end - - test '02 packages index with admin' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('packages-admin@example.com', 'adminpw') - - # index - get '/api/v1/packages', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result['packages']) - end - - test '03 packages index with admin and wrong pw' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('packages-admin@example.com', 'wrongadminpw') - - # index - get '/api/v1/packages', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('authentication failed', result['error']) - end - - test '04 packages index with inactive admin' do - @admin.active = false - @admin.save! - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('packages-admin@example.com', 'adminpw') - - # index - get '/api/v1/packages', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('authentication failed', result['error']) - end - - test '05 packages index with agent' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('packages-agent@example.com', 'agentpw') - - # index - get '/api/v1/packages', params: {}, headers: @headers.merge('Authorization' => credentials) - - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_not(result['packages']) - assert_equal('Not authorized (user)!', result['error']) - end - - test '06 packages index with customer' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('packages-customer1@example.com', 'customer1pw') - - # index - get '/api/v1/packages', params: {}, headers: @headers.merge('Authorization' => credentials) - - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_not(result['packages']) - assert_equal('Not authorized (user)!', result['error']) - end - -end diff --git a/test/controllers/reports_controller_test.rb b/test/controllers/reports_controller_test.rb deleted file mode 100644 index df24fb9d4..000000000 --- a/test/controllers/reports_controller_test.rb +++ /dev/null @@ -1,98 +0,0 @@ -require 'test_helper' - -class ReportsControllerTest < ActionDispatch::IntegrationTest - include SearchindexHelper - - setup do - - # set accept header - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - - @year = DateTime.now.utc.year - @month = DateTime.now.utc.month - @week = DateTime.now.utc.strftime('%U').to_i - @day = DateTime.now.utc.day - - roles = Role.where(name: 'Admin') - groups = Group.all - - UserInfo.current_user_id = 1 - - @admin = User.create!( - login: 'rest-admin', - firstname: 'Rest', - lastname: 'Agent', - email: 'rest-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - updated_by_id: 1, - created_by_id: 1 - ) - - roles = Role.where(name: 'Customer') - @customer_without_org = User.create!( - login: 'rest-customer1@example.com', - firstname: 'Rest', - lastname: 'Customer1', - email: 'rest-customer1@example.com', - password: 'customer1pw', - active: true, - roles: roles, - updated_by_id: 1, - created_by_id: 1 - ) - - @group1 = Group.create!( - name: "GroupWithoutPermission-#{rand(9_999_999_999)}", - active: true, - updated_by_id: 1, - created_by_id: 1, - ) - @ticket1 = Ticket.create!( - title: 'ticket for report', - group_id: @group1.id, - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'open'), - priority: Ticket::Priority.lookup(name: '2 normal'), - updated_by_id: 1, - created_by_id: 1, - ) - - Ticket::Article.create!( - type: Ticket::Article::Type.lookup(name: 'note'), - sender: Ticket::Article::Sender.lookup(name: 'Customer'), - from: 'sender', - subject: 'subject', - body: 'some body', - ticket_id: @ticket1.id, - updated_by_id: 1, - created_by_id: 1, - ) - - configure_elasticsearch do - - travel 1.minute - - rebuild_searchindex - - # execute background jobs - Scheduler.worker(true) - - sleep 6 - end - end - - test '01.01 report example - admin access' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - get "/api/v1/reports/sets?sheet=true;metric=count;year=#{@year};month=#{@month};week=#{@week};day=#{@day};timeRange=year;profile_id=1;downloadBackendSelected=count::created", params: {}, headers: @headers.merge('Authorization' => credentials) - - assert_response(200) - assert(@response['Content-Disposition']) - assert_equal('attachment; filename="tickets--all--Created.xls"', @response['Content-Disposition']) - assert_equal('application/vnd.ms-excel', @response['Content-Type']) - end -end diff --git a/test/controllers/search_controller_test.rb b/test/controllers/search_controller_test.rb deleted file mode 100644 index b9c3f9b80..000000000 --- a/test/controllers/search_controller_test.rb +++ /dev/null @@ -1,448 +0,0 @@ -require 'test_helper' - -class SearchControllerTest < ActionDispatch::IntegrationTest - include SearchindexHelper - - setup do - - # set current user - UserInfo.current_user_id = 1 - - # set accept header - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - - # create agent - roles = Role.where(name: %w[Admin Agent]) - groups = Group.all - - @admin = User.create!( - login: 'search-admin', - firstname: 'Search', - lastname: 'Admin', - email: 'search-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - # create agent - roles = Role.where(name: 'Agent') - @agent = User.create!( - login: 'search-agent@example.com', - firstname: 'Search 1234', - lastname: 'Agent', - email: 'search-agent@example.com', - password: 'agentpw', - active: true, - roles: roles, - groups: groups, - ) - - # create customer without org - roles = Role.where(name: 'Customer') - @customer_without_org = User.create!( - login: 'search-customer1@example.com', - firstname: 'Search', - lastname: 'Customer1', - email: 'search-customer1@example.com', - password: 'customer1pw', - active: true, - roles: roles, - ) - - # create orgs - @organization = Organization.create!( - name: 'Rest Org', - ) - @organization2 = Organization.create!( - name: 'Rest Org #2', - ) - @organization3 = Organization.create!( - name: 'Rest Org #3', - ) - @organization4 = Organization.create!( - name: 'Tes.t. Org', - ) - @organization5 = Organization.create!( - name: 'ABC_D Org', - ) - - # create customer with org - @customer_with_org2 = User.create!( - login: 'search-customer2@example.com', - firstname: 'Search', - lastname: 'Customer2', - email: 'search-customer2@example.com', - password: 'customer2pw', - active: true, - roles: roles, - organization_id: @organization.id, - ) - - @customer_with_org3 = User.create!( - login: 'search-customer3@example.com', - firstname: 'Search', - lastname: 'Customer3', - email: 'search-customer3@example.com', - password: 'customer3pw', - active: true, - roles: roles, - organization_id: @organization.id, - ) - - @ticket1 = Ticket.create!( - title: 'test 1234-1', - group: Group.lookup(name: 'Users'), - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'new'), - priority: Ticket::Priority.lookup(name: '2 normal'), - ) - @article1 = Ticket::Article.create!( - ticket_id: @ticket1.id, - from: 'some_sender1@example.com', - to: 'some_recipient1@example.com', - subject: 'some subject1', - message_id: 'some@id', - body: 'some message1', - internal: false, - sender: Ticket::Article::Sender.where(name: 'Customer').first, - type: Ticket::Article::Type.where(name: 'email').first, - ) - travel 1.second - @ticket2 = Ticket.create!( - title: 'test 1234-2', - group: Group.lookup(name: 'Users'), - customer_id: @customer_with_org2.id, - state: Ticket::State.lookup(name: 'new'), - priority: Ticket::Priority.lookup(name: '2 normal'), - ) - @article2 = Ticket::Article.create!( - ticket_id: @ticket2.id, - from: 'some_sender2@example.com', - to: 'some_recipient2@example.com', - subject: 'some subject2', - message_id: 'some@id', - body: 'some message2', - internal: false, - sender: Ticket::Article::Sender.where(name: 'Customer').first, - type: Ticket::Article::Type.where(name: 'email').first, - ) - travel 1.second - @ticket3 = Ticket.create!( - title: 'test 1234-2', - group: Group.lookup(name: 'Users'), - customer_id: @customer_with_org3.id, - state: Ticket::State.lookup(name: 'new'), - priority: Ticket::Priority.lookup(name: '2 normal'), - ) - @article3 = Ticket::Article.create!( - ticket_id: @ticket3.id, - from: 'some_sender3@example.com', - to: 'some_recipient3@example.com', - subject: 'some subject3', - message_id: 'some@id', - body: 'some message3', - internal: false, - sender: Ticket::Article::Sender.where(name: 'Customer').first, - type: Ticket::Article::Type.where(name: 'email').first, - ) - - configure_elasticsearch do - - travel 1.minute - - rebuild_searchindex - - # execute background jobs - Scheduler.worker(true) - - sleep 6 - end - end - - test 'settings index with nobody' do - params = { - query: 'test 1234', - limit: 2, - } - - post '/api/v1/search/ticket', params: params.to_json, headers: @headers - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_not(result.blank?) - assert_equal('authentication failed', result['error']) - - post '/api/v1/search/user', params: params.to_json, headers: @headers - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_not(result.blank?) - assert_equal('authentication failed', result['error']) - - post '/api/v1/search', params: params.to_json, headers: @headers - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_not(result.blank?) - assert_equal('authentication failed', result['error']) - end - - test 'settings index with admin' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-admin@example.com', 'adminpw') - - params = { - query: '1234*', - limit: 1, - } - post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result) - assert_equal('Ticket', result['result'][0]['type']) - assert_equal(@ticket3.id, result['result'][0]['id']) - assert_equal('User', result['result'][1]['type']) - assert_equal(@agent.id, result['result'][1]['id']) - assert_not(result['result'][2]) - - params = { - query: '1234*', - limit: 10, - } - - post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result) - assert_equal('Ticket', result['result'][0]['type']) - assert_equal(@ticket3.id, result['result'][0]['id']) - assert_equal('Ticket', result['result'][1]['type']) - assert_equal(@ticket2.id, result['result'][1]['id']) - assert_equal('Ticket', result['result'][2]['type']) - assert_equal(@ticket1.id, result['result'][2]['id']) - assert_equal('User', result['result'][3]['type']) - assert_equal(@agent.id, result['result'][3]['id']) - assert_not(result['result'][4]) - - params = { - query: '1234*', - limit: 10, - } - - post '/api/v1/search/ticket', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result) - assert_equal('Ticket', result['result'][0]['type']) - assert_equal(@ticket3.id, result['result'][0]['id']) - assert_equal('Ticket', result['result'][1]['type']) - assert_equal(@ticket2.id, result['result'][1]['id']) - assert_equal('Ticket', result['result'][2]['type']) - assert_equal(@ticket1.id, result['result'][2]['id']) - assert_not(result['result'][3]) - - params = { - query: '1234*', - limit: 10, - } - - post '/api/v1/search/user', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('User', result['result'][0]['type']) - assert_equal(@agent.id, result['result'][0]['id']) - assert_not(result['result'][1]) - end - - test 'settings index with agent' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-agent@example.com', 'agentpw') - - params = { - query: '1234*', - limit: 1, - } - - post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result) - assert_equal('Ticket', result['result'][0]['type']) - assert_equal(@ticket3.id, result['result'][0]['id']) - assert_equal('User', result['result'][1]['type']) - assert_equal(@agent.id, result['result'][1]['id']) - assert_not(result['result'][2]) - - params = { - query: '1234*', - limit: 10, - } - - post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result) - assert_equal('Ticket', result['result'][0]['type']) - assert_equal(@ticket3.id, result['result'][0]['id']) - assert_equal('Ticket', result['result'][1]['type']) - assert_equal(@ticket2.id, result['result'][1]['id']) - assert_equal('Ticket', result['result'][2]['type']) - assert_equal(@ticket1.id, result['result'][2]['id']) - assert_equal('User', result['result'][3]['type']) - assert_equal(@agent.id, result['result'][3]['id']) - assert_not(result['result'][4]) - - params = { - query: '1234*', - limit: 10, - } - - post '/api/v1/search/ticket', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result) - assert_equal('Ticket', result['result'][0]['type']) - assert_equal(@ticket3.id, result['result'][0]['id']) - assert_equal('Ticket', result['result'][1]['type']) - assert_equal(@ticket2.id, result['result'][1]['id']) - assert_equal('Ticket', result['result'][2]['type']) - assert_equal(@ticket1.id, result['result'][2]['id']) - assert_not(result['result'][3]) - - params = { - query: '1234*', - limit: 10, - } - - post '/api/v1/search/user', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('User', result['result'][0]['type']) - assert_equal(@agent.id, result['result'][0]['id']) - assert_not(result['result'][1]) - end - - test 'settings index with customer 1' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-customer1@example.com', 'customer1pw') - - params = { - query: '1234*', - limit: 10, - } - - post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result) - assert_equal('Ticket', result['result'][0]['type']) - assert_equal(@ticket1.id, result['result'][0]['id']) - assert_not(result['result'][1]) - - params = { - query: '1234*', - limit: 10, - } - - post '/api/v1/search/ticket', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result) - assert_equal('Ticket', result['result'][0]['type']) - assert_equal(@ticket1.id, result['result'][0]['id']) - assert_not(result['result'][1]) - - params = { - query: '1234*', - limit: 10, - } - - post '/api/v1/search/user', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_not(result['result'][0]) - end - - test 'settings index with customer 2' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-customer2@example.com', 'customer2pw') - - params = { - query: '1234*', - limit: 10, - } - - post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result) - assert_equal('Ticket', result['result'][0]['type']) - assert_equal(@ticket3.id, result['result'][0]['id']) - assert_equal('Ticket', result['result'][1]['type']) - assert_equal(@ticket2.id, result['result'][1]['id']) - assert_not(result['result'][2]) - - params = { - query: '1234*', - limit: 10, - } - - post '/api/v1/search/ticket', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result) - assert_equal('Ticket', result['result'][0]['type']) - assert_equal(@ticket3.id, result['result'][0]['id']) - assert_equal('Ticket', result['result'][1]['type']) - assert_equal(@ticket2.id, result['result'][1]['id']) - assert_not(result['result'][2]) - - params = { - query: '1234*', - limit: 10, - } - - post '/api/v1/search/user', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_not(result['result'][0]) - end - - # Verify fix for Github issue #2058 - Autocomplete hangs on dot in the new user form - test 'searching for organization with a dot in its name' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-agent@example.com', 'agentpw') - - get '/api/v1/search/organization?query=tes.', headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(1, result['result'].size) - assert_equal('Organization', result['result'][0]['type']) - target_id = result['result'][0]['id'] - assert_equal('Tes.t. Org', result['assets']['Organization'][target_id.to_s]['name']) - end - - # Search query H& should correctly match H&M - test 'searching for organization with _ in its name' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-agent@example.com', 'agentpw') - - get '/api/v1/search/organization?query=abc_', headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(1, result['result'].size) - assert_equal('Organization', result['result'][0]['type']) - target_id = result['result'][0]['id'] - assert_equal('ABC_D Org', result['assets']['Organization'][target_id.to_s]['name']) - end -end diff --git a/test/controllers/settings_controller_test.rb b/test/controllers/settings_controller_test.rb deleted file mode 100644 index bf8a570f4..000000000 --- a/test/controllers/settings_controller_test.rb +++ /dev/null @@ -1,302 +0,0 @@ - -require 'test_helper' - -class SettingsControllerTest < ActionDispatch::IntegrationTest - setup do - - # set accept header - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - - # create agent - roles = Role.where(name: %w[Admin Agent]) - groups = Group.all - - UserInfo.current_user_id = 1 - @admin_full = User.create!( - login: 'setting-admin', - firstname: 'Setting', - lastname: 'Admin', - email: 'setting-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - role_api = Role.create!( - name: 'AdminApi', - note: 'To configure your api.', - preferences: { - not: ['Customer'], - }, - default_at_signup: false, - updated_by_id: 1, - created_by_id: 1 - ) - role_api.permission_grant('admin.api') - @admin_api = User.create!( - login: 'setting-admin-api', - firstname: 'Setting', - lastname: 'Admin Api', - email: 'setting-admin-api@example.com', - password: 'adminpw', - active: true, - roles: [role_api], - groups: groups, - ) - - # create agent - roles = Role.where(name: 'Agent') - @agent = User.create!( - login: 'setting-agent@example.com', - firstname: 'Setting', - lastname: 'Agent', - email: 'setting-agent@example.com', - password: 'agentpw', - active: true, - roles: roles, - groups: groups, - ) - - # create customer without org - roles = Role.where(name: 'Customer') - @customer_without_org = User.create!( - login: 'setting-customer1@example.com', - firstname: 'Setting', - lastname: 'Customer1', - email: 'setting-customer1@example.com', - password: 'customer1pw', - active: true, - roles: roles, - ) - - end - - test 'settings index with nobody' do - - # index - get '/api/v1/settings', params: {}, headers: @headers - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_not(result['settings']) - - # show - setting = Setting.find_by(name: 'product_name') - get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('authentication failed', result['error']) - end - - test 'settings index with admin' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('setting-admin@example.com', 'adminpw') - - # index - get '/api/v1/settings', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert(result) - hit_api = false - hit_product_name = false - result.each do |setting| - if setting['name'] == 'api_token_access' - hit_api = true - end - if setting['name'] == 'product_name' - hit_product_name = true - end - end - assert_equal(true, hit_api) - assert_equal(true, hit_product_name) - - # show - setting = Setting.find_by(name: 'product_name') - get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('product_name', result['name']) - - setting = Setting.find_by(name: 'api_token_access') - get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('api_token_access', result['name']) - - # update - setting = Setting.find_by(name: 'product_name') - params = { - id: setting.id, - name: 'some_new_name', - preferences: { - permission: ['admin.branding', 'admin.some_new_permission'], - some_new_key: true, - } - } - put "/api/v1/settings/#{setting.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('product_name', result['name']) - assert_equal(1, result['preferences']['permission'].length) - assert_equal('admin.branding', result['preferences']['permission'][0]) - assert_equal(true, result['preferences']['some_new_key']) - - # update - setting = Setting.find_by(name: 'api_token_access') - params = { - id: setting.id, - name: 'some_new_name', - preferences: { - permission: ['admin.branding', 'admin.some_new_permission'], - some_new_key: true, - } - } - put "/api/v1/settings/#{setting.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('api_token_access', result['name']) - assert_equal(1, result['preferences']['permission'].length) - assert_equal('admin.api', result['preferences']['permission'][0]) - assert_equal(true, result['preferences']['some_new_key']) - - # delete - setting = Setting.find_by(name: 'product_name') - delete "/api/v1/settings/#{setting.id}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('Not authorized (feature not possible)', result['error']) - end - - test 'settings index with admin-api' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('setting-admin-api@example.com', 'adminpw') - - # index - get '/api/v1/settings', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert(result) - hit_api = false - hit_product_name = false - result.each do |setting| - if setting['name'] == 'api_token_access' - hit_api = true - end - if setting['name'] == 'product_name' - hit_product_name = true - end - end - assert_equal(true, hit_api) - assert_equal(false, hit_product_name) - - # show - setting = Setting.find_by(name: 'product_name') - get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('Not authorized (required ["admin.branding"])', result['error']) - - setting = Setting.find_by(name: 'api_token_access') - get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('api_token_access', result['name']) - - # update - setting = Setting.find_by(name: 'product_name') - params = { - id: setting.id, - name: 'some_new_name', - preferences: { - permission: ['admin.branding', 'admin.some_new_permission'], - some_new_key: true, - } - } - put "/api/v1/settings/#{setting.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('Not authorized (required ["admin.branding"])', result['error']) - - # update - setting = Setting.find_by(name: 'api_token_access') - params = { - id: setting.id, - name: 'some_new_name', - preferences: { - permission: ['admin.branding', 'admin.some_new_permission'], - some_new_key: true, - } - } - put "/api/v1/settings/#{setting.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('api_token_access', result['name']) - assert_equal(1, result['preferences']['permission'].length) - assert_equal('admin.api', result['preferences']['permission'][0]) - assert_equal(true, result['preferences']['some_new_key']) - - # delete - setting = Setting.find_by(name: 'product_name') - delete "/api/v1/settings/#{setting.id}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('Not authorized (feature not possible)', result['error']) - end - - test 'settings index with agent' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('setting-agent@example.com', 'agentpw') - - # index - get '/api/v1/settings', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_not(result['settings']) - assert_equal('Not authorized (user)!', result['error']) - - # show - setting = Setting.find_by(name: 'product_name') - get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('Not authorized (user)!', result['error']) - end - - test 'settings index with customer' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('setting-customer1@example.com', 'customer1pw') - - # index - get '/api/v1/settings', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_not(result['settings']) - assert_equal('Not authorized (user)!', result['error']) - - # show - setting = Setting.find_by(name: 'product_name') - get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('Not authorized (user)!', result['error']) - - # delete - setting = Setting.find_by(name: 'product_name') - delete "/api/v1/settings/#{setting.id}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('Not authorized (user)!', result['error']) - end - -end diff --git a/test/controllers/sla_controller_test.rb b/test/controllers/sla_controller_test.rb deleted file mode 100644 index e8b8a932b..000000000 --- a/test/controllers/sla_controller_test.rb +++ /dev/null @@ -1,70 +0,0 @@ - -require 'test_helper' - -class SlaControllerTest < ActionDispatch::IntegrationTest - setup do - - # set accept header - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - - # create agent - roles = Role.where(name: %w[Admin Agent]) - groups = Group.all - - UserInfo.current_user_id = 1 - @admin = User.create!( - login: 'sla-admin', - firstname: 'Packages', - lastname: 'Admin', - email: 'sla-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - end - - test '01 sla index with nobody' do - - get '/api/v1/slas', params: {}, headers: @headers - assert_response(401) - - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('authentication failed', result['error']) - - end - - test '02 sla index with admin' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('sla-admin@example.com', 'adminpw') - - get '/api/v1/slas', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert(result) - assert_equal(0, result.count) - - get '/api/v1/slas?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert(result) - assert_equal(0, result.count) - - get '/api/v1/slas?full=true', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result) - assert(result['record_ids']) - assert(result['record_ids'].blank?) - assert(result['assets']) - assert(result['assets']['Calendar'].present?) - assert(result['assets'].present?) - - end - -end diff --git a/test/controllers/slas_controller_test.rb b/test/controllers/slas_controller_test.rb deleted file mode 100644 index 591e85a3c..000000000 --- a/test/controllers/slas_controller_test.rb +++ /dev/null @@ -1,70 +0,0 @@ - -require 'test_helper' - -class SlasControllerTest < ActionDispatch::IntegrationTest - setup do - - # set accept header - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - - # create agent - roles = Role.where(name: %w[Admin Agent]) - groups = Group.all - - UserInfo.current_user_id = 1 - @admin = User.create!( - login: 'sla-admin', - firstname: 'Packages', - lastname: 'Admin', - email: 'sla-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - end - - test '01 sla index with nobody' do - - get '/api/v1/slas', params: {}, headers: @headers - assert_response(401) - - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('authentication failed', result['error']) - - end - - test '02 sla index with admin' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('sla-admin@example.com', 'adminpw') - - get '/api/v1/slas', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert(result) - assert_equal(0, result.count) - - get '/api/v1/slas?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert(result) - assert_equal(0, result.count) - - get '/api/v1/slas?full=true', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result) - assert(result['record_ids']) - assert(result['record_ids'].blank?) - assert(result['assets']) - assert(result['assets']['Calendar'].present?) - assert(result['assets'].present?) - - end - -end diff --git a/test/controllers/taskbars_controller_test.rb b/test/controllers/taskbars_controller_test.rb deleted file mode 100644 index b37c52ff5..000000000 --- a/test/controllers/taskbars_controller_test.rb +++ /dev/null @@ -1,112 +0,0 @@ - -require 'test_helper' - -class TaskbarsControllerTest < ActionDispatch::IntegrationTest - setup do - - # set accept header - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - UserInfo.current_user_id = 1 - - # create agent - roles = Role.where(name: 'Agent') - groups = Group.all - - @agent = User.create!( - login: 'taskbar-agent@example.com', - firstname: 'Taskbar', - lastname: 'Agent', - email: 'taskbar-agent@example.com', - password: 'agentpw', - active: true, - roles: roles, - groups: groups, - ) - - # create customer without org - roles = Role.where(name: 'Customer') - @customer_without_org = User.create!( - login: 'taskbar-customer1@example.com', - firstname: 'Taskbar', - lastname: 'Customer1', - email: 'taskbar-customer1@example.com', - password: 'customer1pw', - active: true, - roles: roles, - ) - - end - - test 'task ownership' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('taskbar-agent@example.com', 'agentpw') - params = { - user_id: @customer_without_org.id, - client_id: '123', - key: 'Ticket-5', - callback: 'TicketZoom', - state: { - ticket: { - owner_id: @agent.id, - }, - article: {}, - }, - params: { - ticket_id: 5, - shown: true, - }, - prio: 3, - notify: false, - active: false, - } - - post '/api/v1/taskbar', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('123', result['client_id']) - assert_equal(@agent.id, result['user_id']) - assert_equal(5, result['params']['ticket_id']) - assert_equal(true, result['params']['shown']) - - taskbar_id = result['id'] - params[:user_id] = @customer_without_org.id - params[:params] = { - ticket_id: 5, - shown: false, - } - put "/api/v1/taskbar/#{taskbar_id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('123', result['client_id']) - assert_equal(@agent.id, result['user_id']) - assert_equal(5, result['params']['ticket_id']) - assert_equal(false, result['params']['shown']) - - # try to access with other user - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('taskbar-customer1@example.com', 'customer1pw') - params = { - active: true, - } - put "/api/v1/taskbar/#{taskbar_id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Not allowed to access this task.', result['error']) - - delete "/api/v1/taskbar/#{taskbar_id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Not allowed to access this task.', result['error']) - - # delete with correct user - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('taskbar-agent@example.com', 'agentpw') - delete "/api/v1/taskbar/#{taskbar_id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result.blank?) - end - -end diff --git a/test/controllers/text_module_controller_test.rb b/test/controllers/text_module_controller_test.rb deleted file mode 100644 index 4dc6ab2b3..000000000 --- a/test/controllers/text_module_controller_test.rb +++ /dev/null @@ -1,160 +0,0 @@ - -require 'test_helper' -require 'rake' - -class TextModuleControllerTest < ActionDispatch::IntegrationTest - setup do - - # set accept header - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - - # create agent - roles = Role.where(name: %w[Admin Agent]) - groups = Group.all - - UserInfo.current_user_id = 1 - - @admin = User.create!( - login: 'rest-admin', - firstname: 'Rest', - lastname: 'Agent', - email: 'rest-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - # create agent - roles = Role.where(name: 'Agent') - @agent = User.create!( - login: 'rest-agent@example.com', - firstname: 'Rest', - lastname: 'Agent', - email: 'rest-agent@example.com', - password: 'agentpw', - active: true, - roles: roles, - groups: groups, - ) - - # create customer without org - roles = Role.where(name: 'Customer') - @customer_without_org = User.create!( - login: 'rest-customer1@example.com', - firstname: 'Rest', - lastname: 'Customer1', - email: 'rest-customer1@example.com', - password: 'customer1pw', - active: true, - roles: roles, - ) - - # create customer - @customer_with_org = User.create!( - login: 'rest-customer2@example.com', - firstname: 'Rest', - lastname: 'Customer2', - email: 'rest-customer2@example.com', - password: 'customer2pw', - active: true, - roles: roles, - ) - - UserInfo.current_user_id = nil - end - - test '05.01 csv example - customer no access' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw') - - get '/api/v1/text_modules/import_example', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('Not authorized (user)!', result['error']) - end - - test '05.02 csv example - admin access' do - TextModule.load('en-en') - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - get '/api/v1/text_modules/import_example', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - rows = CSV.parse(@response.body) - header = rows.shift - - assert_equal('id', header[0]) - assert_equal('name', header[1]) - assert_equal('keywords', header[2]) - assert_equal('content', header[3]) - assert_equal('note', header[4]) - assert_equal('active', header[5]) - assert_not(header.include?('organization')) - assert_not(header.include?('priority')) - assert_not(header.include?('state')) - assert_not(header.include?('owner')) - assert_not(header.include?('customer')) - end - - test '05.03 csv import - admin access' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - # invalid file - csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple_col_not_existing.csv') - csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') - post '/api/v1/text_modules/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials } - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert_equal(true, result['try']) - assert_equal(2, result['records'].count) - assert_equal('failed', result['result']) - assert_equal(2, result['errors'].count) - assert_equal("Line 1: unknown attribute 'keywords2' for TextModule.", result['errors'][0]) - assert_equal("Line 2: unknown attribute 'keywords2' for TextModule.", result['errors'][1]) - - # valid file try - csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple.csv') - csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') - post '/api/v1/text_modules/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials } - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert_equal(true, result['try']) - assert_equal(2, result['records'].count) - assert_equal('success', result['result']) - - assert_nil(TextModule.find_by(name: 'some name1')) - assert_nil(TextModule.find_by(name: 'some name2')) - - # valid file - csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple.csv') - csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') - post '/api/v1/text_modules/import', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials } - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert_equal(false, result['try']) - assert_equal(2, result['records'].count) - assert_equal('success', result['result']) - - text_module1 = TextModule.find_by(name: 'some name1') - assert(text_module1) - assert_equal(text_module1.name, 'some name1') - assert_equal(text_module1.keywords, 'keyword1') - assert_equal(text_module1.content, 'some
content1') - assert_equal(text_module1.active, true) - text_module2 = TextModule.find_by(name: 'some name2') - assert(text_module2) - assert_equal(text_module2.name, 'some name2') - assert_equal(text_module2.keywords, 'keyword2') - assert_equal(text_module2.content, 'some content
test123') - assert_equal(text_module2.active, true) - - end - -end diff --git a/test/controllers/text_modules_controller_test.rb b/test/controllers/text_modules_controller_test.rb deleted file mode 100644 index 429eea41f..000000000 --- a/test/controllers/text_modules_controller_test.rb +++ /dev/null @@ -1,160 +0,0 @@ - -require 'test_helper' -require 'rake' - -class TextModulesControllerTest < ActionDispatch::IntegrationTest - setup do - - # set accept header - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - - # create agent - roles = Role.where(name: %w[Admin Agent]) - groups = Group.all - - UserInfo.current_user_id = 1 - - @admin = User.create!( - login: 'rest-admin', - firstname: 'Rest', - lastname: 'Agent', - email: 'rest-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - # create agent - roles = Role.where(name: 'Agent') - @agent = User.create!( - login: 'rest-agent@example.com', - firstname: 'Rest', - lastname: 'Agent', - email: 'rest-agent@example.com', - password: 'agentpw', - active: true, - roles: roles, - groups: groups, - ) - - # create customer without org - roles = Role.where(name: 'Customer') - @customer_without_org = User.create!( - login: 'rest-customer1@example.com', - firstname: 'Rest', - lastname: 'Customer1', - email: 'rest-customer1@example.com', - password: 'customer1pw', - active: true, - roles: roles, - ) - - # create customer - @customer_with_org = User.create!( - login: 'rest-customer2@example.com', - firstname: 'Rest', - lastname: 'Customer2', - email: 'rest-customer2@example.com', - password: 'customer2pw', - active: true, - roles: roles, - ) - - UserInfo.current_user_id = nil - end - - test '05.01 csv example - customer no access' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw') - - get '/api/v1/text_modules/import_example', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('Not authorized (user)!', result['error']) - end - - test '05.02 csv example - admin access' do - TextModule.load('en-en') - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - get '/api/v1/text_modules/import_example', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - rows = CSV.parse(@response.body) - header = rows.shift - - assert_equal('id', header[0]) - assert_equal('name', header[1]) - assert_equal('keywords', header[2]) - assert_equal('content', header[3]) - assert_equal('note', header[4]) - assert_equal('active', header[5]) - assert_not(header.include?('organization')) - assert_not(header.include?('priority')) - assert_not(header.include?('state')) - assert_not(header.include?('owner')) - assert_not(header.include?('customer')) - end - - test '05.03 csv import - admin access' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - # invalid file - csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple_col_not_existing.csv') - csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') - post '/api/v1/text_modules/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials } - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert_equal(true, result['try']) - assert_equal(2, result['records'].count) - assert_equal('failed', result['result']) - assert_equal(2, result['errors'].count) - assert_equal("Line 1: unknown attribute 'keywords2' for TextModule.", result['errors'][0]) - assert_equal("Line 2: unknown attribute 'keywords2' for TextModule.", result['errors'][1]) - - # valid file try - csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple.csv') - csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') - post '/api/v1/text_modules/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials } - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert_equal(true, result['try']) - assert_equal(2, result['records'].count) - assert_equal('success', result['result']) - - assert_nil(TextModule.find_by(name: 'some name1')) - assert_nil(TextModule.find_by(name: 'some name2')) - - # valid file - csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple.csv') - csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') - post '/api/v1/text_modules/import', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials } - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert_equal(false, result['try']) - assert_equal(2, result['records'].count) - assert_equal('success', result['result']) - - text_module1 = TextModule.find_by(name: 'some name1') - assert(text_module1) - assert_equal(text_module1.name, 'some name1') - assert_equal(text_module1.keywords, 'keyword1') - assert_equal(text_module1.content, 'some
content1') - assert_equal(text_module1.active, true) - text_module2 = TextModule.find_by(name: 'some name2') - assert(text_module2) - assert_equal(text_module2.name, 'some name2') - assert_equal(text_module2.keywords, 'keyword2') - assert_equal(text_module2.content, 'some content
test123') - assert_equal(text_module2.active, true) - - end - -end diff --git a/test/controllers/ticket_article_attachments_controller_test.rb b/test/controllers/ticket_article_attachments_controller_test.rb deleted file mode 100644 index 2b55969b0..000000000 --- a/test/controllers/ticket_article_attachments_controller_test.rb +++ /dev/null @@ -1,200 +0,0 @@ - -require 'test_helper' - -class TicketArticleAttachmentsControllerTest < ActionDispatch::IntegrationTest - setup do - - # create agent - roles = Role.where(name: %w[Admin Agent]) - groups = Group.all - - UserInfo.current_user_id = 1 - @admin = User.create!( - login: 'tickets-admin', - firstname: 'Tickets', - lastname: 'Admin', - email: 'tickets-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - # create agent - roles = Role.where(name: 'Agent') - @agent = User.create!( - login: 'tickets-agent@example.com', - firstname: 'Tickets', - lastname: 'Agent', - email: 'tickets-agent@example.com', - password: 'agentpw', - active: true, - roles: roles, - groups: groups, - ) - - # create customer without org - roles = Role.where(name: 'Customer') - @customer_without_org = User.create!( - login: 'tickets-customer1@example.com', - firstname: 'Tickets', - lastname: 'Customer1', - email: 'tickets-customer1@example.com', - password: 'customer1pw', - active: true, - roles: roles, - ) - - end - - test '01.01 test attachment urls' do - ticket1 = Ticket.create( - title: 'attachment test 1', - group: Group.lookup(name: 'Users'), - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'new'), - priority: Ticket::Priority.lookup(name: '2 normal'), - updated_by_id: 1, - created_by_id: 1, - ) - article1 = Ticket::Article.create( - ticket_id: ticket1.id, - from: 'some_customer_com-1@example.com', - to: 'some_zammad_com-1@example.com', - subject: 'attachment test 1-1', - message_id: 'some@id_com_1', - body: 'some message 123', - internal: false, - sender: Ticket::Article::Sender.find_by(name: 'Customer'), - type: Ticket::Article::Type.find_by(name: 'email'), - updated_by_id: 1, - created_by_id: 1, - ) - store1 = Store.add( - object: 'Ticket::Article', - o_id: article1.id, - data: 'some content', - filename: 'some_file.txt', - preferences: { - 'Content-Type' => 'text/plain', - }, - created_by_id: 1, - ) - article2 = Ticket::Article.create( - ticket_id: ticket1.id, - from: 'some_customer_com-1@example.com', - to: 'some_zammad_com-1@example.com', - subject: 'attachment test 1-2', - message_id: 'some@id_com_1', - body: 'some message 123', - internal: false, - sender: Ticket::Article::Sender.find_by(name: 'Customer'), - type: Ticket::Article::Type.find_by(name: 'email'), - updated_by_id: 1, - created_by_id: 1, - ) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store1.id}", params: {}, headers: { 'Authorization' => credentials } - assert_response(200) - assert_equal('some content', @response.body) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - get "/api/v1/ticket_attachment/#{ticket1.id}/#{article2.id}/#{store1.id}", params: {}, headers: { 'Authorization' => credentials } - assert_response(401) - assert_match(/401: Unauthorized/, @response.body) - - ticket2 = Ticket.create( - title: 'attachment test 2', - group: Group.lookup(name: 'Users'), - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'new'), - priority: Ticket::Priority.lookup(name: '2 normal'), - updated_by_id: 1, - created_by_id: 1, - ) - ticket1.merge_to( - ticket_id: ticket2.id, - user_id: 1, - ) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - get "/api/v1/ticket_attachment/#{ticket2.id}/#{article1.id}/#{store1.id}", params: {}, headers: { 'Authorization' => credentials } - assert_response(200) - assert_equal('some content', @response.body) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - get "/api/v1/ticket_attachment/#{ticket2.id}/#{article2.id}/#{store1.id}", params: {}, headers: { 'Authorization' => credentials } - assert_response(401) - assert_match(/401: Unauthorized/, @response.body) - - # allow access via merged ticket id also - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store1.id}", params: {}, headers: { 'Authorization' => credentials } - assert_response(200) - assert_equal('some content', @response.body) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - get "/api/v1/ticket_attachment/#{ticket1.id}/#{article2.id}/#{store1.id}", params: {}, headers: { 'Authorization' => credentials } - assert_response(401) - assert_match(/401: Unauthorized/, @response.body) - - end - - test '01.02 test attachments for split' do - headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - - email_file_path = Rails.root.join('test', 'data', 'mail', 'mail024.box') - email_raw_string = File.read(email_file_path) - ticket_p, article_p, user_p = Channel::EmailParser.new.process({}, email_raw_string) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - get '/api/v1/ticket_split', params: { form_id: '1234-2', ticket_id: ticket_p.id, article_id: article_p.id }, headers: headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result['assets']) - assert_equal(result['attachments'].class, Array) - assert_equal(result['attachments'].count, 1) - assert_equal(result['attachments'][0]['filename'], 'rulesets-report.csv') - - end - - test '01.03 test attachments for forward' do - headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - - email_file_path = Rails.root.join('test', 'data', 'mail', 'mail008.box') - email_raw_string = File.read(email_file_path) - ticket_p, article_p, user_p = Channel::EmailParser.new.process({}, email_raw_string) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: {}, headers: headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert(result['error'], 'Need form_id to attach attachments to new form') - - post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-1' }.to_json, headers: headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result['attachments'].class, Array) - assert(result['attachments'].blank?) - - email_file_path = Rails.root.join('test', 'data', 'mail', 'mail024.box') - email_raw_string = File.read(email_file_path) - ticket_p, article_p, user_p = Channel::EmailParser.new.process({}, email_raw_string) - - post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-2' }.to_json, headers: headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result['attachments'].class, Array) - assert_equal(result['attachments'].count, 1) - assert_equal(result['attachments'][0]['filename'], 'rulesets-report.csv') - - post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-2' }.to_json, headers: headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result['attachments'].class, Array) - assert(result['attachments'].blank?) - end - -end diff --git a/test/controllers/ticket_articles_controller_test.rb b/test/controllers/ticket_articles_controller_test.rb deleted file mode 100644 index 62b5ba792..000000000 --- a/test/controllers/ticket_articles_controller_test.rb +++ /dev/null @@ -1,559 +0,0 @@ - -require 'test_helper' - -class TicketArticlesControllerTest < ActionDispatch::IntegrationTest - setup do - - # set accept header - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - - # create agent - roles = Role.where(name: %w[Admin Agent]) - groups = Group.all - - UserInfo.current_user_id = 1 - @admin = User.create!( - login: 'tickets-admin', - firstname: 'Tickets', - lastname: 'Admin', - email: 'tickets-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - # create agent - roles = Role.where(name: 'Agent') - @agent = User.create!( - login: 'tickets-agent@example.com', - firstname: 'Tickets', - lastname: 'Agent', - email: 'tickets-agent@example.com', - password: 'agentpw', - active: true, - roles: roles, - groups: groups, - ) - - # create customer without org - roles = Role.where(name: 'Customer') - @customer_without_org = User.create!( - login: 'tickets-customer1@example.com', - firstname: 'Tickets', - lastname: 'Customer1', - email: 'tickets-customer1@example.com', - password: 'customer1pw', - active: true, - roles: roles, - ) - - end - - test '01.01 ticket create with agent and articles' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - - params = { - title: 'a new ticket #1', - group: 'Users', - customer_id: @customer_without_org.id, - article: { - body: 'some body', - } - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - - params = { - ticket_id: result['id'], - content_type: 'text/plain', # or text/html - body: 'some body', - type: 'note', - } - post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_nil(result['subject']) - assert_equal('some body', result['body']) - assert_equal('text/plain', result['content_type']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - - ticket = Ticket.find(result['ticket_id']) - assert_equal(2, ticket.articles.count) - assert_equal(0, ticket.articles[0].attachments.count) - assert_equal(0, ticket.articles[1].attachments.count) - - params = { - ticket_id: result['ticket_id'], - content_type: 'text/html', # or text/html - body: 'some body Red dot', - type: 'note', - } - post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_nil(result['subject']) - assert_no_match(/some body Red dot 'some_file.txt', - 'data' => 'dGVzdCAxMjM=', - 'mime-type' => 'text/plain', - ], - } - post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_nil(result['subject']) - assert_equal('some body', result['body']) - assert_equal('text/html', result['content_type']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - - assert_equal(4, ticket.articles.count) - assert_equal(0, ticket.articles[0].attachments.count) - assert_equal(0, ticket.articles[1].attachments.count) - assert_equal(1, ticket.articles[2].attachments.count) - assert_equal(1, ticket.articles[3].attachments.count) - - get "/api/v1/ticket_articles/#{result['id']}?expand=true", params: {}.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(1, result['attachments'].count) - assert(result['attachments'][0]['id']) - assert_equal('some_file.txt', result['attachments'][0]['filename']) - assert_equal('8', result['attachments'][0]['size']) - assert_equal('text/plain', result['attachments'][0]['preferences']['Mime-Type']) - - params = { - ticket_id: result['ticket_id'], - content_type: 'text/plain', - body: 'some body', - type: 'note', - preferences: { - some_key1: 123, - }, - } - post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_nil(result['subject']) - assert_equal('some body', result['body']) - assert_equal('text/plain', result['content_type']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - assert_equal(123, result['preferences']['some_key1']) - assert_equal(5, ticket.articles.count) - - params = { - body: 'some body 2', - preferences: { - some_key2: 'abc', - }, - } - put "/api/v1/ticket_articles/#{result['id']}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_nil(result['subject']) - assert_equal('some body 2', result['body']) - assert_equal('text/plain', result['content_type']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - assert_equal(123, result['preferences']['some_key1']) - assert_equal('abc', result['preferences']['some_key2']) - - end - - test '02.01 ticket create with customer and articles' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw') - - params = { - title: 'a new ticket #2', - group: 'Users', - article: { - body: 'some body', - } - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - - params = { - ticket_id: result['id'], - content_type: 'text/plain', # or text/html - body: 'some body', - type: 'note', - } - post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_nil(result['subject']) - assert_equal('some body', result['body']) - assert_equal('text/plain', result['content_type']) - assert_equal(@customer_without_org.id, result['updated_by_id']) - assert_equal(@customer_without_org.id, result['created_by_id']) - - ticket = Ticket.find(result['ticket_id']) - assert_equal(2, ticket.articles.count) - assert_equal('Customer', ticket.articles[1].sender.name) - assert_equal(0, ticket.articles[0].attachments.count) - assert_equal(0, ticket.articles[1].attachments.count) - - params = { - ticket_id: result['ticket_id'], - content_type: 'text/plain', # or text/html - body: 'some body', - sender: 'Agent', - type: 'note', - } - post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_nil(result['subject']) - assert_equal('some body', result['body']) - assert_equal('text/plain', result['content_type']) - assert_equal(@customer_without_org.id, result['updated_by_id']) - assert_equal(@customer_without_org.id, result['created_by_id']) - - ticket = Ticket.find(result['ticket_id']) - assert_equal(3, ticket.articles.count) - assert_equal('Customer', ticket.articles[2].sender.name) - assert_equal(false, ticket.articles[2].internal) - assert_equal(0, ticket.articles[0].attachments.count) - assert_equal(0, ticket.articles[1].attachments.count) - assert_equal(0, ticket.articles[2].attachments.count) - - params = { - ticket_id: result['ticket_id'], - content_type: 'text/plain', # or text/html - body: 'some body 2', - sender: 'Agent', - type: 'note', - internal: true, - } - post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_nil(result['subject']) - assert_equal('some body 2', result['body']) - assert_equal('text/plain', result['content_type']) - assert_equal(@customer_without_org.id, result['updated_by_id']) - assert_equal(@customer_without_org.id, result['created_by_id']) - - ticket = Ticket.find(result['ticket_id']) - assert_equal(4, ticket.articles.count) - assert_equal('Customer', ticket.articles[3].sender.name) - assert_equal(false, ticket.articles[3].internal) - assert_equal(0, ticket.articles[0].attachments.count) - assert_equal(0, ticket.articles[1].attachments.count) - assert_equal(0, ticket.articles[2].attachments.count) - assert_equal(0, ticket.articles[3].attachments.count) - - # add internal article - article = Ticket::Article.create!( - ticket_id: ticket.id, - from: 'some_sender@example.com', - to: 'some_recipient@example.com', - subject: 'some subject', - message_id: 'some@id', - body: 'some message 123', - internal: true, - sender: Ticket::Article::Sender.find_by(name: 'Agent'), - type: Ticket::Article::Type.find_by(name: 'note'), - updated_by_id: 1, - created_by_id: 1, - ) - assert_equal(5, ticket.articles.count) - assert_equal('Agent', ticket.articles[4].sender.name) - assert_equal(1, ticket.articles[4].updated_by_id) - assert_equal(1, ticket.articles[4].created_by_id) - assert_equal(0, ticket.articles[0].attachments.count) - assert_equal(0, ticket.articles[1].attachments.count) - assert_equal(0, ticket.articles[2].attachments.count) - assert_equal(0, ticket.articles[3].attachments.count) - assert_equal(0, ticket.articles[4].attachments.count) - - get "/api/v1/ticket_articles/#{article.id}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Not authorized', result['error']) - - put "/api/v1/ticket_articles/#{article.id}", params: { internal: false }.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Not authorized', result['error']) - - end - - test '03.01 create phone ticket for customer and expected origin_by_id' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - - params = { - title: 'a new ticket #1', - group: 'Users', - customer_id: @customer_without_org.id, - article: { - body: 'some body', - sender: 'Customer', - type: 'phone', - } - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('a new ticket #1', result['title']) - - article = Ticket::Article.find_by(ticket_id: result['id']) - assert_equal(@customer_without_org.id, article.origin_by_id) - assert_equal('Tickets Customer1 ', article.from) - end - - test '03.02 create phone ticket by customer and manipulate origin_by_id' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw') - - params = { - title: 'a new ticket #1', - group: 'Users', - customer_id: @customer_without_org.id, - article: { - body: 'some body', - sender: 'Customer', - type: 'phone', - origin_by_id: 1, - } - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - article = Ticket::Article.find_by(ticket_id: result['id']) - assert_equal(@customer_without_org.id, article.origin_by_id) - end - - test '04.01 ticket split with html - check attachments' do - ticket = Ticket.create!( - title: 'some title', - group: Group.lookup(name: 'Users'), - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'new'), - priority: Ticket::Priority.lookup(name: '2 normal'), - updated_by_id: @agent.id, - created_by_id: @agent.id, - ) - article = Ticket::Article.create!( - type: Ticket::Article::Type.lookup(name: 'note'), - sender: Ticket::Article::Sender.lookup(name: 'Customer'), - from: 'sender', - subject: 'subject', - body: 'test test ', - content_type: 'text/html', - ticket_id: ticket.id, - updated_by_id: 1, - created_by_id: 1, - ) - Store.add( - object: 'Ticket::Article', - o_id: article.id, - data: 'content_file1_normally_should_be_an_image', - filename: 'some_file1.jpg', - preferences: { - 'Content-Type' => 'image/jpeg', - 'Mime-Type' => 'image/jpeg', - 'Content-ID' => '15.274327094.140938@zammad.example.com', - 'Content-Disposition' => 'inline', - }, - created_by_id: 1, - ) - Store.add( - object: 'Ticket::Article', - o_id: article.id, - data: 'content_file2_normally_should_be_an_image', - filename: 'some_file2.jpg', - preferences: { - 'Content-Type' => 'image/jpeg', - 'Mime-Type' => 'image/jpeg', - 'Content-ID' => '15.274327094.140938.2@zammad.example.com', - 'Content-Disposition' => 'inline', - }, - created_by_id: 1, - ) - Store.add( - object: 'Ticket::Article', - o_id: article.id, - data: 'content_file3_normally_should_be_an_image', - filename: 'some_file3.jpg', - preferences: { - 'Content-Type' => 'image/jpeg', - 'Mime-Type' => 'image/jpeg', - 'Content-ID' => '15.274327094.140938.3@zammad.example.com', - }, - created_by_id: 1, - ) - Store.add( - object: 'Ticket::Article', - o_id: article.id, - data: 'content_file4_normally_should_be_an_image', - filename: 'some_file4.jpg', - preferences: { - 'Content-Type' => 'image/jpeg', - 'Mime-Type' => 'image/jpeg', - 'Content-ID' => '15.274327094.140938.4@zammad.example.com', - }, - created_by_id: 1, - ) - Store.add( - object: 'Ticket::Article', - o_id: article.id, - data: 'content_file1_normally_should_be_an_pdf', - filename: 'Rechnung_RE-2018-200.pdf', - preferences: { - 'Content-Type' => 'application/octet-stream; name="Rechnung_RE-2018-200.pdf"', - 'Mime-Type' => 'application/octet-stream', - 'Content-ID' => '8AB0BEC88984EE4EBEF643C79C8E0346@zammad.example.com', - 'Content-Description' => 'Rechnung_RE-2018-200.pdf', - 'Content-Disposition' => 'attachment', - }, - created_by_id: 1, - ) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - - params = { - form_id: 'new_form_id123', - } - post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result['attachments']) - assert_equal(result['attachments'].count, 3) - - post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result['attachments']) - assert_equal(result['attachments'].count, 0) - end - - test '04.02 ticket split with plain - check attachments' do - ticket = Ticket.create!( - title: 'some title', - group: Group.lookup(name: 'Users'), - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'new'), - priority: Ticket::Priority.lookup(name: '2 normal'), - updated_by_id: @agent.id, - created_by_id: @agent.id, - ) - article = Ticket::Article.create!( - type: Ticket::Article::Type.lookup(name: 'note'), - sender: Ticket::Article::Sender.lookup(name: 'Customer'), - from: 'sender', - subject: 'subject', - body: 'test ', - content_type: 'text/plain', - ticket_id: ticket.id, - updated_by_id: 1, - created_by_id: 1, - ) - Store.add( - object: 'Ticket::Article', - o_id: article.id, - data: 'content_file1_normally_should_be_an_image', - filename: 'some_file1.jpg', - preferences: { - 'Content-Type' => 'image/jpeg', - 'Mime-Type' => 'image/jpeg', - 'Content-ID' => '15.274327094.140938@zammad.example.com', - 'Content-Disposition' => 'inline', - }, - created_by_id: 1, - ) - Store.add( - object: 'Ticket::Article', - o_id: article.id, - data: 'content_file1_normally_should_be_an_image', - filename: 'some_file2.jpg', - preferences: { - 'Content-Type' => 'image/jpeg', - 'Mime-Type' => 'image/jpeg', - 'Content-ID' => '15.274327094.140938.2@zammad.example.com', - 'Content-Disposition' => 'inline', - }, - created_by_id: 1, - ) - Store.add( - object: 'Ticket::Article', - o_id: article.id, - data: 'content_file1_normally_should_be_an_pdf', - filename: 'Rechnung_RE-2018-200.pdf', - preferences: { - 'Content-Type' => 'application/octet-stream; name="Rechnung_RE-2018-200.pdf"', - 'Mime-Type' => 'application/octet-stream', - 'Content-ID' => '8AB0BEC88984EE4EBEF643C79C8E0346@zammad.example.com', - 'Content-Description' => 'Rechnung_RE-2018-200.pdf', - 'Content-Disposition' => 'attachment', - }, - created_by_id: 1, - ) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - - params = { - form_id: 'new_form_id123', - } - post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result['attachments']) - assert_equal(result['attachments'].count, 3) - - post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result['attachments']) - assert_equal(result['attachments'].count, 0) - - end - -end diff --git a/test/controllers/tickets_controller_escalation_test.rb b/test/controllers/tickets_controller_escalation_test.rb deleted file mode 100644 index ae808f7df..000000000 --- a/test/controllers/tickets_controller_escalation_test.rb +++ /dev/null @@ -1,190 +0,0 @@ - -require 'test_helper' - -class TicketsControllerEscalationTest < ActionDispatch::IntegrationTest - setup do - - # set accept header - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - - # create agent - roles = Role.where(name: %w[Admin Agent]) - groups = Group.all - - UserInfo.current_user_id = 1 - @admin = User.create!( - login: 'tickets-admin', - firstname: 'Tickets', - lastname: 'Admin', - email: 'tickets-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - # create agent - roles = Role.where(name: 'Agent') - @agent = User.create!( - login: 'tickets-agent@example.com', - firstname: 'Tickets', - lastname: 'Agent', - email: 'tickets-agent@example.com', - password: 'agentpw', - active: true, - roles: roles, - groups: groups, - ) - - # create customer without org - roles = Role.where(name: 'Customer') - @customer_without_org = User.create!( - login: 'tickets-customer1@example.com', - firstname: 'Tickets', - lastname: 'Customer1', - email: 'tickets-customer1@example.com', - password: 'customer1pw', - active: true, - roles: roles, - ) - - @calendar = Calendar.create!( - name: 'Escalation Test', - timezone: 'Europe/Berlin', - business_hours: { - mon: { - active: true, - timeframes: [ ['00:00', '23:59'] ] - }, - tue: { - active: true, - timeframes: [ ['00:00', '23:59'] ] - }, - wed: { - active: true, - timeframes: [ ['00:00', '23:59'] ] - }, - thu: { - active: true, - timeframes: [ ['00:00', '23:59'] ] - }, - fri: { - active: true, - timeframes: [ ['00:00', '23:59'] ] - }, - sat: { - active: true, - timeframes: [ ['00:00', '23:59'] ] - }, - sun: { - active: true, - timeframes: [ ['00:00', '23:59'] ] - }, - }, - default: true, - ical_url: nil, - ) - - @sla = Sla.create!( - name: 'test sla 1', - condition: { - 'ticket.title' => { - operator: 'contains', - value: 'some value 123', - }, - }, - first_response_time: 60, - update_time: 180, - solution_time: 240, - calendar_id: @calendar.id, - ) - - UserInfo.current_user_id = nil - - end - - test '01.01 ticket created via web' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw') - params = { - title: 'some value 123', - group: 'Users', - article: { - body: 'some test 123', - }, - } - - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) - assert_equal('some value 123', result['title']) - assert_equal(@customer_without_org.id, result['updated_by_id']) - assert_equal(@customer_without_org.id, result['created_by_id']) - - ticket_p = Ticket.find(result['id']) - - assert_equal(ticket_p['escalation_at'].iso8601, result['escalation_at'].sub(/.\d\d\dZ$/, 'Z')) - assert_equal(ticket_p['first_response_escalation_at'].iso8601, result['first_response_escalation_at'].sub(/.\d\d\dZ$/, 'Z')) - assert_equal(ticket_p['update_escalation_at'].iso8601, result['update_escalation_at'].sub(/.\d\d\dZ$/, 'Z')) - assert_equal(ticket_p['close_escalation_at'].iso8601, result['close_escalation_at'].sub(/.\d\d\dZ$/, 'Z')) - - assert(ticket_p.escalation_at) - assert_in_delta(ticket_p.first_response_escalation_at.to_i, (ticket_p.created_at + 1.hour).to_i, 90) - assert_in_delta(ticket_p.update_escalation_at.to_i, (ticket_p.created_at + 3.hours).to_i, 90) - assert_in_delta(ticket_p.close_escalation_at.to_i, (ticket_p.created_at + 4.hours).to_i, 90) - assert_in_delta(ticket_p.escalation_at.to_i, (ticket_p.created_at + 1.hour).to_i, 90) - end - - test '01.02 ticket got created via email - reply by agent via web' do - - email = "From: Bob Smith -To: zammad@example.com -Subject: some value 123 - -Some Text" - - ticket_p, article_p, user_p, mail = Channel::EmailParser.new.process({}, email) - ticket_p.reload - assert(ticket_p.escalation_at) - assert_in_delta(ticket_p.first_response_escalation_at.to_i, (ticket_p.created_at + 1.hour).to_i, 90) - assert_in_delta(ticket_p.update_escalation_at.to_i, (ticket_p.created_at + 3.hours).to_i, 90) - assert_in_delta(ticket_p.close_escalation_at.to_i, (ticket_p.created_at + 4.hours).to_i, 90) - assert_in_delta(ticket_p.escalation_at.to_i, (ticket_p.created_at + 1.hour).to_i, 90) - - travel 3.hours - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'some value 123 - update', - article: { - body: 'some test 123', - type: 'email', - to: 'customer@example.com', - }, - } - put "/api/v1/tickets/#{ticket_p.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(Ticket::State.lookup(name: 'open').id, result['state_id']) - assert_equal('some value 123 - update', result['title']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(user_p.id, result['created_by_id']) - - ticket_p.reload - assert_equal(ticket_p['escalation_at'].iso8601, result['escalation_at'].sub(/.\d\d\dZ$/, 'Z')) - assert_equal(ticket_p['first_response_escalation_at'].iso8601, result['first_response_escalation_at'].sub(/.\d\d\dZ$/, 'Z')) - assert_equal(ticket_p['update_escalation_at'].iso8601, result['update_escalation_at'].sub(/.\d\d\dZ$/, 'Z')) - assert_equal(ticket_p['close_escalation_at'].iso8601, result['close_escalation_at'].sub(/.\d\d\dZ$/, 'Z')) - - assert_in_delta(ticket_p.first_response_escalation_at.to_i, (ticket_p.created_at + 1.hour).to_i, 90) - assert_in_delta(ticket_p.update_escalation_at.to_i, (ticket_p.last_contact_agent_at + 3.hours).to_i, 90) - assert_in_delta(ticket_p.close_escalation_at.to_i, (ticket_p.created_at + 4.hours).to_i, 90) - assert_in_delta(ticket_p.escalation_at.to_i, (ticket_p.created_at + 4.hours).to_i, 90) - - end - -end diff --git a/test/controllers/tickets_controller_test.rb b/test/controllers/tickets_controller_test.rb deleted file mode 100644 index b24724ba8..000000000 --- a/test/controllers/tickets_controller_test.rb +++ /dev/null @@ -1,2306 +0,0 @@ - -require 'test_helper' - -class TicketsControllerTest < ActionDispatch::IntegrationTest - setup do - - # set accept header - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - - # create agent - roles = Role.where(name: %w[Admin Agent]) - groups = Group.all - - UserInfo.current_user_id = 1 - @admin = User.create!( - login: 'tickets-admin', - firstname: 'Tickets', - lastname: 'Admin', - email: 'tickets-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - # create agent - roles = Role.where(name: 'Agent') - @agent = User.create!( - login: 'tickets-agent@example.com', - firstname: 'Tickets', - lastname: 'Agent', - email: 'tickets-agent@example.com', - password: 'agentpw', - active: true, - roles: roles, - groups: groups, - ) - - # create customer without org - roles = Role.where(name: 'Customer') - @customer_without_org = User.create!( - login: 'tickets-customer1@example.com', - firstname: 'Tickets', - lastname: 'Customer1', - email: 'tickets-customer1@example.com', - password: 'customer1pw', - active: true, - roles: roles, - ) - UserInfo.current_user_id = nil - - end - - test '01.01 ticket create with agent - missing group' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #1', - article: { - content_type: 'text/plain', # or text/html - body: 'some body', - sender: 'Customer', - type: 'note', - }, - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Group can\'t be blank', result['error_human']) - end - - test '01.02 ticket create with agent - wrong group' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #2', - group: 'not_existing', - article: { - content_type: 'text/plain', # or text/html - body: 'some body', - sender: 'Customer', - type: 'note', - }, - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('No lookup value found for \'group\': "not_existing"', result['error']) - end - - test '01.03 ticket create with agent - missing article.body' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #3', - group: 'Users', - priority: '2 normal', - state: 'new', - customer_id: @customer_without_org.id, - article: {}, - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Need at least article: { body: "some text" }', result['error']) - end - - test '01.03 ticket create with agent - minimal article' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #3', - group: 'Users', - priority: '2 normal', - state: 'new', - customer_id: @customer_without_org.id, - article: { - body: 'some test 123', - }, - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) - assert_equal('a new ticket #3', result['title']) - assert_equal(@customer_without_org.id, result['customer_id']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - end - - test '01.04 ticket create with agent - minimal article and customer.email' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #3', - group: 'Users', - priority: '2 normal', - state: 'new', - customer: @customer_without_org.email, - article: { - body: 'some test 123', - }, - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) - assert_equal('a new ticket #3', result['title']) - assert_equal(@customer_without_org.id, result['customer_id']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - end - - test '01.05 ticket create with agent - wrong owner_id - 0' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #4', - group: 'Users', - priority: '2 normal', - owner_id: 0, - state: 'new', - customer_id: @customer_without_org.id, - article: { - body: 'some test 123', - }, - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Invalid value for param \'owner_id\': 0', result['error']) - end - - test '01.06 ticket create with agent - wrong owner_id - ""' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #5', - group: 'Users', - priority: '2 normal', - owner_id: '', - state: 'new', - customer_id: @customer_without_org.id, - article: { - body: 'some test 123', - }, - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - #assert_response(422) - #result = JSON.parse(@response.body) - #assert_equal(Hash, result.class) - #assert_equal('Invalid value for param \'owner_id\': ""', result['error']) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) - assert_equal('a new ticket #5', result['title']) - assert_equal(@customer_without_org.id, result['customer_id']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - end - - test '01.07 ticket create with agent - wrong owner_id - 99999' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #6', - group: 'Users', - priority: '2 normal', - owner_id: 99_999, - state: 'new', - customer_id: @customer_without_org.id, - article: { - body: 'some test 123', - }, - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Invalid value for param \'owner_id\': 99999', result['error']) - end - - test '01.08 ticket create with agent - wrong owner_id - nil' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #7', - group: 'Users', - priority: '2 normal', - owner_id: nil, - state: 'new', - customer_id: @customer_without_org.id, - article: { - body: 'some test 123', - }, - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) - assert_equal('a new ticket #7', result['title']) - assert_equal(@customer_without_org.id, result['customer_id']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - end - - test '01.09 ticket create with agent - minimal article with guess customer' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #9', - group: 'Users', - priority: '2 normal', - state: 'new', - customer_id: 'guess:some_new_customer@example.com', - article: { - body: 'some test 123', - }, - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) - assert_equal('a new ticket #9', result['title']) - assert_equal(User.lookup(email: 'some_new_customer@example.com').id, result['customer_id']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - end - - test '01.10 ticket create with agent - minimal article with guess customer' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #10', - group: 'Users', - customer_id: 'guess:some_new_customer@example.com', - article: { - body: 'some test 123', - }, - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) - assert_equal('a new ticket #10', result['title']) - assert_equal(User.lookup(email: 'some_new_customer@example.com').id, result['customer_id']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - end - - test '01.11 ticket create with agent - minimal article with customer hash' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #11', - group: 'Users', - customer: { - firstname: 'some firstname', - lastname: 'some lastname', - email: 'some_new_customer@example.com', - }, - article: { - body: 'some test 123', - }, - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) - assert_equal('a new ticket #11', result['title']) - assert_equal(User.lookup(email: 'some_new_customer@example.com').id, result['customer_id']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - end - - test '01.11.1 ticket create with agent - minimal article with customer hash with article.origin_by' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #11.1', - group: 'Users', - customer: { - firstname: 'some firstname', - lastname: 'some lastname', - email: 'some_new_customer@example.com', - }, - article: { - body: 'some test 123', - origin_by: 'some_new_customer@example.com', - }, - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) - assert_equal('a new ticket #11.1', result['title']) - assert_equal(User.lookup(email: 'some_new_customer@example.com').id, result['customer_id']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - ticket = Ticket.find(result['id']) - article = ticket.articles.first - assert_equal(@agent.id, article.updated_by_id) - assert_equal(@agent.id, article.created_by_id) - assert_equal(User.lookup(email: 'some_new_customer@example.com').id, article.origin_by_id) - assert_equal('Customer', article.sender.name) - assert_equal('note', article.type.name) - assert_equal('some firstname some lastname', article.from) - end - - test '01.11.2 ticket create with agent - minimal article with customer hash with article.origin_by' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #11.2', - group: 'Users', - customer: { - firstname: 'some firstname', - lastname: 'some lastname', - email: 'some_new_customer@example.com', - }, - article: { - sender: 'Customer', - body: 'some test 123', - origin_by: 'some_new_customer@example.com', - }, - } - - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) - assert_equal('a new ticket #11.2', result['title']) - assert_equal(User.lookup(email: 'some_new_customer@example.com').id, result['customer_id']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - ticket = Ticket.find(result['id']) - article = ticket.articles.first - assert_equal(@agent.id, article.updated_by_id) - assert_equal(@agent.id, article.created_by_id) - assert_equal(User.lookup(email: 'some_new_customer@example.com').id, article.origin_by_id) - assert_equal('Customer', article.sender.name) - assert_equal('note', article.type.name) - assert_equal('some firstname some lastname', article.from) - end - - test '01.11.3 ticket create with agent - minimal article with customer hash with article.origin_by' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #11.3', - group: 'Users', - customer: { - firstname: 'some firstname', - lastname: 'some lastname', - email: 'some_new_customer@example.com', - }, - article: { - sender: 'Agent', - from: 'somebody', - body: 'some test 123', - origin_by: 'some_new_customer@example.com', - }, - } - - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) - assert_equal('a new ticket #11.3', result['title']) - assert_equal(User.lookup(email: 'some_new_customer@example.com').id, result['customer_id']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - ticket = Ticket.find(result['id']) - article = ticket.articles.first - assert_equal(@agent.id, article.updated_by_id) - assert_equal(@agent.id, article.created_by_id) - assert_equal(User.lookup(email: 'some_new_customer@example.com').id, article.origin_by_id) - assert_equal('Customer', article.sender.name) - assert_equal('note', article.type.name) - assert_equal('some firstname some lastname', article.from) - end - - test '01.11.4 ticket create with agent - minimal article with customer hash with article.origin_by' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #11.4', - group: 'Users', - customer: { - firstname: 'some firstname', - lastname: 'some lastname', - email: 'some_new_customer@example.com', - }, - article: { - sender: 'Customer', - body: 'some test 123', - origin_by: @customer_without_org.login, - }, - } - - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) - assert_equal('a new ticket #11.4', result['title']) - assert_equal(User.lookup(email: 'some_new_customer@example.com').id, result['customer_id']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - ticket = Ticket.find(result['id']) - article = ticket.articles.first - assert_equal(@agent.id, article.updated_by_id) - assert_equal(@agent.id, article.created_by_id) - assert_equal(@customer_without_org.id, article.origin_by_id) - assert_equal('Customer', article.sender.name) - assert_equal('note', article.type.name) - assert_equal('Tickets Customer1', article.from) - end - - test '01.12 ticket create with agent - minimal article with missing body - with customer.id' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #12', - group: 'Users', - customer_id: @customer_without_org.id, - article: { - subject: 'some test 123', - }, - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Need at least article: { body: "some text" }', result['error']) - end - - test '01.13 ticket create with agent - minimal article and attachment with customer' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #13', - group: 'Users', - customer_id: @customer_without_org.id, - article: { - subject: 'some test 123', - body: 'some test 123', - attachments: [ - 'filename' => 'some_file.txt', - 'data' => 'dGVzdCAxMjM=', - 'mime-type' => 'text/plain', - ], - }, - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) - assert_equal('a new ticket #13', result['title']) - assert_equal(@customer_without_org.id, result['customer_id']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - - ticket = Ticket.find(result['id']) - assert_equal(1, ticket.articles.count) - assert_equal(1, ticket.articles.first.attachments.count) - file = ticket.articles.first.attachments.first - assert_equal('test 123', file.content) - assert_equal('some_file.txt', file.filename) - assert_equal('text/plain', file.preferences['Mime-Type']) - assert_not(file.preferences['Content-ID']) - end - - test '01.14 ticket create with agent - minimal article and attachment with customer' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #14', - group: 'Users', - customer_id: @customer_without_org.id, - article: { - subject: 'some test 123', - body: 'some test 123', - attachments: [ - { - 'filename' => 'some_file1.txt', - 'data' => 'dGVzdCAxMjM=', - 'mime-type' => 'text/plain', - }, - { - 'filename' => 'some_file2.txt', - 'data' => 'w6TDtsO8w58=', - 'mime-type' => 'text/plain', - }, - ], - }, - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) - assert_equal('a new ticket #14', result['title']) - assert_equal(@customer_without_org.id, result['customer_id']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - - ticket = Ticket.find(result['id']) - assert_equal(1, ticket.articles.count) - assert_equal(2, ticket.articles.first.attachments.count) - file = ticket.articles.first.attachments.first - assert_equal('test 123', file.content) - assert_equal('some_file1.txt', file.filename) - assert_equal('text/plain', file.preferences['Mime-Type']) - assert_not(file.preferences['Content-ID']) - end - - test '01.15 ticket create with agent - minimal article and simple invalid base64 attachment with customer' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #15', - group: 'Users', - customer_id: @customer_without_org.id, - article: { - subject: 'some test 123', - body: 'some test 123', - attachments: [ - 'filename' => 'some_file.txt', - 'data' => 'ABC_INVALID_BASE64', - 'mime-type' => 'text/plain', - ], - }, - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Invalid base64 for attachment with index \'0\'', result['error']) - end - - test '01.15a ticket create with agent - minimal article and large invalid base64 attachment with customer' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #15a', - group: 'Users', - customer_id: @customer_without_org.id, - article: { - subject: 'some test 123', - body: 'some test 123', - attachments: [ - 'filename' => 'some_file.txt', - 'data' => "LARGE_INVALID_BASE64_#{'#' * 20_000_000}", - 'mime-type' => 'text/plain', - ], - }, - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Invalid base64 for attachment with index \'0\'', result['error']) - end - - test '01.15b ticket create with agent - minimal article and valid multiline base64 with linebreaks attachment with customer' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #15b', - group: 'Users', - customer_id: @customer_without_org.id, - article: { - subject: 'some test 123', - body: 'some test 123', - attachments: [ - 'filename' => 'some_file.txt', - 'data' => Base64.encode64('a' * 1_000), - 'mime-type' => 'text/plain', - ], - }, - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal('a new ticket #15b', result['title']) - ticket = Ticket.find(result['id']) - assert_equal(1, ticket.articles.count) - assert_equal(1, ticket.articles.first.attachments.count) - file = ticket.articles.first.attachments.first - assert_equal('a' * 1_000, file.content) - end - - test '01.15c ticket create with agent - minimal article and valid multiline base64 without linebreaks attachment with customer' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #15c', - group: 'Users', - customer_id: @customer_without_org.id, - article: { - subject: 'some test 123', - body: 'some test 123', - attachments: [ - 'filename' => 'some_file.txt', - 'data' => Base64.strict_encode64('a' * 1_000), - 'mime-type' => 'text/plain', - ], - }, - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal('a new ticket #15c', result['title']) - ticket = Ticket.find(result['id']) - assert_equal(1, ticket.articles.count) - assert_equal(1, ticket.articles.first.attachments.count) - file = ticket.articles.first.attachments.first - assert_equal('a' * 1_000, file.content) - end - - test '01.16 ticket create with agent - minimal article and attachment invalid base64 with customer' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #16', - group: 'Users', - customer_id: @customer_without_org.id, - article: { - subject: 'some test 123', - body: 'some test 123', - attachments: [ - 'filename' => 'some_file.txt', - 'data' => 'dGVzdCAxMjM=', - ], - }, - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Attachment needs \'mime-type\' param for attachment with index \'0\'', result['error']) - end - - test '01.17 ticket create with agent - minimal article and inline attachments with customer' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #17', - group: 'Users', - customer_id: @customer_without_org.id, - article: { - content_type: 'text/html', - subject: 'some test 123', - body: 'some test 123 Red dot ', - }, - } - - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) - assert_equal('a new ticket #17', result['title']) - assert_equal(@customer_without_org.id, result['customer_id']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - - ticket = Ticket.find(result['id']) - assert_equal(1, ticket.articles.count) - assert_equal(2, ticket.articles.first.attachments.count) - file = ticket.articles.first.attachments[0] - assert_equal('d3c1e09bdefb92b6a06b791a24ca9599', Digest::MD5.hexdigest(file.content)) - assert_equal('image1.png', file.filename) - assert_equal('image/png', file.preferences['Mime-Type']) - assert_match(/#{ticket.id}\..+?@zammad.example.com/, file.preferences['Content-ID']) - assert(file.preferences['Content-ID']) - file = ticket.articles.first.attachments[1] - assert_equal('006a2ca3793b550c8fe444acdeb39252', Digest::MD5.hexdigest(file.content)) - assert_equal('image2.jpeg', file.filename) - assert_equal('image/jpeg', file.preferences['Mime-Type']) - assert_match(/#{ticket.id}\..+?@zammad.example.com/, file.preferences['Content-ID']) - assert(file.preferences['Content-ID']) - end - - test '01.18 ticket create with agent - minimal article and inline attachments with customer' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #18', - group: 'Users', - customer_id: @customer_without_org.id, - article: { - content_type: 'text/html', - subject: 'some test 123', - body: 'some test 123 ', - attachments: [ - 'filename' => 'some_file.txt', - 'data' => 'dGVzdCAxMjM=', - 'mime-type' => 'text/plain', - ], - }, - } - - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) - assert_equal('a new ticket #18', result['title']) - assert_equal(@customer_without_org.id, result['customer_id']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - - ticket = Ticket.find(result['id']) - assert_equal(1, ticket.articles.count) - assert_equal(2, ticket.articles.first.attachments.count) - file = ticket.articles.first.attachments[0] - assert_equal('006a2ca3793b550c8fe444acdeb39252', Digest::MD5.hexdigest(file.content)) - assert_equal('image1.jpeg', file.filename) - assert_equal('image/jpeg', file.preferences['Mime-Type']) - assert(file.preferences['Content-ID']) - assert_match(/#{ticket.id}\..+?@zammad.example.com/, file.preferences['Content-ID']) - file = ticket.articles.first.attachments[1] - assert_equal('39d0d586a701e199389d954f2d592720', Digest::MD5.hexdigest(file.content)) - assert_equal('some_file.txt', file.filename) - assert_equal('text/plain', file.preferences['Mime-Type']) - assert_not(file.preferences['Content-ID']) - end - - test '02.02 ticket create with agent' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - params = { - title: 'a new ticket #1', - state: 'new', - priority: '2 normal', - group: 'Users', - customer: 'tickets-customer1@example.com', - article: { - content_type: 'text/plain', # or text/html - body: 'some body', - }, - links: { - Ticket: { - parent: [1], - } - } - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) - assert_equal('a new ticket #1', result['title']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - links = Link.list( - link_object: 'Ticket', - link_object_value: result['id'], - ) - assert_equal('child', links[0]['link_type']) - assert_equal('Ticket', links[0]['link_object']) - assert_equal(1, links[0]['link_object_value']) - end - - test '02.03 ticket with wrong ticket id' do - group = Group.create!( - name: "GroupWithoutPermission-#{rand(9_999_999_999)}", - active: true, - updated_by_id: 1, - created_by_id: 1, - ) - ticket = Ticket.create!( - title: 'ticket with wrong ticket id', - group_id: group.id, - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'new'), - priority: Ticket::Priority.lookup(name: '2 normal'), - updated_by_id: 1, - created_by_id: 1, - ) - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - get "/api/v1/tickets/#{ticket.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Not authorized', result['error']) - - params = { - title: 'ticket with wrong ticket id - 2', - } - put "/api/v1/tickets/#{ticket.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Not authorized', result['error']) - - delete "/api/v1/tickets/#{ticket.id}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Not authorized', result['error']) - end - - test '02.04 ticket with correct ticket id' do - title = "ticket with corret ticket id testagent#{rand(999_999_999)}" - ticket = Ticket.create!( - title: title, - group: Group.lookup(name: 'Users'), - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'new'), - priority: Ticket::Priority.lookup(name: '2 normal'), - updated_by_id: 1, - created_by_id: 1, - preferences: { - some_key1: 123, - }, - ) - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - get "/api/v1/tickets/#{ticket.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(ticket.id, result['id']) - assert_equal(title, result['title']) - assert_equal(ticket.customer_id, result['customer_id']) - assert_equal(1, result['updated_by_id']) - assert_equal(1, result['created_by_id']) - assert_equal(123, result['preferences']['some_key1']) - - params = { - title: "#{title} - 2", - customer_id: @agent.id, - preferences: { - some_key2: 'abc', - }, - } - put "/api/v1/tickets/#{ticket.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(ticket.id, result['id']) - assert_equal("#{title} - 2", result['title']) - assert_equal(@agent.id, result['customer_id']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(1, result['created_by_id']) - assert_equal(123, result['preferences']['some_key1']) - assert_equal('abc', result['preferences']['some_key2']) - - params = { - ticket_id: ticket.id, - subject: 'some subject', - body: 'some body', - } - post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - article_result = JSON.parse(@response.body) - assert_equal(Hash, article_result.class) - assert_equal(ticket.id, article_result['ticket_id']) - assert_equal('Tickets Agent', article_result['from']) - assert_equal('some subject', article_result['subject']) - assert_equal('some body', article_result['body']) - assert_equal('text/plain', article_result['content_type']) - assert_equal(false, article_result['internal']) - assert_equal(@agent.id, article_result['created_by_id']) - assert_equal(Ticket::Article::Sender.lookup(name: 'Agent').id, article_result['sender_id']) - assert_equal(Ticket::Article::Type.lookup(name: 'note').id, article_result['type_id']) - - Scheduler.worker(true) - get "/api/v1/tickets/search?query=#{CGI.escape(title)}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(ticket.id, result['tickets'][0]) - assert_equal(1, result['tickets_count']) - - params = { - condition: { - 'ticket.title' => { - operator: 'contains', - value: title, - }, - }, - } - post '/api/v1/tickets/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(ticket.id, result['tickets'][0]) - assert_equal(1, result['tickets_count']) - - delete "/api/v1/ticket_articles/#{article_result['id']}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - - params = { - from: 'something which should not be changed on server side', - ticket_id: ticket.id, - subject: 'some subject', - body: 'some body', - type: 'email', - internal: true, - } - post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(ticket.id, result['ticket_id']) - assert_equal('"Tickets Agent via Zammad" ', result['from']) - assert_equal('some subject', result['subject']) - assert_equal('some body', result['body']) - assert_equal('text/plain', result['content_type']) - assert_equal(true, result['internal']) - assert_equal(@agent.id, result['created_by_id']) - assert_equal(Ticket::Article::Sender.lookup(name: 'Agent').id, result['sender_id']) - assert_equal(Ticket::Article::Type.lookup(name: 'email').id, result['type_id']) - - params = { - subject: 'new subject', - } - put "/api/v1/ticket_articles/#{result['id']}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(ticket.id, result['ticket_id']) - assert_equal('"Tickets Agent via Zammad" ', result['from']) - assert_equal('new subject', result['subject']) - assert_equal('some body', result['body']) - assert_equal('text/plain', result['content_type']) - assert_equal(true, result['internal']) - assert_equal(@agent.id, result['created_by_id']) - assert_equal(Ticket::Article::Sender.lookup(name: 'Agent').id, result['sender_id']) - assert_equal(Ticket::Article::Type.lookup(name: 'email').id, result['type_id']) - - delete "/api/v1/ticket_articles/#{result['id']}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Not authorized (admin permission required)!', result['error']) - - delete "/api/v1/tickets/#{ticket.id}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Not authorized (admin permission required)!', result['error']) - end - - test '02.05 ticket with correct ticket id' do - ticket = Ticket.create!( - title: 'ticket with corret ticket id', - group: Group.lookup(name: 'Users'), - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'new'), - priority: Ticket::Priority.lookup(name: '2 normal'), - updated_by_id: 1, - created_by_id: 1, - ) - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw') - get "/api/v1/tickets/#{ticket.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(ticket.id, result['id']) - assert_equal('ticket with corret ticket id', result['title']) - assert_equal(ticket.customer_id, result['customer_id']) - assert_equal(1, result['updated_by_id']) - assert_equal(1, result['created_by_id']) - - params = { - title: 'ticket with corret ticket id - 2', - customer_id: @agent.id, - } - put "/api/v1/tickets/#{ticket.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(ticket.id, result['id']) - assert_equal('ticket with corret ticket id - 2', result['title']) - assert_equal(@agent.id, result['customer_id']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(1, result['created_by_id']) - - params = { - from: 'something which should not be changed on server side', - ticket_id: ticket.id, - subject: 'some subject', - body: 'some body', - } - post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(ticket.id, result['ticket_id']) - assert_equal('Tickets Admin', result['from']) - assert_equal('some subject', result['subject']) - assert_equal('some body', result['body']) - assert_equal('text/plain', result['content_type']) - assert_equal(false, result['internal']) - assert_equal(@admin.id, result['created_by_id']) - assert_equal(Ticket::Article::Sender.lookup(name: 'Agent').id, result['sender_id']) - assert_equal(Ticket::Article::Type.lookup(name: 'note').id, result['type_id']) - - params = { - subject: 'new subject', - internal: true, - } - put "/api/v1/ticket_articles/#{result['id']}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(ticket.id, result['ticket_id']) - assert_equal('Tickets Admin', result['from']) - assert_equal('new subject', result['subject']) - assert_equal('some body', result['body']) - assert_equal('text/plain', result['content_type']) - assert_equal(true, result['internal']) - assert_equal(@admin.id, result['created_by_id']) - assert_equal(Ticket::Article::Sender.lookup(name: 'Agent').id, result['sender_id']) - assert_equal(Ticket::Article::Type.lookup(name: 'note').id, result['type_id']) - - delete "/api/v1/ticket_articles/#{result['id']}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - - params = { - ticket_id: ticket.id, - subject: 'some subject', - body: 'some body', - type: 'email', - } - post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(ticket.id, result['ticket_id']) - assert_equal('"Tickets Admin via Zammad" ', result['from']) - assert_equal('some subject', result['subject']) - assert_equal('some body', result['body']) - assert_equal('text/plain', result['content_type']) - assert_equal(false, result['internal']) - assert_equal(@admin.id, result['created_by_id']) - assert_equal(Ticket::Article::Sender.lookup(name: 'Agent').id, result['sender_id']) - assert_equal(Ticket::Article::Type.lookup(name: 'email').id, result['type_id']) - - delete "/api/v1/ticket_articles/#{result['id']}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - - delete "/api/v1/tickets/#{ticket.id}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - end - - test '02.05 ticket pagination' do - title = "ticket pagination #{rand(999_999_999)}" - tickets = [] - (1..20).each do |count| - ticket = Ticket.create!( - title: "#{title} - #{count}", - group: Group.lookup(name: 'Users'), - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'new'), - priority: Ticket::Priority.lookup(name: '2 normal'), - updated_by_id: 1, - created_by_id: 1, - ) - Ticket::Article.create!( - type: Ticket::Article::Type.lookup(name: 'note'), - sender: Ticket::Article::Sender.lookup(name: 'Customer'), - from: 'sender', - subject: 'subject', - body: 'some body', - ticket_id: ticket.id, - updated_by_id: 1, - created_by_id: 1, - ) - tickets.push ticket - travel 2.seconds - end - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw') - get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(tickets[19].id, result['tickets'][0]) - assert_equal(tickets[0].id, result['tickets'][19]) - assert_equal(20, result['tickets_count']) - - get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=10", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(tickets[19].id, result['tickets'][0]) - assert_equal(tickets[10].id, result['tickets'][9]) - assert_equal(10, result['tickets_count']) - - get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40&page=1&per_page=5", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(tickets[19].id, result['tickets'][0]) - assert_equal(tickets[15].id, result['tickets'][4]) - assert_equal(5, result['tickets_count']) - - get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40&page=2&per_page=5", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(tickets[14].id, result['tickets'][0]) - assert_equal(tickets[10].id, result['tickets'][4]) - assert_equal(5, result['tickets_count']) - - get '/api/v1/tickets?limit=40&page=1&per_page=5', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - tickets = Ticket.order(:id).limit(5) - assert_equal(tickets[0].id, result[0]['id']) - assert_equal(tickets[4].id, result[4]['id']) - assert_equal(5, result.count) - - get '/api/v1/tickets?limit=40&page=2&per_page=5', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - tickets = Ticket.order(:id).limit(10) - assert_equal(tickets[5].id, result[0]['id']) - assert_equal(tickets[9].id, result[4]['id']) - assert_equal(5, result.count) - - end - - test '03.01 ticket create with customer minimal' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw') - params = { - title: 'a new ticket #c1', - state: 'new', - priority: '2 normal', - group: 'Users', - article: { - body: 'some body', - }, - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) - assert_equal('a new ticket #c1', result['title']) - assert_equal(@customer_without_org.id, result['customer_id']) - assert_equal(@customer_without_org.id, result['updated_by_id']) - assert_equal(@customer_without_org.id, result['created_by_id']) - end - - test '03.02 ticket create with customer with wrong customer' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw') - params = { - title: 'a new ticket #c2', - state: 'new', - priority: '2 normal', - group: 'Users', - customer_id: @agent.id, - article: { - content_type: 'text/plain', # or text/html - body: 'some body', - sender: 'System', - }, - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) - assert_equal('a new ticket #c2', result['title']) - assert_equal(@customer_without_org.id, result['customer_id']) - assert_equal(@customer_without_org.id, result['updated_by_id']) - assert_equal(@customer_without_org.id, result['created_by_id']) - end - - test '03.03 ticket create with customer with wrong customer hash' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw') - params = { - title: 'a new ticket #c2', - state: 'new', - priority: '2 normal', - group: 'Users', - customer: { - firstname: @agent.firstname, - lastname: @agent.lastname, - email: @agent.email, - }, - article: { - content_type: 'text/plain', # or text/html - body: 'some body', - sender: 'System', - }, - } - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) - assert_equal('a new ticket #c2', result['title']) - assert_equal(@customer_without_org.id, result['customer_id']) - assert_equal(@customer_without_org.id, result['updated_by_id']) - assert_equal(@customer_without_org.id, result['created_by_id']) - end - - test '03.04 ticket with wrong ticket id' do - ticket = Ticket.create!( - title: 'ticket with wrong ticket id', - group: Group.lookup(name: 'Users'), - customer_id: @agent.id, - state: Ticket::State.lookup(name: 'new'), - priority: Ticket::Priority.lookup(name: '2 normal'), - updated_by_id: 1, - created_by_id: 1, - ) - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw') - get "/api/v1/tickets/#{ticket.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Not authorized', result['error']) - - params = { - title: 'ticket with wrong ticket id - 2', - } - put "/api/v1/tickets/#{ticket.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Not authorized', result['error']) - - delete "/api/v1/tickets/#{ticket.id}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Not authorized', result['error']) - end - - test '03.05 ticket with correct ticket id' do - title = "ticket with corret ticket id testme#{rand(999_999_999)}" - ticket = Ticket.create!( - title: title, - group: Group.lookup(name: 'Users'), - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'new'), - priority: Ticket::Priority.lookup(name: '2 normal'), - updated_by_id: 1, - created_by_id: 1, - ) - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw') - get "/api/v1/tickets/#{ticket.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(ticket.id, result['id']) - assert_equal(title, result['title']) - assert_equal(ticket.customer_id, result['customer_id']) - assert_equal(1, result['updated_by_id']) - assert_equal(1, result['created_by_id']) - - params = { - title: "#{title} - 2", - customer_id: @agent.id, - } - put "/api/v1/tickets/#{ticket.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(ticket.id, result['id']) - assert_equal("#{title} - 2", result['title']) - assert_equal(ticket.customer_id, result['customer_id']) - assert_equal(@customer_without_org.id, result['updated_by_id']) - assert_equal(1, result['created_by_id']) - - params = { - ticket_id: ticket.id, - subject: 'some subject', - body: 'some body', - } - post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - article_result = JSON.parse(@response.body) - assert_equal(Hash, article_result.class) - assert_equal(ticket.id, article_result['ticket_id']) - assert_equal('Tickets Customer1', article_result['from']) - assert_equal('some subject', article_result['subject']) - assert_equal('some body', article_result['body']) - assert_equal('text/plain', article_result['content_type']) - assert_equal(@customer_without_org.id, article_result['created_by_id']) - assert_equal(Ticket::Article::Sender.lookup(name: 'Customer').id, article_result['sender_id']) - assert_equal(Ticket::Article::Type.lookup(name: 'note').id, article_result['type_id']) - - Scheduler.worker(true) - get "/api/v1/tickets/search?query=#{CGI.escape(title)}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(ticket.id, result['tickets'][0]) - assert_equal(1, result['tickets_count']) - - params = { - condition: { - 'ticket.title' => { - operator: 'contains', - value: title, - }, - }, - } - post '/api/v1/tickets/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(ticket.id, result['tickets'][0]) - assert_equal(1, result['tickets_count']) - - delete "/api/v1/ticket_articles/#{article_result['id']}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Not authorized (admin permission required)!', result['error']) - - params = { - ticket_id: ticket.id, - subject: 'some subject', - body: 'some body', - type: 'email', - sender: 'Agent', - } - post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(ticket.id, result['ticket_id']) - assert_equal('Tickets Customer1', result['from']) - assert_equal('some subject', result['subject']) - assert_equal('some body', result['body']) - assert_equal('text/plain', result['content_type']) - assert_equal(@customer_without_org.id, result['created_by_id']) - assert_equal(Ticket::Article::Sender.lookup(name: 'Customer').id, result['sender_id']) - assert_equal(Ticket::Article::Type.lookup(name: 'note').id, result['type_id']) - - delete "/api/v1/ticket_articles/#{result['id']}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Not authorized (admin permission required)!', result['error']) - - params = { - from: 'something which should not be changed on server side', - ticket_id: ticket.id, - subject: 'some subject', - body: 'some body', - type: 'web', - sender: 'Agent', - internal: true, - } - - post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(ticket.id, result['ticket_id']) - assert_equal('Tickets Customer1 ', result['from']) - assert_equal('some subject', result['subject']) - assert_equal('some body', result['body']) - assert_equal('text/plain', result['content_type']) - assert_equal(false, result['internal']) - assert_equal(@customer_without_org.id, result['created_by_id']) - assert_equal(Ticket::Article::Sender.lookup(name: 'Customer').id, result['sender_id']) - assert_equal(Ticket::Article::Type.lookup(name: 'web').id, result['type_id']) - - params = { - subject: 'new subject', - } - put "/api/v1/ticket_articles/#{result['id']}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Not authorized (ticket.agent or admin permission required)!', result['error']) - - delete "/api/v1/tickets/#{ticket.id}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Not authorized (admin permission required)!', result['error']) - end - - test '03.6 ticket create with agent - minimal article with customer hash with article.origin_by' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw') - params = { - title: 'a new ticket #3.6', - group: 'Users', - customer: { - firstname: 'some firstname', - lastname: 'some lastname', - email: 'some_new_customer@example.com', - }, - article: { - body: 'some test 123', - origin_by: @agent.login, - }, - } - - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) - assert_equal('a new ticket #3.6', result['title']) - assert_equal(@customer_without_org.id, result['customer_id']) - assert_equal(@customer_without_org.id, result['updated_by_id']) - assert_equal(@customer_without_org.id, result['created_by_id']) - ticket = Ticket.find(result['id']) - article = ticket.articles.first - assert_equal(@customer_without_org.id, article.updated_by_id) - assert_equal(@customer_without_org.id, article.created_by_id) - assert_equal(@customer_without_org.id, article.origin_by_id) - assert_equal('Customer', article.sender.name) - assert_equal('note', article.type.name) - assert_equal('Tickets Customer1', article.from) - end - - test '03.6.1 ticket create with agent - minimal article with customer hash with article.origin_by' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw') - params = { - title: 'a new ticket #3.6.1', - group: 'Users', - customer: { - firstname: 'some firstname', - lastname: 'some lastname', - email: 'some_new_customer@example.com', - }, - article: { - sender: 'Agent', - body: 'some test 123', - origin_by_id: @agent.id, - }, - } - - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) - assert_equal('a new ticket #3.6.1', result['title']) - assert_equal(@customer_without_org.id, result['customer_id']) - assert_equal(@customer_without_org.id, result['updated_by_id']) - assert_equal(@customer_without_org.id, result['created_by_id']) - ticket = Ticket.find(result['id']) - article = ticket.articles.first - assert_equal(@customer_without_org.id, article.updated_by_id) - assert_equal(@customer_without_org.id, article.created_by_id) - assert_equal(@customer_without_org.id, article.origin_by_id) - assert_equal('Customer', article.sender.name) - assert_equal('note', article.type.name) - assert_equal('Tickets Customer1', article.from) - end - - test '04.01 ticket show and response format' do - title = "ticket testagent#{rand(999_999_999)}" - ticket = Ticket.create!( - title: title, - group: Group.lookup(name: 'Users'), - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'new'), - priority: Ticket::Priority.lookup(name: '2 normal'), - updated_by_id: @agent.id, - created_by_id: @agent.id, - ) - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - get "/api/v1/tickets/#{ticket.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(ticket.id, result['id']) - assert_equal(ticket.title, result['title']) - assert_not(result['group']) - assert_not(result['priority']) - assert_not(result['owner']) - assert_equal(ticket.customer_id, result['customer_id']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - - get "/api/v1/tickets/#{ticket.id}?expand=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(ticket.id, result['id']) - assert_equal(ticket.title, result['title']) - assert_equal(ticket.customer_id, result['customer_id']) - assert_equal(ticket.group.name, result['group']) - assert_equal(ticket.priority.name, result['priority']) - assert_equal(ticket.owner.login, result['owner']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - - get "/api/v1/tickets/#{ticket.id}?expand=false", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(ticket.id, result['id']) - assert_equal(ticket.title, result['title']) - assert_not(result['group']) - assert_not(result['priority']) - assert_not(result['owner']) - assert_equal(ticket.customer_id, result['customer_id']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - - get "/api/v1/tickets/#{ticket.id}?full=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - - assert_equal(Hash, result.class) - assert_equal(ticket.id, result['id']) - assert(result['assets']) - assert(result['assets']['Ticket']) - assert(result['assets']['Ticket'][ticket.id.to_s]) - assert_equal(ticket.id, result['assets']['Ticket'][ticket.id.to_s]['id']) - assert_equal(ticket.title, result['assets']['Ticket'][ticket.id.to_s]['title']) - assert_equal(ticket.customer_id, result['assets']['Ticket'][ticket.id.to_s]['customer_id']) - - assert(result['assets']['User']) - assert(result['assets']['User'][@agent.id.to_s]) - assert_equal(@agent.id, result['assets']['User'][@agent.id.to_s]['id']) - assert_equal(@agent.firstname, result['assets']['User'][@agent.id.to_s]['firstname']) - assert_equal(@agent.lastname, result['assets']['User'][@agent.id.to_s]['lastname']) - - assert(result['assets']['User']) - assert(result['assets']['User'][@customer_without_org.id.to_s]) - assert_equal(@customer_without_org.id, result['assets']['User'][@customer_without_org.id.to_s]['id']) - assert_equal(@customer_without_org.firstname, result['assets']['User'][@customer_without_org.id.to_s]['firstname']) - assert_equal(@customer_without_org.lastname, result['assets']['User'][@customer_without_org.id.to_s]['lastname']) - - get "/api/v1/tickets/#{ticket.id}?full=false", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(ticket.id, result['id']) - assert_equal(ticket.title, result['title']) - assert_not(result['group']) - assert_not(result['priority']) - assert_not(result['owner']) - assert_equal(ticket.customer_id, result['customer_id']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - end - - test '04.02 ticket index and response format' do - title = "ticket testagent#{rand(999_999_999)}" - ticket = Ticket.create!( - title: title, - group: Group.lookup(name: 'Users'), - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'new'), - priority: Ticket::Priority.lookup(name: '2 normal'), - updated_by_id: @agent.id, - created_by_id: @agent.id, - ) - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - - assert_equal(Array, result.class) - assert_equal(Hash, result[0].class) - assert_equal(1, result[0]['id']) - assert_equal(ticket.id, result[1]['id']) - assert_equal(ticket.title, result[1]['title']) - assert_not(result[1]['group']) - assert_not(result[1]['priority']) - assert_not(result[1]['owner']) - assert_equal(ticket.customer_id, result[1]['customer_id']) - assert_equal(@agent.id, result[1]['updated_by_id']) - assert_equal(@agent.id, result[1]['created_by_id']) - - get '/api/v1/tickets?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(Hash, result[0].class) - assert_equal(1, result[0]['id']) - assert_equal(ticket.id, result[1]['id']) - assert_equal(ticket.title, result[1]['title']) - assert_equal(ticket.customer_id, result[1]['customer_id']) - assert_equal(ticket.group.name, result[1]['group']) - assert_equal(ticket.priority.name, result[1]['priority']) - assert_equal(ticket.owner.login, result[1]['owner']) - assert_equal(@agent.id, result[1]['updated_by_id']) - assert_equal(@agent.id, result[1]['created_by_id']) - - get '/api/v1/tickets?expand=false', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(Hash, result[0].class) - assert_equal(1, result[0]['id']) - assert_equal(ticket.id, result[1]['id']) - assert_equal(ticket.title, result[1]['title']) - assert_not(result[1]['group']) - assert_not(result[1]['priority']) - assert_not(result[1]['owner']) - assert_equal(ticket.customer_id, result[1]['customer_id']) - assert_equal(@agent.id, result[1]['updated_by_id']) - assert_equal(@agent.id, result[1]['created_by_id']) - - get '/api/v1/tickets?full=true', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - - assert_equal(Hash, result.class) - assert_equal(Array, result['record_ids'].class) - assert_equal(1, result['record_ids'][0]) - assert_equal(ticket.id, result['record_ids'][1]) - assert(result['assets']) - assert(result['assets']['Ticket']) - assert(result['assets']['Ticket'][ticket.id.to_s]) - assert_equal(ticket.id, result['assets']['Ticket'][ticket.id.to_s]['id']) - assert_equal(ticket.title, result['assets']['Ticket'][ticket.id.to_s]['title']) - assert_equal(ticket.customer_id, result['assets']['Ticket'][ticket.id.to_s]['customer_id']) - - assert(result['assets']['User']) - assert(result['assets']['User'][@agent.id.to_s]) - assert_equal(@agent.id, result['assets']['User'][@agent.id.to_s]['id']) - assert_equal(@agent.firstname, result['assets']['User'][@agent.id.to_s]['firstname']) - assert_equal(@agent.lastname, result['assets']['User'][@agent.id.to_s]['lastname']) - - assert(result['assets']['User']) - assert(result['assets']['User'][@customer_without_org.id.to_s]) - assert_equal(@customer_without_org.id, result['assets']['User'][@customer_without_org.id.to_s]['id']) - assert_equal(@customer_without_org.firstname, result['assets']['User'][@customer_without_org.id.to_s]['firstname']) - assert_equal(@customer_without_org.lastname, result['assets']['User'][@customer_without_org.id.to_s]['lastname']) - - get '/api/v1/tickets?full=false', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(Hash, result[0].class) - assert_equal(1, result[0]['id']) - assert_equal(ticket.id, result[1]['id']) - assert_equal(ticket.title, result[1]['title']) - assert_not(result[1]['group']) - assert_not(result[1]['priority']) - assert_not(result[1]['owner']) - assert_equal(ticket.customer_id, result[1]['customer_id']) - assert_equal(@agent.id, result[1]['updated_by_id']) - assert_equal(@agent.id, result[1]['created_by_id']) - end - - test '04.03 ticket create and response format' do - title = "ticket testagent#{rand(999_999_999)}" - params = { - title: title, - group: 'Users', - customer_id: @customer_without_org.id, - state: 'new', - priority: '2 normal', - article: { - body: 'some test 123', - }, - } - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - - post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - ticket = Ticket.find(result['id']) - assert_equal(ticket.state_id, result['state_id']) - assert_not(result['state']) - assert_equal(ticket.priority_id, result['priority_id']) - assert_not(result['priority']) - assert_equal(ticket.group_id, result['group_id']) - assert_not(result['group']) - assert_equal(title, result['title']) - assert_equal(@customer_without_org.id, result['customer_id']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - - post '/api/v1/tickets?expand=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - ticket = Ticket.find(result['id']) - assert_equal(ticket.state_id, result['state_id']) - assert_equal(ticket.state.name, result['state']) - assert_equal(ticket.priority_id, result['priority_id']) - assert_equal(ticket.priority.name, result['priority']) - assert_equal(ticket.group_id, result['group_id']) - assert_equal(ticket.group.name, result['group']) - assert_equal(title, result['title']) - assert_equal(@customer_without_org.id, result['customer_id']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - - post '/api/v1/tickets?full=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - ticket = Ticket.find(result['id']) - assert(result['assets']) - assert(result['assets']['Ticket']) - assert(result['assets']['Ticket'][ticket.id.to_s]) - assert_equal(ticket.id, result['assets']['Ticket'][ticket.id.to_s]['id']) - assert_equal(title, result['assets']['Ticket'][ticket.id.to_s]['title']) - assert_equal(ticket.customer_id, result['assets']['Ticket'][ticket.id.to_s]['customer_id']) - - assert(result['assets']['User']) - assert(result['assets']['User'][@agent.id.to_s]) - assert_equal(@agent.id, result['assets']['User'][@agent.id.to_s]['id']) - assert_equal(@agent.firstname, result['assets']['User'][@agent.id.to_s]['firstname']) - assert_equal(@agent.lastname, result['assets']['User'][@agent.id.to_s]['lastname']) - - assert(result['assets']['User']) - assert(result['assets']['User'][@customer_without_org.id.to_s]) - assert_equal(@customer_without_org.id, result['assets']['User'][@customer_without_org.id.to_s]['id']) - assert_equal(@customer_without_org.firstname, result['assets']['User'][@customer_without_org.id.to_s]['firstname']) - assert_equal(@customer_without_org.lastname, result['assets']['User'][@customer_without_org.id.to_s]['lastname']) - - end - - test '04.04 ticket update and response formats' do - title = "ticket testagent#{rand(999_999_999)}" - ticket = Ticket.create!( - title: title, - group: Group.lookup(name: 'Users'), - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'new'), - priority: Ticket::Priority.lookup(name: '2 normal'), - updated_by_id: @agent.id, - created_by_id: @agent.id, - ) - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - - params = { - title: 'a update ticket #1', - } - put "/api/v1/tickets/#{ticket.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - ticket = Ticket.find(result['id']) - assert_equal(ticket.state_id, result['state_id']) - assert_not(result['state']) - assert_equal(ticket.priority_id, result['priority_id']) - assert_not(result['priority']) - assert_equal(ticket.group_id, result['group_id']) - assert_not(result['group']) - assert_equal('a update ticket #1', result['title']) - assert_equal(@customer_without_org.id, result['customer_id']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - - params = { - title: 'a update ticket #2', - } - put "/api/v1/tickets/#{ticket.id}?expand=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - ticket = Ticket.find(result['id']) - assert_equal(ticket.state_id, result['state_id']) - assert_equal(ticket.state.name, result['state']) - assert_equal(ticket.priority_id, result['priority_id']) - assert_equal(ticket.priority.name, result['priority']) - assert_equal(ticket.group_id, result['group_id']) - assert_equal(ticket.group.name, result['group']) - assert_equal('a update ticket #2', result['title']) - assert_equal(@customer_without_org.id, result['customer_id']) - assert_equal(@agent.id, result['updated_by_id']) - assert_equal(@agent.id, result['created_by_id']) - - params = { - title: 'a update ticket #3', - } - put "/api/v1/tickets/#{ticket.id}?full=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - ticket = Ticket.find(result['id']) - assert(result['assets']) - assert(result['assets']['Ticket']) - assert(result['assets']['Ticket'][ticket.id.to_s]) - assert_equal(ticket.id, result['assets']['Ticket'][ticket.id.to_s]['id']) - assert_equal('a update ticket #3', result['assets']['Ticket'][ticket.id.to_s]['title']) - assert_equal(ticket.customer_id, result['assets']['Ticket'][ticket.id.to_s]['customer_id']) - - assert(result['assets']['User']) - assert(result['assets']['User'][@agent.id.to_s]) - assert_equal(@agent.id, result['assets']['User'][@agent.id.to_s]['id']) - assert_equal(@agent.firstname, result['assets']['User'][@agent.id.to_s]['firstname']) - assert_equal(@agent.lastname, result['assets']['User'][@agent.id.to_s]['lastname']) - - assert(result['assets']['User']) - assert(result['assets']['User'][@customer_without_org.id.to_s]) - assert_equal(@customer_without_org.id, result['assets']['User'][@customer_without_org.id.to_s]['id']) - assert_equal(@customer_without_org.firstname, result['assets']['User'][@customer_without_org.id.to_s]['firstname']) - assert_equal(@customer_without_org.lastname, result['assets']['User'][@customer_without_org.id.to_s]['lastname']) - - end - - test '05.01 ticket split with html - check attachments' do - ticket = Ticket.create!( - title: 'some title', - group: Group.lookup(name: 'Users'), - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'new'), - priority: Ticket::Priority.lookup(name: '2 normal'), - updated_by_id: @agent.id, - created_by_id: @agent.id, - ) - article = Ticket::Article.create!( - type: Ticket::Article::Type.lookup(name: 'note'), - sender: Ticket::Article::Sender.lookup(name: 'Customer'), - from: 'sender', - subject: 'subject', - body: 'test test ', - content_type: 'text/html', - ticket_id: ticket.id, - updated_by_id: 1, - created_by_id: 1, - ) - Store.add( - object: 'Ticket::Article', - o_id: article.id, - data: 'content_file1_normally_should_be_an_image', - filename: 'some_file1.jpg', - preferences: { - 'Content-Type' => 'image/jpeg', - 'Mime-Type' => 'image/jpeg', - 'Content-ID' => '15.274327094.140938@zammad.example.com', - 'Content-Disposition' => 'inline', - }, - created_by_id: 1, - ) - Store.add( - object: 'Ticket::Article', - o_id: article.id, - data: 'content_file2_normally_should_be_an_image', - filename: 'some_file2.jpg', - preferences: { - 'Content-Type' => 'image/jpeg', - 'Mime-Type' => 'image/jpeg', - 'Content-ID' => '15.274327094.140938.2@zammad.example.com', - 'Content-Disposition' => 'inline', - }, - created_by_id: 1, - ) - Store.add( - object: 'Ticket::Article', - o_id: article.id, - data: 'content_file3_normally_should_be_an_image', - filename: 'some_file3.jpg', - preferences: { - 'Content-Type' => 'image/jpeg', - 'Mime-Type' => 'image/jpeg', - 'Content-ID' => '15.274327094.140938.3@zammad.example.com', - }, - created_by_id: 1, - ) - Store.add( - object: 'Ticket::Article', - o_id: article.id, - data: 'content_file4_normally_should_be_an_image', - filename: 'some_file4.jpg', - preferences: { - 'Content-Type' => 'image/jpeg', - 'Mime-Type' => 'image/jpeg', - 'Content-ID' => '15.274327094.140938.4@zammad.example.com', - }, - created_by_id: 1, - ) - Store.add( - object: 'Ticket::Article', - o_id: article.id, - data: 'content_file1_normally_should_be_an_pdf', - filename: 'Rechnung_RE-2018-200.pdf', - preferences: { - 'Content-Type' => 'application/octet-stream; name="Rechnung_RE-2018-200.pdf"', - 'Mime-Type' => 'application/octet-stream', - 'Content-ID' => '8AB0BEC88984EE4EBEF643C79C8E0346@zammad.example.com', - 'Content-Description' => 'Rechnung_RE-2018-200.pdf', - 'Content-Disposition' => 'attachment', - }, - created_by_id: 1, - ) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - - get "/api/v1/ticket_split?ticket_id=#{ticket.id}&article_id=#{article.id}&form_id=new_form_id123", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result['assets']) - assert(result['assets']['Ticket']) - assert(result['assets']['Ticket'][ticket.id.to_s]) - assert(result['assets']['TicketArticle'][article.id.to_s]) - assert(result['attachments']) - assert_equal(result['attachments'].count, 3) - - get "/api/v1/ticket_split?ticket_id=#{ticket.id}&article_id=#{article.id}&form_id=new_form_id123", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result['assets']) - assert(result['assets']['Ticket']) - assert(result['assets']['Ticket'][ticket.id.to_s]) - assert(result['assets']['TicketArticle'][article.id.to_s]) - assert(result['attachments']) - assert_equal(result['attachments'].count, 0) - - end - - test '05.02 ticket split with plain - check attachments' do - ticket = Ticket.create!( - title: 'some title', - group: Group.lookup(name: 'Users'), - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'new'), - priority: Ticket::Priority.lookup(name: '2 normal'), - updated_by_id: @agent.id, - created_by_id: @agent.id, - ) - article = Ticket::Article.create!( - type: Ticket::Article::Type.lookup(name: 'note'), - sender: Ticket::Article::Sender.lookup(name: 'Customer'), - from: 'sender', - subject: 'subject', - body: 'test ', - content_type: 'text/plain', - ticket_id: ticket.id, - updated_by_id: 1, - created_by_id: 1, - ) - Store.add( - object: 'Ticket::Article', - o_id: article.id, - data: 'content_file1_normally_should_be_an_image', - filename: 'some_file1.jpg', - preferences: { - 'Content-Type' => 'image/jpeg', - 'Mime-Type' => 'image/jpeg', - 'Content-ID' => '15.274327094.140938@zammad.example.com', - 'Content-Disposition' => 'inline', - }, - created_by_id: 1, - ) - Store.add( - object: 'Ticket::Article', - o_id: article.id, - data: 'content_file1_normally_should_be_an_image', - filename: 'some_file2.jpg', - preferences: { - 'Content-Type' => 'image/jpeg', - 'Mime-Type' => 'image/jpeg', - 'Content-ID' => '15.274327094.140938.2@zammad.example.com', - 'Content-Disposition' => 'inline', - }, - created_by_id: 1, - ) - Store.add( - object: 'Ticket::Article', - o_id: article.id, - data: 'content_file1_normally_should_be_an_pdf', - filename: 'Rechnung_RE-2018-200.pdf', - preferences: { - 'Content-Type' => 'application/octet-stream; name="Rechnung_RE-2018-200.pdf"', - 'Mime-Type' => 'application/octet-stream', - 'Content-ID' => '8AB0BEC88984EE4EBEF643C79C8E0346@zammad.example.com', - 'Content-Description' => 'Rechnung_RE-2018-200.pdf', - 'Content-Disposition' => 'attachment', - }, - created_by_id: 1, - ) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - - get "/api/v1/ticket_split?ticket_id=#{ticket.id}&article_id=#{article.id}&form_id=new_form_id123", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result['assets']) - assert(result['assets']['Ticket']) - assert(result['assets']['Ticket'][ticket.id.to_s]) - assert(result['assets']['TicketArticle'][article.id.to_s]) - assert(result['attachments']) - assert_equal(result['attachments'].count, 3) - - get "/api/v1/ticket_split?ticket_id=#{ticket.id}&article_id=#{article.id}&form_id=new_form_id123", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert(result['assets']) - assert(result['assets']['Ticket']) - assert(result['assets']['Ticket'][ticket.id.to_s]) - assert(result['assets']['TicketArticle'][article.id.to_s]) - assert(result['attachments']) - assert_equal(result['attachments'].count, 0) - - end - - test '06.01 - ticket with follow up possible set to new_ticket' do - group = Group.create!( - name: "GroupWithNoFollowUp-#{rand(9_999_999_999)}", - active: true, - updated_by_id: 1, - created_by_id: 1, - follow_up_possible: 'new_ticket' # disable follow up possible - ) - - ticket = Ticket.create!( - title: 'ticket with wrong ticket id', - group_id: group.id, - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'closed'), # set the ticket to closed - priority: Ticket::Priority.lookup(name: '2 normal'), - updated_by_id: 1, - created_by_id: 1, - ) - - state = Ticket::State.find_by(name: 'open') # try to open a ticket from a closed state - - # customer - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw') - params = { - state_id: state.id, # set the state id - } - - put "/api/v1/tickets/#{ticket.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Cannot follow up on a closed ticket. Please create a new ticket.', result['error']) - - ticket = Ticket.create!( - title: 'ticket with wrong ticket id', - group_id: group.id, - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'closed'), # set the ticket to closed - priority: Ticket::Priority.lookup(name: '2 normal'), - updated_by_id: 1, - created_by_id: 1, - ) - - # admin - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin@example.com', 'adminpw') - - put "/api/v1/tickets/#{ticket.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Cannot follow up on a closed ticket. Please create a new ticket.', result['error']) - - ticket = Ticket.create!( - title: 'ticket with wrong ticket id', - group_id: group.id, - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'closed'), # set the ticket to closed - priority: Ticket::Priority.lookup(name: '2 normal'), - updated_by_id: 1, - created_by_id: 1, - ) - - # agent - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - - put "/api/v1/tickets/#{ticket.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Cannot follow up on a closed ticket. Please create a new ticket.', result['error']) - end - - test '07.01 ticket merge' do - group_no_permission = Group.create!( - name: 'GroupWithNoPermission', - active: true, - updated_by_id: 1, - created_by_id: 1, - ) - ticket1 = Ticket.create!( - title: 'ticket merge1', - group: Group.lookup(name: 'Users'), - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'new'), - priority: Ticket::Priority.lookup(name: '2 normal'), - updated_by_id: 1, - created_by_id: 1, - ) - ticket2 = Ticket.create!( - title: 'ticket merge2', - group: Group.lookup(name: 'Users'), - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'new'), - priority: Ticket::Priority.lookup(name: '2 normal'), - updated_by_id: 1, - created_by_id: 1, - ) - ticket3 = Ticket.create!( - title: 'ticket merge2', - group: group_no_permission, - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'new'), - priority: Ticket::Priority.lookup(name: '2 normal'), - updated_by_id: 1, - created_by_id: 1, - ) - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - - get "/api/v1/ticket_merge/#{ticket2.id}/#{ticket1.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('failed', result['result']) - assert_equal('No such master ticket number!', result['message']) - - get "/api/v1/ticket_merge/#{ticket3.id}/#{ticket1.number}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Not authorized', result['error']) - assert_equal('Not authorized', result['error_human']) - - get "/api/v1/ticket_merge/#{ticket1.id}/#{ticket3.number}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('Not authorized', result['error']) - assert_equal('Not authorized', result['error_human']) - - get "/api/v1/ticket_merge/#{ticket1.id}/#{ticket2.number}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('success', result['result']) - assert_equal(ticket2.id, result['master_ticket']['id']) - end - - test '07.02 ticket merge - change permission' do - group_change_permission = Group.create!( - name: 'GroupWithChangePermission', - active: true, - updated_by_id: 1, - created_by_id: 1, - ) - ticket1 = Ticket.create!( - title: 'ticket merge1', - group: group_change_permission, - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'new'), - priority: Ticket::Priority.lookup(name: '2 normal'), - updated_by_id: 1, - created_by_id: 1, - ) - ticket2 = Ticket.create!( - title: 'ticket merge2', - group: group_change_permission, - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'new'), - priority: Ticket::Priority.lookup(name: '2 normal'), - updated_by_id: 1, - created_by_id: 1, - ) - - @agent.group_names_access_map = { group_change_permission.name => %w[read change] } - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') - - get "/api/v1/ticket_merge/#{ticket1.id}/#{ticket2.number}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal('success', result['result']) - assert_equal(ticket2.id, result['master_ticket']['id']) - end - - test '08.01 ticket search sorted' do - title = "ticket pagination #{rand(999_999_999)}" - tickets = [] - - ticket1 = Ticket.create!( - title: "#{title} A", - group: Group.lookup(name: 'Users'), - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'new'), - priority: Ticket::Priority.lookup(name: '2 normal'), - created_at: '2018-02-05 17:42:00', - updated_at: '2018-02-05 20:42:00', - updated_by_id: 1, - created_by_id: 1, - ) - Ticket::Article.create!( - type: Ticket::Article::Type.lookup(name: 'note'), - sender: Ticket::Article::Sender.lookup(name: 'Customer'), - from: 'sender', - subject: 'subject', - body: 'some body', - ticket_id: ticket1.id, - updated_by_id: 1, - created_by_id: 1, - ) - - ticket2 = Ticket.create!( - title: "#{title} B", - group: Group.lookup(name: 'Users'), - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'new'), - priority: Ticket::Priority.lookup(name: '3 hoch'), - created_at: '2018-02-05 19:42:00', - updated_at: '2018-02-05 19:42:00', - updated_by_id: 1, - created_by_id: 1, - ) - Ticket::Article.create!( - type: Ticket::Article::Type.lookup(name: 'note'), - sender: Ticket::Article::Sender.lookup(name: 'Customer'), - from: 'sender', - subject: 'subject', - body: 'some body', - ticket_id: ticket2.id, - updated_by_id: 1, - created_by_id: 1, - ) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw') - get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal([ticket2.id, ticket1.id], result['tickets']) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw') - get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: { sort_by: 'created_at', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal([ticket1.id, ticket2.id], result['tickets']) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw') - get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: { sort_by: 'title', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal([ticket1.id, ticket2.id], result['tickets']) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw') - get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: { sort_by: 'title', order_by: 'desc' }, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal([ticket2.id, ticket1.id], result['tickets']) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw') - get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: { sort_by: %w[created_at updated_at], order_by: %w[asc asc] }, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal([ticket1.id, ticket2.id], result['tickets']) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw') - get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: { sort_by: %w[created_at updated_at], order_by: %w[desc asc] }, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal([ticket2.id, ticket1.id], result['tickets']) - end - -end diff --git a/test/controllers/time_accounting_controller_test.rb b/test/controllers/time_accounting_controller_test.rb deleted file mode 100644 index dd386340c..000000000 --- a/test/controllers/time_accounting_controller_test.rb +++ /dev/null @@ -1,88 +0,0 @@ -require 'test_helper' -require 'rake' - -class TimeAccountingControllerTest < ActionDispatch::IntegrationTest - setup do - - # set accept header - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - - roles = Role.where(name: 'Admin') - groups = Group.all - - UserInfo.current_user_id = 1 - - @year = DateTime.now.utc.year - @month = DateTime.now.utc.month - - @admin = User.create!( - login: 'rest-admin', - firstname: 'Rest', - lastname: 'Agent', - email: 'rest-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - updated_by_id: 1, - created_by_id: 1 - ) - - roles = Role.where(name: 'Customer') - @customer_without_org = User.create!( - login: 'rest-customer1@example.com', - firstname: 'Rest', - lastname: 'Customer1', - email: 'rest-customer1@example.com', - password: 'customer1pw', - active: true, - roles: roles, - updated_by_id: 1, - created_by_id: 1 - ) - end - - test '01.01 time account report' do - group = Group.create!( - name: "GroupWithoutPermission-#{rand(9_999_999_999)}", - active: true, - updated_by_id: 1, - created_by_id: 1, - ) - ticket = Ticket.create!( - title: 'ticket for report', - group_id: group.id, - customer_id: @customer_without_org.id, - state: Ticket::State.lookup(name: 'open'), - priority: Ticket::Priority.lookup(name: '2 normal'), - updated_by_id: 1, - created_by_id: 1, - ) - - article = Ticket::Article.create!( - type: Ticket::Article::Type.lookup(name: 'note'), - sender: Ticket::Article::Sender.lookup(name: 'Customer'), - from: 'sender', - subject: 'subject', - body: 'some body', - ticket_id: ticket.id, - updated_by_id: 1, - created_by_id: 1, - ) - - Ticket::TimeAccounting.create!( - ticket_id: ticket.id, - ticket_article_id: article.id, - time_unit: 200, - ) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - get "/api/v1/time_accounting/log/by_ticket/#{@year}/#{@month}?download=true", params: {}, headers: @headers.merge('Authorization' => credentials) - - assert_response(200) - assert(@response['Content-Disposition']) - assert_equal("attachment; filename=\"by_ticket-#{@year}-#{@month}.xls\"", @response['Content-Disposition']) - assert_equal('application/vnd.ms-excel', @response['Content-Type']) - end -end diff --git a/test/controllers/user_controller_test.rb b/test/controllers/user_controller_test.rb deleted file mode 100644 index 58e437893..000000000 --- a/test/controllers/user_controller_test.rb +++ /dev/null @@ -1,1137 +0,0 @@ -require 'test_helper' - -class UserControllerTest < ActionDispatch::IntegrationTest - include SearchindexHelper - - setup do - - # set accept header - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - - # create agent - roles = Role.where(name: %w[Admin Agent]) - groups = Group.all - - UserInfo.current_user_id = 1 - - @backup_admin = User.create!( - login: 'backup-admin', - firstname: 'Backup', - lastname: 'Agent', - email: 'backup-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - @admin = User.create!( - login: 'rest-admin', - firstname: 'Rest', - lastname: 'Agent', - email: 'rest-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - # create agent - roles = Role.where(name: 'Agent') - @agent = User.create!( - login: 'rest-agent@example.com', - firstname: 'Rest', - lastname: 'Agent', - email: 'rest-agent@example.com', - password: 'agentpw', - active: true, - roles: roles, - groups: groups, - ) - - # create customer without org - roles = Role.where(name: 'Customer') - @customer_without_org = User.create!( - login: 'rest-customer1@example.com', - firstname: 'Rest', - lastname: 'Customer1', - email: 'rest-customer1@example.com', - password: 'customer1pw', - active: true, - roles: roles, - ) - - # create orgs - @organization = Organization.create!( - name: 'Rest Org', - ) - @organization2 = Organization.create!( - name: 'Rest Org #2', - ) - @organization3 = Organization.create!( - name: 'Rest Org #3', - ) - - # create customer with org - @customer_with_org = User.create!( - login: 'rest-customer2@example.com', - firstname: 'Rest', - lastname: 'Customer2', - email: 'rest-customer2@example.com', - password: 'customer2pw', - active: true, - roles: roles, - organization_id: @organization.id, - ) - - configure_elasticsearch do - - travel 1.minute - - rebuild_searchindex - - # execute background jobs - Scheduler.worker(true) - - sleep 6 - end - - UserInfo.current_user_id = nil - end - - test 'user create tests - no user' do - - post '/api/v1/signshow', params: {}, headers: @headers - - # create user with disabled feature - Setting.set('user_create_account', false) - token = @response.headers['CSRF-TOKEN'] - - # token based on form - params = { email: 'some_new_customer@example.com', authenticity_token: token } - post '/api/v1/users', params: params.to_json, headers: @headers - assert_response(422) - result = JSON.parse(@response.body) - assert(result['error']) - assert_equal('Feature not enabled!', result['error']) - - # token based on headers - headers = @headers.merge('X-CSRF-Token' => token) - params = { email: 'some_new_customer@example.com' } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(422) - result = JSON.parse(@response.body) - assert(result['error']) - assert_equal('Feature not enabled!', result['error']) - - Setting.set('user_create_account', true) - - # no signup param with enabled feature - params = { email: 'some_new_customer@example.com' } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(422) - result = JSON.parse(@response.body) - assert(result['error']) - assert_equal('Only signup with not authenticate user possible!', result['error']) - - # already existing user with enabled feature - params = { email: 'rest-customer1@example.com', signup: true } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(422) - result = JSON.parse(@response.body) - assert(result['error']) - assert_equal('Email address is already used for other user.', result['error']) - - # email missing with enabled feature - params = { firstname: 'some firstname', signup: true } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(422) - result = JSON.parse(@response.body) - assert(result['error']) - assert_equal('Attribute \'email\' required!', result['error']) - - # email missing with enabled feature - params = { firstname: 'some firstname', signup: true } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(422) - result = JSON.parse(@response.body) - assert(result['error']) - assert_equal('Attribute \'email\' required!', result['error']) - - # create user with enabled feature (take customer role) - params = { firstname: 'Me First', lastname: 'Me Last', email: 'new_here@example.com', signup: true } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - - assert_equal('Me First', result['firstname']) - assert_equal('Me Last', result['lastname']) - assert_equal('new_here@example.com', result['login']) - assert_equal('new_here@example.com', result['email']) - user = User.find(result['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - - # create user with admin role (not allowed for signup, take customer role) - role = Role.lookup(name: 'Admin') - params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin@example.com', role_ids: [ role.id ], signup: true } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - user = User.find(result['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - - # create user with agent role (not allowed for signup, take customer role) - role = Role.lookup(name: 'Agent') - params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent@example.com', role_ids: [ role.id ], signup: true } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - user = User.find(result['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - - # no user (because of no session) - get '/api/v1/users', params: {}, headers: headers - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('authentication failed', result['error']) - - # me - get '/api/v1/users/me', params: {}, headers: headers - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('authentication failed', result['error']) - end - - test 'auth tests - not existing user' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('not_existing@example.com', 'adminpw') - - # me - get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('authentication failed', result['error']) - - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('authentication failed', result['error']) - end - - test 'auth tests - username auth, wrong pw' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'not_existing') - - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('authentication failed', result['error']) - end - - test 'auth tests - email auth, wrong pw' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'not_existing') - - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('authentication failed', result['error']) - end - - test 'auth tests - username auth' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'adminpw') - - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - end - - test 'auth tests - email auth' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - end - - test 'user index and create with admin' do - - # email auth - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - # me - get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result['email'], 'rest-admin@example.com') - - # index - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - - # index - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result.class, Array) - assert(result.length >= 3) - - # show/:id - get "/api/v1/users/#{@agent.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result.class, Hash) - assert_equal(result['email'], 'rest-agent@example.com') - - get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result.class, Hash) - assert_equal(result['email'], 'rest-customer1@example.com') - - # create user with admin role - role = Role.lookup(name: 'Admin') - params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_admin@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - user = User.find(result['id']) - assert(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert_not(user.role?('Customer')) - assert_equal('new_admin_by_admin@example.com', result['login']) - assert_equal('new_admin_by_admin@example.com', result['email']) - - # create user with agent role - role = Role.lookup(name: 'Agent') - params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_admin1@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - user = User.find(result['id']) - assert_not(user.role?('Admin')) - assert(user.role?('Agent')) - assert_not(user.role?('Customer')) - assert_equal('new_agent_by_admin1@example.com', result['login']) - assert_equal('new_agent_by_admin1@example.com', result['email']) - - role = Role.lookup(name: 'Agent') - params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - user = User.find(result['id']) - assert_not(user.role?('Admin')) - assert(user.role?('Agent')) - assert_not(user.role?('Customer')) - assert_equal('new_agent_by_admin2@example.com', result['login']) - assert_equal('new_agent_by_admin2@example.com', result['email']) - assert_equal('Agent', result['firstname']) - assert_equal('First', result['lastname']) - - role = Role.lookup(name: 'Agent') - params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert(result) - assert_equal('Email address is already used for other user.', result['error']) - - # missing required attributes - params = { note: 'some note' } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert(result) - assert_equal('Minimum one identifier (login, firstname, lastname, phone or email) for user is required.', result['error']) - - # invalid email - params = { firstname: 'newfirstname123', email: 'some_what', note: 'some note' } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert(result) - assert_equal('Invalid email', result['error']) - - # with valid attributes - params = { firstname: 'newfirstname123', note: 'some note' } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - user = User.find(result['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - assert(result['login'].start_with?('auto-')) - assert_equal('', result['email']) - assert_equal('newfirstname123', result['firstname']) - assert_equal('', result['lastname']) - end - - test 'user index and create with agent' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw') - - # me - get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result['email'], 'rest-agent@example.com') - - # index - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - - # index - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result.class, Array) - assert(result.length >= 3) - - get '/api/v1/users?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - users = User.order(:id).limit(2) - assert_equal(users[0].id, result[0]['id']) - assert_equal(users[1].id, result[1]['id']) - assert_equal(2, result.count) - - get '/api/v1/users?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - users = User.order(:id).limit(4) - assert_equal(users[2].id, result[0]['id']) - assert_equal(users[3].id, result[1]['id']) - assert_equal(2, result.count) - - # create user with admin role - firstname = "First test#{rand(999_999_999)}" - role = Role.lookup(name: 'Admin') - params = { firstname: "Admin#{firstname}", lastname: 'Admin Last', email: 'new_admin_by_agent@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result_user1 = JSON.parse(@response.body) - assert(result_user1) - user = User.find(result_user1['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - assert_equal('new_admin_by_agent@example.com', result_user1['login']) - assert_equal('new_admin_by_agent@example.com', result_user1['email']) - - # create user with agent role - role = Role.lookup(name: 'Agent') - params = { firstname: "Agent#{firstname}", lastname: 'Agent Last', email: 'new_agent_by_agent@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result_user1 = JSON.parse(@response.body) - assert(result_user1) - user = User.find(result_user1['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - assert_equal('new_agent_by_agent@example.com', result_user1['login']) - assert_equal('new_agent_by_agent@example.com', result_user1['email']) - - # create user with customer role - role = Role.lookup(name: 'Customer') - params = { firstname: "Customer#{firstname}", lastname: 'Customer Last', email: 'new_customer_by_agent@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result_user1 = JSON.parse(@response.body) - assert(result_user1) - user = User.find(result_user1['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - assert_equal('new_customer_by_agent@example.com', result_user1['login']) - assert_equal('new_customer_by_agent@example.com', result_user1['email']) - - # search as agent - Scheduler.worker(true) - sleep 2 # let es time to come ready - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - - assert_equal(result_user1['id'], result[0]['id']) - assert_equal("Customer#{firstname}", result[0]['firstname']) - assert_equal('Customer Last', result[0]['lastname']) - assert(result[0]['role_ids']) - assert_not(result[0]['roles']) - - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(result_user1['id'], result[0]['id']) - assert_equal("Customer#{firstname}", result[0]['firstname']) - assert_equal('Customer Last', result[0]['lastname']) - assert(result[0]['role_ids']) - assert(result[0]['roles']) - - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(result_user1['id'], result[0]['id']) - assert_equal("Customer#{firstname} Customer Last ", result[0]['label']) - assert_equal("Customer#{firstname} Customer Last ", result[0]['value']) - assert_not(result[0]['role_ids']) - assert_not(result[0]['roles']) - - get "/api/v1/users/search?term=#{CGI.escape("Customer#{firstname}")}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(result_user1['id'], result[0]['id']) - assert_equal("Customer#{firstname} Customer Last ", result[0]['label']) - assert_equal('new_customer_by_agent@example.com', result[0]['value']) - assert_not(result[0]['role_ids']) - assert_not(result[0]['roles']) - - role = Role.find_by(name: 'Agent') - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(0, result.count) - - role = Role.find_by(name: 'Customer') - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(result_user1['id'], result[0]['id']) - assert_equal("Customer#{firstname} Customer Last ", result[0]['label']) - assert_equal("Customer#{firstname} Customer Last ", result[0]['value']) - assert_not(result[0]['role_ids']) - assert_not(result[0]['roles']) - - permission = Permission.find_by(name: 'ticket.agent') - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(0, result.count) - - permission = Permission.find_by(name: 'ticket.customer') - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(result_user1['id'], result[0]['id']) - assert_equal("Customer#{firstname} Customer Last ", result[0]['label']) - assert_equal("Customer#{firstname} Customer Last ", result[0]['value']) - assert_not(result[0]['role_ids']) - assert_not(result[0]['roles']) - end - - test 'user index and create with customer1' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw') - - # me - get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result['email'], 'rest-customer1@example.com') - - # index - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Array) - assert_equal(result.length, 1) - - # show/:id - get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['email'], 'rest-customer1@example.com') - - get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert(result['error']) - - # create user with admin role - role = Role.lookup(name: 'Admin') - params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_customer1@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - - # create user with agent role - role = Role.lookup(name: 'Agent') - params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_customer1@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - - # search - Scheduler.worker(true) - get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - end - - test 'user index with customer2' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw') - - # me - get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result['email'], 'rest-customer2@example.com') - - # index - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Array) - assert_equal(result.length, 1) - - # show/:id - get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['email'], 'rest-customer2@example.com') - - get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert(result['error']) - - # search - Scheduler.worker(true) - get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - end - - test '04.01 users show and response format' do - roles = Role.where(name: 'Customer') - organization = Organization.first - user = User.create!( - login: 'rest-customer3@example.com', - firstname: 'Rest', - lastname: 'Customer3', - email: 'rest-customer3@example.com', - password: 'customer3pw', - active: true, - organization: organization, - roles: roles, - updated_by_id: @admin.id, - created_by_id: @admin.id, - ) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - get "/api/v1/users/#{user.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(user.id, result['id']) - assert_equal(user.firstname, result['firstname']) - assert_not(result['organization']) - assert_equal(user.organization_id, result['organization_id']) - assert_not(result['password']) - assert_equal(user.role_ids, result['role_ids']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - get "/api/v1/users/#{user.id}?expand=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(user.id, result['id']) - assert_equal(user.firstname, result['firstname']) - assert_equal(user.organization_id, result['organization_id']) - assert_equal(user.organization.name, result['organization']) - assert_equal(user.role_ids, result['role_ids']) - assert_not(result['password']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - get "/api/v1/users/#{user.id}?expand=false", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(user.id, result['id']) - assert_equal(user.firstname, result['firstname']) - assert_not(result['organization']) - assert_equal(user.organization_id, result['organization_id']) - assert_not(result['password']) - assert_equal(user.role_ids, result['role_ids']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - get "/api/v1/users/#{user.id}?full=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - - assert_equal(Hash, result.class) - assert_equal(user.id, result['id']) - assert(result['assets']) - assert(result['assets']['User']) - assert(result['assets']['User'][user.id.to_s]) - assert_equal(user.id, result['assets']['User'][user.id.to_s]['id']) - assert_equal(user.firstname, result['assets']['User'][user.id.to_s]['firstname']) - assert_equal(user.organization_id, result['assets']['User'][user.id.to_s]['organization_id']) - assert_equal(user.role_ids, result['assets']['User'][user.id.to_s]['role_ids']) - - get "/api/v1/users/#{user.id}?full=false", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(user.id, result['id']) - assert_equal(user.firstname, result['firstname']) - assert_not(result['organization']) - assert_equal(user.organization_id, result['organization_id']) - assert_not(result['password']) - assert_equal(user.role_ids, result['role_ids']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - end - - test '04.02 user index and response format' do - roles = Role.where(name: 'Customer') - organization = Organization.first - user = User.create!( - login: 'rest-customer3@example.com', - firstname: 'Rest', - lastname: 'Customer3', - email: 'rest-customer3@example.com', - password: 'customer3pw', - active: true, - organization: organization, - roles: roles, - updated_by_id: @admin.id, - created_by_id: @admin.id, - ) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(Hash, result[0].class) - assert_equal(user.id, result.last['id']) - assert_equal(user.lastname, result.last['lastname']) - assert_not(result.last['organization']) - assert_equal(user.role_ids, result.last['role_ids']) - assert_equal(user.organization_id, result.last['organization_id']) - assert_not(result.last['password']) - assert_equal(@admin.id, result.last['updated_by_id']) - assert_equal(@admin.id, result.last['created_by_id']) - - get '/api/v1/users?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(Hash, result[0].class) - assert_equal(user.id, result.last['id']) - assert_equal(user.lastname, result.last['lastname']) - assert_equal(user.organization_id, result.last['organization_id']) - assert_equal(user.organization.name, result.last['organization']) - assert_not(result.last['password']) - assert_equal(@admin.id, result.last['updated_by_id']) - assert_equal(@admin.id, result.last['created_by_id']) - - get '/api/v1/users?expand=false', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(Hash, result[0].class) - assert_equal(user.id, result.last['id']) - assert_equal(user.lastname, result.last['lastname']) - assert_not(result.last['organization']) - assert_equal(user.role_ids, result.last['role_ids']) - assert_equal(user.organization_id, result.last['organization_id']) - assert_not(result.last['password']) - assert_equal(@admin.id, result.last['updated_by_id']) - assert_equal(@admin.id, result.last['created_by_id']) - - get '/api/v1/users?full=true', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - - assert_equal(Hash, result.class) - assert_equal(Array, result['record_ids'].class) - assert_equal(1, result['record_ids'][0]) - assert_equal(user.id, result['record_ids'].last) - assert(result['assets']) - assert(result['assets']['User']) - assert(result['assets']['User'][user.id.to_s]) - assert_equal(user.id, result['assets']['User'][user.id.to_s]['id']) - assert_equal(user.lastname, result['assets']['User'][user.id.to_s]['lastname']) - assert_equal(user.organization_id, result['assets']['User'][user.id.to_s]['organization_id']) - assert_not(result['assets']['User'][user.id.to_s]['password']) - - get '/api/v1/users?full=false', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(Hash, result[0].class) - assert_equal(user.id, result.last['id']) - assert_equal(user.lastname, result.last['lastname']) - assert_not(result.last['organization']) - assert_equal(user.role_ids, result.last['role_ids']) - assert_equal(user.organization_id, result.last['organization_id']) - assert_not(result.last['password']) - assert_equal(@admin.id, result.last['updated_by_id']) - assert_equal(@admin.id, result.last['created_by_id']) - end - - test '04.03 ticket create and response format' do - organization = Organization.first - params = { - firstname: 'newfirstname123', - note: 'some note', - organization: organization.name, - } - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - user = User.find(result['id']) - assert_equal(user.firstname, result['firstname']) - assert_equal(user.organization_id, result['organization_id']) - assert_not(result['organization']) - assert_not(result['password']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - post '/api/v1/users?expand=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - user = User.find(result['id']) - assert_equal(user.firstname, result['firstname']) - assert_equal(user.organization_id, result['organization_id']) - assert_equal(user.organization.name, result['organization']) - assert_not(result['password']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - post '/api/v1/users?full=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - user = User.find(result['id']) - assert(result['assets']) - assert(result['assets']['User']) - assert(result['assets']['User'][user.id.to_s]) - assert_equal(user.id, result['assets']['User'][user.id.to_s]['id']) - assert_equal(user.firstname, result['assets']['User'][user.id.to_s]['firstname']) - assert_equal(user.lastname, result['assets']['User'][user.id.to_s]['lastname']) - assert_not(result['assets']['User'][user.id.to_s]['password']) - - assert(result['assets']['User'][@admin.id.to_s]) - assert_equal(@admin.id, result['assets']['User'][@admin.id.to_s]['id']) - assert_equal(@admin.firstname, result['assets']['User'][@admin.id.to_s]['firstname']) - assert_equal(@admin.lastname, result['assets']['User'][@admin.id.to_s]['lastname']) - assert_not(result['assets']['User'][@admin.id.to_s]['password']) - - end - - test '04.04 ticket update and response formats' do - roles = Role.where(name: 'Customer') - organization = Organization.first - user = User.create!( - login: 'rest-customer3@example.com', - firstname: 'Rest', - lastname: 'Customer3', - email: 'rest-customer3@example.com', - password: 'customer3pw', - active: true, - organization: organization, - roles: roles, - updated_by_id: @admin.id, - created_by_id: @admin.id, - ) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - params = { - firstname: 'a update firstname #1', - } - put "/api/v1/users/#{user.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - user = User.find(result['id']) - assert_equal(user.lastname, result['lastname']) - assert_equal(params[:firstname], result['firstname']) - assert_equal(user.organization_id, result['organization_id']) - assert_not(result['organization']) - assert_not(result['password']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - params = { - firstname: 'a update firstname #2', - } - put "/api/v1/users/#{user.id}?expand=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - user = User.find(result['id']) - assert_equal(user.lastname, result['lastname']) - assert_equal(params[:firstname], result['firstname']) - assert_equal(user.organization_id, result['organization_id']) - assert_equal(user.organization.name, result['organization']) - assert_not(result['password']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - params = { - firstname: 'a update firstname #3', - } - put "/api/v1/users/#{user.id}?full=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - user = User.find(result['id']) - assert(result['assets']) - assert(result['assets']['User']) - assert(result['assets']['User'][user.id.to_s]) - assert_equal(user.id, result['assets']['User'][user.id.to_s]['id']) - assert_equal(params[:firstname], result['assets']['User'][user.id.to_s]['firstname']) - assert_equal(user.lastname, result['assets']['User'][user.id.to_s]['lastname']) - assert_not(result['assets']['User'][user.id.to_s]['password']) - - assert(result['assets']['User'][@admin.id.to_s]) - assert_equal(@admin.id, result['assets']['User'][@admin.id.to_s]['id']) - assert_equal(@admin.firstname, result['assets']['User'][@admin.id.to_s]['firstname']) - assert_equal(@admin.lastname, result['assets']['User'][@admin.id.to_s]['lastname']) - assert_not(result['assets']['User'][@admin.id.to_s]['password']) - - end - - test '05.01 csv example - customer no access' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw') - - get '/api/v1/users/import_example', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('Not authorized (user)!', result['error']) - end - - test '05.02 csv example - admin access' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - get '/api/v1/users/import_example', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - - rows = CSV.parse(@response.body) - header = rows.shift - - assert_equal('id', header[0]) - assert_equal('login', header[1]) - assert_equal('firstname', header[2]) - assert_equal('lastname', header[3]) - assert_equal('email', header[4]) - assert(header.include?('organization')) - end - - test '05.03 csv import - admin access' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - # invalid file - csv_file_path = Rails.root.join('test', 'data', 'csv', 'user_simple_col_not_existing.csv') - csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') - post '/api/v1/users/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials } - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert_equal(true, result['try']) - assert_equal(2, result['records'].count) - assert_equal('failed', result['result']) - assert_equal(2, result['errors'].count) - assert_equal("Line 1: unknown attribute 'firstname2' for User.", result['errors'][0]) - assert_equal("Line 2: unknown attribute 'firstname2' for User.", result['errors'][1]) - - # valid file try - csv_file_path = Rails.root.join('test', 'data', 'csv', 'user_simple.csv') - csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') - post '/api/v1/users/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials } - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert_equal(true, result['try']) - assert_equal(2, result['records'].count) - assert_equal('success', result['result']) - - assert_nil(User.find_by(login: 'user-simple-import1')) - assert_nil(User.find_by(login: 'user-simple-import2')) - - # valid file - csv_file_path = Rails.root.join('test', 'data', 'csv', 'user_simple.csv') - csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') - post '/api/v1/users/import', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials } - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert_equal(false, result['try']) - assert_equal(2, result['records'].count) - assert_equal('success', result['result']) - - user1 = User.find_by(login: 'user-simple-import1') - assert(user1) - assert_equal(user1.login, 'user-simple-import1') - assert_equal(user1.firstname, 'firstname-simple-import1') - assert_equal(user1.lastname, 'lastname-simple-import1') - assert_equal(user1.email, 'user-simple-import1@example.com') - assert_equal(user1.active, true) - user2 = User.find_by(login: 'user-simple-import2') - assert(user2) - assert_equal(user2.login, 'user-simple-import2') - assert_equal(user2.firstname, 'firstname-simple-import2') - assert_equal(user2.lastname, 'lastname-simple-import2') - assert_equal(user2.email, 'user-simple-import2@example.com') - assert_equal(user2.active, false) - - user1.destroy! - user2.destroy! - end - - test 'user search sortable' do - firstname = "user_search_sortable #{rand(999_999_999)}" - - roles = Role.where(name: 'Customer') - user1 = User.create_or_update( - login: 'rest-user_search_sortableA@example.com', - firstname: "#{firstname} A", - lastname: 'user_search_sortableA', - email: 'rest-user_search_sortableA@example.com', - password: 'user_search_sortableA', - active: true, - roles: roles, - organization_id: @organization.id, - out_of_office: false, - created_at: '2016-02-05 17:42:00', - updated_by_id: 1, - created_by_id: 1, - ) - user2 = User.create_or_update( - login: 'rest-user_search_sortableB@example.com', - firstname: "#{firstname} B", - lastname: 'user_search_sortableB', - email: 'rest-user_search_sortableB@example.com', - password: 'user_search_sortableB', - active: true, - roles: roles, - organization_id: @organization.id, - out_of_office_start_at: '2016-02-06 19:42:00', - out_of_office_end_at: '2016-02-07 19:42:00', - out_of_office_replacement_id: 1, - out_of_office: true, - created_at: '2016-02-05 19:42:00', - updated_by_id: 1, - created_by_id: 1, - ) - Scheduler.worker(true) - sleep 2 # let es time to come ready - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'created_at', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - result.collect! { |v| v['id'] } - assert_equal([user1.id, user2.id], result) - - get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'firstname', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - result.collect! { |v| v['id'] } - assert_equal([user1.id, user2.id], result) - - get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'firstname', order_by: 'desc' }, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - result.collect! { |v| v['id'] } - assert_equal([user2.id, user1.id], result) - - get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[firstname created_at], order_by: %w[desc asc] }, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - result.collect! { |v| v['id'] } - assert_equal([user2.id, user1.id], result) - - get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[firstname created_at], order_by: %w[desc asc] }, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - result.collect! { |v| v['id'] } - assert_equal([user2.id, user1.id], result) - - get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'out_of_office', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - result.collect! { |v| v['id'] } - assert_equal([user1.id, user2.id], result) - - get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'out_of_office', order_by: 'desc' }, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - result.collect! { |v| v['id'] } - assert_equal([user2.id, user1.id], result) - - get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[created_by_id created_at], order_by: %w[asc asc] }, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - result.collect! { |v| v['id'] } - assert_equal([user1.id, user2.id], result) - end - -end diff --git a/test/controllers/user_organization_controller_test.rb b/test/controllers/user_organization_controller_test.rb deleted file mode 100644 index 2bb496ef1..000000000 --- a/test/controllers/user_organization_controller_test.rb +++ /dev/null @@ -1,773 +0,0 @@ -require 'test_helper' - -class UserOrganizationControllerTest < ActionDispatch::IntegrationTest - include SearchindexHelper - - setup do - - # set accept header - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - - # create agent - roles = Role.where(name: %w[Admin Agent]) - groups = Group.all - - UserInfo.current_user_id = 1 - - @backup_admin = User.create!( - login: 'backup-admin', - firstname: 'Backup', - lastname: 'Agent', - email: 'backup-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - @admin = User.create!( - login: 'rest-admin', - firstname: 'Rest', - lastname: 'Agent', - email: 'rest-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - # create agent - roles = Role.where(name: 'Agent') - @agent = User.create!( - login: 'rest-agent@example.com', - firstname: 'Rest', - lastname: 'Agent', - email: 'rest-agent@example.com', - password: 'agentpw', - active: true, - roles: roles, - groups: groups, - ) - - # create customer without org - roles = Role.where(name: 'Customer') - @customer_without_org = User.create!( - login: 'rest-customer1@example.com', - firstname: 'Rest', - lastname: 'Customer1', - email: 'rest-customer1@example.com', - password: 'customer1pw', - active: true, - roles: roles, - ) - - # create orgs - @organization = Organization.create!( - name: 'Rest Org', - note: 'Rest Org A', - ) - @organization2 = Organization.create!( - name: 'Rest Org #2', - note: 'Rest Org B', - ) - @organization3 = Organization.create!( - name: 'Rest Org #3', - note: 'Rest Org C', - ) - - # create customer with org - @customer_with_org = User.create!( - login: 'rest-customer2@example.com', - firstname: 'Rest', - lastname: 'Customer2', - email: 'rest-customer2@example.com', - password: 'customer2pw', - active: true, - roles: roles, - organization_id: @organization.id, - ) - - configure_elasticsearch do - - travel 1.minute - - rebuild_searchindex - - # execute background jobs - Scheduler.worker(true) - - sleep 6 - end - end - - test 'user create tests - no user' do - - post '/api/v1/signshow', params: {}, headers: @headers - - # create user with disabled feature - Setting.set('user_create_account', false) - token = @response.headers['CSRF-TOKEN'] - - # token based on form - params = { email: 'some_new_customer@example.com', authenticity_token: token } - post '/api/v1/users', params: params.to_json, headers: @headers - assert_response(422) - result = JSON.parse(@response.body) - assert(result['error']) - assert_equal('Feature not enabled!', result['error']) - - # token based on headers - headers = @headers.merge('X-CSRF-Token' => token) - params = { email: 'some_new_customer@example.com' } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(422) - result = JSON.parse(@response.body) - assert(result['error']) - assert_equal('Feature not enabled!', result['error']) - - Setting.set('user_create_account', true) - - # no signup param with enabled feature - params = { email: 'some_new_customer@example.com' } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(422) - result = JSON.parse(@response.body) - assert(result['error']) - assert_equal('Only signup with not authenticate user possible!', result['error']) - - # already existing user with enabled feature - params = { email: 'rest-customer1@example.com', signup: true } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(422) - result = JSON.parse(@response.body) - assert(result['error']) - assert_equal('Email address is already used for other user.', result['error']) - - # email missing with enabled feature - params = { firstname: 'some firstname', signup: true } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(422) - result = JSON.parse(@response.body) - assert(result['error']) - assert_equal('Attribute \'email\' required!', result['error']) - - # email missing with enabled feature - params = { firstname: 'some firstname', signup: true } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(422) - result = JSON.parse(@response.body) - assert(result['error']) - assert_equal('Attribute \'email\' required!', result['error']) - - # create user with enabled feature (take customer role) - params = { firstname: 'Me First', lastname: 'Me Last', email: 'new_here@example.com', signup: true } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - - assert_equal('Me First', result['firstname']) - assert_equal('Me Last', result['lastname']) - assert_equal('new_here@example.com', result['login']) - assert_equal('new_here@example.com', result['email']) - user = User.find(result['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - - # create user with admin role (not allowed for signup, take customer role) - role = Role.lookup(name: 'Admin') - params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin@example.com', role_ids: [ role.id ], signup: true } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - user = User.find(result['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - - # create user with agent role (not allowed for signup, take customer role) - role = Role.lookup(name: 'Agent') - params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent@example.com', role_ids: [ role.id ], signup: true } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - user = User.find(result['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - - # no user (because of no session) - get '/api/v1/users', params: {}, headers: headers - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('authentication failed', result['error']) - - # me - get '/api/v1/users/me', params: {}, headers: headers - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('authentication failed', result['error']) - end - - test 'auth tests - not existing user' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('not_existing@example.com', 'adminpw') - - # me - get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('authentication failed', result['error']) - - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('authentication failed', result['error']) - end - - test 'auth tests - username auth, wrong pw' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'not_existing') - - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('authentication failed', result['error']) - end - - test 'auth tests - email auth, wrong pw' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'not_existing') - - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('authentication failed', result['error']) - end - - test 'auth tests - username auth' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'adminpw') - - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - end - - test 'auth tests - email auth' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - end - - test 'user index and create with admin' do - - # email auth - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - # me - get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result['email'], 'rest-admin@example.com') - - # index - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - - # index - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result.class, Array) - assert(result.length >= 3) - - # show/:id - get "/api/v1/users/#{@agent.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result.class, Hash) - assert_equal(result['email'], 'rest-agent@example.com') - - get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result.class, Hash) - assert_equal(result['email'], 'rest-customer1@example.com') - - # create user with admin role - role = Role.lookup(name: 'Admin') - params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_admin@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - user = User.find(result['id']) - assert(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert_not(user.role?('Customer')) - assert_equal('new_admin_by_admin@example.com', result['login']) - assert_equal('new_admin_by_admin@example.com', result['email']) - - # create user with agent role - role = Role.lookup(name: 'Agent') - params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_admin1@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - user = User.find(result['id']) - assert_not(user.role?('Admin')) - assert(user.role?('Agent')) - assert_not(user.role?('Customer')) - assert_equal('new_agent_by_admin1@example.com', result['login']) - assert_equal('new_agent_by_admin1@example.com', result['email']) - - role = Role.lookup(name: 'Agent') - params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - user = User.find(result['id']) - assert_not(user.role?('Admin')) - assert(user.role?('Agent')) - assert_not(user.role?('Customer')) - assert_equal('new_agent_by_admin2@example.com', result['login']) - assert_equal('new_agent_by_admin2@example.com', result['email']) - assert_equal('Agent', result['firstname']) - assert_equal('First', result['lastname']) - - role = Role.lookup(name: 'Agent') - params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert(result) - assert_equal('Email address is already used for other user.', result['error']) - - # missing required attributes - params = { note: 'some note' } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert(result) - assert_equal('Minimum one identifier (login, firstname, lastname, phone or email) for user is required.', result['error']) - - # invalid email - params = { firstname: 'newfirstname123', email: 'some_what', note: 'some note' } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert(result) - assert_equal('Invalid email', result['error']) - - # with valid attributes - params = { firstname: 'newfirstname123', note: 'some note' } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - user = User.find(result['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - assert(result['login'].start_with?('auto-')) - assert_equal('', result['email']) - assert_equal('newfirstname123', result['firstname']) - assert_equal('', result['lastname']) - end - - test 'user index and create with agent' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw') - - # me - get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result['email'], 'rest-agent@example.com') - - # index - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - - # index - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result.class, Array) - assert(result.length >= 3) - - get '/api/v1/users?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - users = User.order(:id).limit(2) - assert_equal(users[0].id, result[0]['id']) - assert_equal(users[1].id, result[1]['id']) - assert_equal(2, result.count) - - get '/api/v1/users?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - users = User.order(:id).limit(4) - assert_equal(users[2].id, result[0]['id']) - assert_equal(users[3].id, result[1]['id']) - assert_equal(2, result.count) - - # create user with admin role - firstname = "First test#{rand(999_999_999)}" - role = Role.lookup(name: 'Admin') - params = { firstname: "Admin#{firstname}", lastname: 'Admin Last', email: 'new_admin_by_agent@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result_user1 = JSON.parse(@response.body) - assert(result_user1) - user = User.find(result_user1['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - assert_equal('new_admin_by_agent@example.com', result_user1['login']) - assert_equal('new_admin_by_agent@example.com', result_user1['email']) - - # create user with agent role - role = Role.lookup(name: 'Agent') - params = { firstname: "Agent#{firstname}", lastname: 'Agent Last', email: 'new_agent_by_agent@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result_user1 = JSON.parse(@response.body) - assert(result_user1) - user = User.find(result_user1['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - assert_equal('new_agent_by_agent@example.com', result_user1['login']) - assert_equal('new_agent_by_agent@example.com', result_user1['email']) - - # create user with customer role - role = Role.lookup(name: 'Customer') - params = { firstname: "Customer#{firstname}", lastname: 'Customer Last', email: 'new_customer_by_agent@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result_user1 = JSON.parse(@response.body) - assert(result_user1) - user = User.find(result_user1['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - assert_equal('new_customer_by_agent@example.com', result_user1['login']) - assert_equal('new_customer_by_agent@example.com', result_user1['email']) - - # search as agent - Scheduler.worker(true) - sleep 2 # let es time to come ready - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - - assert_equal(result_user1['id'], result[0]['id']) - assert_equal("Customer#{firstname}", result[0]['firstname']) - assert_equal('Customer Last', result[0]['lastname']) - assert(result[0]['role_ids']) - assert_not(result[0]['roles']) - - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(result_user1['id'], result[0]['id']) - assert_equal("Customer#{firstname}", result[0]['firstname']) - assert_equal('Customer Last', result[0]['lastname']) - assert(result[0]['role_ids']) - assert(result[0]['roles']) - - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(result_user1['id'], result[0]['id']) - assert_equal("Customer#{firstname} Customer Last ", result[0]['label']) - assert_equal("Customer#{firstname} Customer Last ", result[0]['value']) - assert_not(result[0]['role_ids']) - assert_not(result[0]['roles']) - - role = Role.find_by(name: 'Agent') - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(0, result.count) - - role = Role.find_by(name: 'Customer') - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(result_user1['id'], result[0]['id']) - assert_equal("Customer#{firstname} Customer Last ", result[0]['label']) - assert_equal("Customer#{firstname} Customer Last ", result[0]['value']) - assert_not(result[0]['role_ids']) - assert_not(result[0]['roles']) - - permission = Permission.find_by(name: 'ticket.agent') - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(0, result.count) - - permission = Permission.find_by(name: 'ticket.customer') - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(result_user1['id'], result[0]['id']) - assert_equal("Customer#{firstname} Customer Last ", result[0]['label']) - assert_equal("Customer#{firstname} Customer Last ", result[0]['value']) - assert_not(result[0]['role_ids']) - assert_not(result[0]['roles']) - end - - test 'user index and create with customer1' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw') - - # me - get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result['email'], 'rest-customer1@example.com') - - # index - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Array) - assert_equal(result.length, 1) - - # show/:id - get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['email'], 'rest-customer1@example.com') - - get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert(result['error']) - - # create user with admin role - role = Role.lookup(name: 'Admin') - params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_customer1@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - - # create user with agent role - role = Role.lookup(name: 'Agent') - params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_customer1@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - - # search - Scheduler.worker(true) - get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - end - - test 'user index with customer2' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw') - - # me - get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result['email'], 'rest-customer2@example.com') - - # index - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Array) - assert_equal(result.length, 1) - - # show/:id - get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['email'], 'rest-customer2@example.com') - - get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert(result['error']) - - # search - Scheduler.worker(true) - get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - end - - test 'organization index with agent' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw') - - # index - get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Array) - assert_equal(result[0]['member_ids'].class, Array) - assert(result.length >= 3) - - get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - organizations = Organization.order(:id).limit(2) - assert_equal(organizations[0].id, result[0]['id']) - assert_equal(organizations[0].member_ids, result[0]['member_ids']) - assert_equal(organizations[1].id, result[1]['id']) - assert_equal(organizations[1].member_ids, result[1]['member_ids']) - assert_equal(2, result.count) - - get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - organizations = Organization.order(:id).limit(4) - assert_equal(organizations[2].id, result[0]['id']) - assert_equal(organizations[2].member_ids, result[0]['member_ids']) - assert_equal(organizations[3].id, result[1]['id']) - assert_equal(organizations[3].member_ids, result[1]['member_ids']) - - assert_equal(2, result.count) - - # show/:id - get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['member_ids'].class, Array) - assert_not(result['members']) - assert_equal(result['name'], 'Rest Org') - - get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['member_ids'].class, Array) - assert_not(result['members']) - assert_equal(result['name'], 'Rest Org #2') - - # search as agent - Scheduler.worker(true) - get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal('Zammad Foundation', result[0]['name']) - assert(result[0]['member_ids']) - assert_not(result[0]['members']) - - get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal('Zammad Foundation', result[0]['name']) - assert(result[0]['member_ids']) - assert(result[0]['members']) - - get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal('Zammad Foundation', result[0]['label']) - assert_equal('Zammad Foundation', result[0]['value']) - assert_not(result[0]['member_ids']) - assert_not(result[0]['members']) - end - - test 'organization index with customer1' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw') - - # index - get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Array) - assert_equal(result.length, 0) - - # show/:id - get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_nil(result['name']) - - get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_nil(result['name']) - - # search - Scheduler.worker(true) - get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - end - - test 'organization index with customer2' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw') - - # index - get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Array) - assert_equal(result.length, 1) - - # show/:id - get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['name'], 'Rest Org') - - get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_nil(result['name']) - - # search - Scheduler.worker(true) - get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - end - -end diff --git a/test/controllers/users_controller_test.rb b/test/controllers/users_controller_test.rb deleted file mode 100644 index 2c627314d..000000000 --- a/test/controllers/users_controller_test.rb +++ /dev/null @@ -1,1146 +0,0 @@ -require 'test_helper' - -class UsersControllerTest < ActionDispatch::IntegrationTest - include SearchindexHelper - - setup do - - # set accept header - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - - # create agent - roles = Role.where(name: %w[Admin Agent]) - groups = Group.all - - UserInfo.current_user_id = 1 - - @backup_admin = User.create!( - login: 'backup-admin', - firstname: 'Backup', - lastname: 'Agent', - email: 'backup-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - @admin = User.create!( - login: 'rest-admin', - firstname: 'Rest', - lastname: 'Agent', - email: 'rest-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - # create agent - roles = Role.where(name: 'Agent') - @agent = User.create!( - login: 'rest-agent@example.com', - firstname: 'Rest', - lastname: 'Agent', - email: 'rest-agent@example.com', - password: 'agentpw', - active: true, - roles: roles, - groups: groups, - ) - - # create customer without org - roles = Role.where(name: 'Customer') - @customer_without_org = User.create!( - login: 'rest-customer1@example.com', - firstname: 'Rest', - lastname: 'Customer1', - email: 'rest-customer1@example.com', - password: 'customer1pw', - active: true, - roles: roles, - ) - - # create orgs - @organization = Organization.create!( - name: 'Rest Org', - ) - @organization2 = Organization.create!( - name: 'Rest Org #2', - ) - @organization3 = Organization.create!( - name: 'Rest Org #3', - ) - - # create customer with org - @customer_with_org = User.create!( - login: 'rest-customer2@example.com', - firstname: 'Rest', - lastname: 'Customer2', - email: 'rest-customer2@example.com', - password: 'customer2pw', - active: true, - roles: roles, - organization_id: @organization.id, - ) - - configure_elasticsearch do - - travel 1.minute - - rebuild_searchindex - - # execute background jobs - Scheduler.worker(true) - - sleep 6 - end - - UserInfo.current_user_id = nil - end - - test 'user create tests - no user' do - - post '/api/v1/signshow', params: {}, headers: @headers - - # create user with disabled feature - Setting.set('user_create_account', false) - token = @response.headers['CSRF-TOKEN'] - - # token based on form - params = { email: 'some_new_customer@example.com', authenticity_token: token } - post '/api/v1/users', params: params.to_json, headers: @headers - assert_response(422) - result = JSON.parse(@response.body) - assert(result['error']) - assert_equal('Feature not enabled!', result['error']) - - # token based on headers - headers = @headers.merge('X-CSRF-Token' => token) - params = { email: 'some_new_customer@example.com' } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(422) - result = JSON.parse(@response.body) - assert(result['error']) - assert_equal('Feature not enabled!', result['error']) - - Setting.set('user_create_account', true) - - # no signup param with enabled feature - params = { email: 'some_new_customer@example.com' } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(422) - result = JSON.parse(@response.body) - assert(result['error']) - assert_equal('Only signup with not authenticate user possible!', result['error']) - - # already existing user with enabled feature - params = { email: 'rest-customer1@example.com', signup: true } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(422) - result = JSON.parse(@response.body) - assert(result['error']) - assert_equal('Email address is already used for other user.', result['error']) - - # email missing with enabled feature - params = { firstname: 'some firstname', signup: true } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(422) - result = JSON.parse(@response.body) - assert(result['error']) - assert_equal('Attribute \'email\' required!', result['error']) - - # email missing with enabled feature - params = { firstname: 'some firstname', signup: true } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(422) - result = JSON.parse(@response.body) - assert(result['error']) - assert_equal('Attribute \'email\' required!', result['error']) - - # create user with enabled feature (take customer role) - params = { firstname: 'Me First', lastname: 'Me Last', email: 'new_here@example.com', signup: true } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - - assert_equal('Me First', result['firstname']) - assert_equal('Me Last', result['lastname']) - assert_equal('new_here@example.com', result['login']) - assert_equal('new_here@example.com', result['email']) - user = User.find(result['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - - # create user with admin role (not allowed for signup, take customer role) - role = Role.lookup(name: 'Admin') - params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin@example.com', role_ids: [ role.id ], signup: true } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - user = User.find(result['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - - # create user with agent role (not allowed for signup, take customer role) - role = Role.lookup(name: 'Agent') - params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent@example.com', role_ids: [ role.id ], signup: true } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - user = User.find(result['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - - # no user (because of no session) - get '/api/v1/users', params: {}, headers: headers - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('authentication failed', result['error']) - - # me - get '/api/v1/users/me', params: {}, headers: headers - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('authentication failed', result['error']) - end - - test 'auth tests - not existing user' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('not_existing@example.com', 'adminpw') - - # me - get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('authentication failed', result['error']) - - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('authentication failed', result['error']) - end - - test 'auth tests - username auth, wrong pw' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'not_existing') - - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('authentication failed', result['error']) - end - - test 'auth tests - email auth, wrong pw' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'not_existing') - - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('authentication failed', result['error']) - end - - test 'auth tests - username auth' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'adminpw') - - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - end - - test 'auth tests - email auth' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - end - - test 'user index and create with admin' do - - # email auth - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - # me - get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result['email'], 'rest-admin@example.com') - - # index - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - - # index - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result.class, Array) - assert(result.length >= 3) - - # show/:id - get "/api/v1/users/#{@agent.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result.class, Hash) - assert_equal(result['email'], 'rest-agent@example.com') - - get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result.class, Hash) - assert_equal(result['email'], 'rest-customer1@example.com') - - # create user with admin role - role = Role.lookup(name: 'Admin') - params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_admin@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - user = User.find(result['id']) - assert(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert_not(user.role?('Customer')) - assert_equal('new_admin_by_admin@example.com', result['login']) - assert_equal('new_admin_by_admin@example.com', result['email']) - - # create user with agent role - role = Role.lookup(name: 'Agent') - params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_admin1@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - user = User.find(result['id']) - assert_not(user.role?('Admin')) - assert(user.role?('Agent')) - assert_not(user.role?('Customer')) - assert_equal('new_agent_by_admin1@example.com', result['login']) - assert_equal('new_agent_by_admin1@example.com', result['email']) - - role = Role.lookup(name: 'Agent') - params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - user = User.find(result['id']) - assert_not(user.role?('Admin')) - assert(user.role?('Agent')) - assert_not(user.role?('Customer')) - assert_equal('new_agent_by_admin2@example.com', result['login']) - assert_equal('new_agent_by_admin2@example.com', result['email']) - assert_equal('Agent', result['firstname']) - assert_equal('First', result['lastname']) - - role = Role.lookup(name: 'Agent') - params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert(result) - assert_equal('Email address is already used for other user.', result['error']) - - # missing required attributes - params = { note: 'some note' } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert(result) - assert_equal('Minimum one identifier (login, firstname, lastname, phone or email) for user is required.', result['error']) - - # invalid email - params = { firstname: 'newfirstname123', email: 'some_what', note: 'some note' } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert(result) - assert_equal('Invalid email', result['error']) - - # with valid attributes - params = { firstname: 'newfirstname123', note: 'some note' } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - user = User.find(result['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - assert(result['login'].start_with?('auto-')) - assert_equal('', result['email']) - assert_equal('newfirstname123', result['firstname']) - assert_equal('', result['lastname']) - end - - test 'user index and create with agent' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw') - - # me - get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result['email'], 'rest-agent@example.com') - - # index - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - - # index - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result.class, Array) - assert(result.length >= 3) - - get '/api/v1/users?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - users = User.order(:id).limit(2) - assert_equal(users[0].id, result[0]['id']) - assert_equal(users[1].id, result[1]['id']) - assert_equal(2, result.count) - - get '/api/v1/users?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - users = User.order(:id).limit(4) - assert_equal(users[2].id, result[0]['id']) - assert_equal(users[3].id, result[1]['id']) - assert_equal(2, result.count) - - # create user with admin role - firstname = "First test#{rand(999_999_999)}" - role = Role.lookup(name: 'Admin') - params = { firstname: "Admin#{firstname}", lastname: 'Admin Last', email: 'new_admin_by_agent@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result_user1 = JSON.parse(@response.body) - assert(result_user1) - user = User.find(result_user1['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - assert_equal('new_admin_by_agent@example.com', result_user1['login']) - assert_equal('new_admin_by_agent@example.com', result_user1['email']) - - # create user with agent role - role = Role.lookup(name: 'Agent') - params = { firstname: "Agent#{firstname}", lastname: 'Agent Last', email: 'new_agent_by_agent@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result_user1 = JSON.parse(@response.body) - assert(result_user1) - user = User.find(result_user1['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - assert_equal('new_agent_by_agent@example.com', result_user1['login']) - assert_equal('new_agent_by_agent@example.com', result_user1['email']) - - # create user with customer role - role = Role.lookup(name: 'Customer') - params = { firstname: "Customer#{firstname}", lastname: 'Customer Last', email: 'new_customer_by_agent@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result_user1 = JSON.parse(@response.body) - assert(result_user1) - user = User.find(result_user1['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - assert_equal('new_customer_by_agent@example.com', result_user1['login']) - assert_equal('new_customer_by_agent@example.com', result_user1['email']) - - # search as agent - Scheduler.worker(true) - sleep 2 # let es time to come ready - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - - assert_equal(result_user1['id'], result[0]['id']) - assert_equal("Customer#{firstname}", result[0]['firstname']) - assert_equal('Customer Last', result[0]['lastname']) - assert(result[0]['role_ids']) - assert_not(result[0]['roles']) - - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(result_user1['id'], result[0]['id']) - assert_equal("Customer#{firstname}", result[0]['firstname']) - assert_equal('Customer Last', result[0]['lastname']) - assert(result[0]['role_ids']) - assert(result[0]['roles']) - - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(result_user1['id'], result[0]['id']) - assert_equal("Customer#{firstname} Customer Last ", result[0]['label']) - assert_equal("Customer#{firstname} Customer Last ", result[0]['value']) - assert_not(result[0]['role_ids']) - assert_not(result[0]['roles']) - - get "/api/v1/users/search?term=#{CGI.escape("Customer#{firstname}")}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(result_user1['id'], result[0]['id']) - assert_equal("Customer#{firstname} Customer Last ", result[0]['label']) - assert_equal('new_customer_by_agent@example.com', result[0]['value']) - assert_not(result[0]['role_ids']) - assert_not(result[0]['roles']) - - role = Role.find_by(name: 'Agent') - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(0, result.count) - - role = Role.find_by(name: 'Customer') - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(result_user1['id'], result[0]['id']) - assert_equal("Customer#{firstname} Customer Last ", result[0]['label']) - assert_equal("Customer#{firstname} Customer Last ", result[0]['value']) - assert_not(result[0]['role_ids']) - assert_not(result[0]['roles']) - - permission = Permission.find_by(name: 'ticket.agent') - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(0, result.count) - - permission = Permission.find_by(name: 'ticket.customer') - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(result_user1['id'], result[0]['id']) - assert_equal("Customer#{firstname} Customer Last ", result[0]['label']) - assert_equal("Customer#{firstname} Customer Last ", result[0]['value']) - assert_not(result[0]['role_ids']) - assert_not(result[0]['roles']) - end - - test 'user index and create with customer1' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw') - - # me - get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result['email'], 'rest-customer1@example.com') - - # index - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Array) - assert_equal(result.length, 1) - - # show/:id - get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['email'], 'rest-customer1@example.com') - - get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert(result['error']) - - # create user with admin role - role = Role.lookup(name: 'Admin') - params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_customer1@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - - # create user with agent role - role = Role.lookup(name: 'Agent') - params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_customer1@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - - # search - Scheduler.worker(true) - get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - end - - test 'user index with customer2' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw') - - # me - get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result['email'], 'rest-customer2@example.com') - - # index - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Array) - assert_equal(result.length, 1) - - # show/:id - get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['email'], 'rest-customer2@example.com') - - get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert(result['error']) - - # search - Scheduler.worker(true) - get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - end - - test '04.01 users show and response format' do - roles = Role.where(name: 'Customer') - organization = Organization.first - user = User.create!( - login: 'rest-customer3@example.com', - firstname: 'Rest', - lastname: 'Customer3', - email: 'rest-customer3@example.com', - password: 'customer3pw', - active: true, - organization: organization, - roles: roles, - updated_by_id: @admin.id, - created_by_id: @admin.id, - ) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - get "/api/v1/users/#{user.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(user.id, result['id']) - assert_equal(user.firstname, result['firstname']) - assert_not(result['organization']) - assert_equal(user.organization_id, result['organization_id']) - assert_not(result['password']) - assert_equal(user.role_ids, result['role_ids']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - get "/api/v1/users/#{user.id}?expand=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(user.id, result['id']) - assert_equal(user.firstname, result['firstname']) - assert_equal(user.organization_id, result['organization_id']) - assert_equal(user.organization.name, result['organization']) - assert_equal(user.role_ids, result['role_ids']) - assert_not(result['password']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - get "/api/v1/users/#{user.id}?expand=false", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(user.id, result['id']) - assert_equal(user.firstname, result['firstname']) - assert_not(result['organization']) - assert_equal(user.organization_id, result['organization_id']) - assert_not(result['password']) - assert_equal(user.role_ids, result['role_ids']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - get "/api/v1/users/#{user.id}?full=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - - assert_equal(Hash, result.class) - assert_equal(user.id, result['id']) - assert(result['assets']) - assert(result['assets']['User']) - assert(result['assets']['User'][user.id.to_s]) - assert_equal(user.id, result['assets']['User'][user.id.to_s]['id']) - assert_equal(user.firstname, result['assets']['User'][user.id.to_s]['firstname']) - assert_equal(user.organization_id, result['assets']['User'][user.id.to_s]['organization_id']) - assert_equal(user.role_ids, result['assets']['User'][user.id.to_s]['role_ids']) - - get "/api/v1/users/#{user.id}?full=false", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - assert_equal(user.id, result['id']) - assert_equal(user.firstname, result['firstname']) - assert_not(result['organization']) - assert_equal(user.organization_id, result['organization_id']) - assert_not(result['password']) - assert_equal(user.role_ids, result['role_ids']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - end - - test '04.02 user index and response format' do - roles = Role.where(name: 'Customer') - organization = Organization.first - user = User.create!( - login: 'rest-customer3@example.com', - firstname: 'Rest', - lastname: 'Customer3', - email: 'rest-customer3@example.com', - password: 'customer3pw', - active: true, - organization: organization, - roles: roles, - updated_by_id: @admin.id, - created_by_id: @admin.id, - ) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(Hash, result[0].class) - assert_equal(user.id, result.last['id']) - assert_equal(user.lastname, result.last['lastname']) - assert_not(result.last['organization']) - assert_equal(user.role_ids, result.last['role_ids']) - assert_equal(user.organization_id, result.last['organization_id']) - assert_not(result.last['password']) - assert_equal(@admin.id, result.last['updated_by_id']) - assert_equal(@admin.id, result.last['created_by_id']) - - get '/api/v1/users?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(Hash, result[0].class) - assert_equal(user.id, result.last['id']) - assert_equal(user.lastname, result.last['lastname']) - assert_equal(user.organization_id, result.last['organization_id']) - assert_equal(user.organization.name, result.last['organization']) - assert_not(result.last['password']) - assert_equal(@admin.id, result.last['updated_by_id']) - assert_equal(@admin.id, result.last['created_by_id']) - - get '/api/v1/users?expand=false', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(Hash, result[0].class) - assert_equal(user.id, result.last['id']) - assert_equal(user.lastname, result.last['lastname']) - assert_not(result.last['organization']) - assert_equal(user.role_ids, result.last['role_ids']) - assert_equal(user.organization_id, result.last['organization_id']) - assert_not(result.last['password']) - assert_equal(@admin.id, result.last['updated_by_id']) - assert_equal(@admin.id, result.last['created_by_id']) - - get '/api/v1/users?full=true', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - - assert_equal(Hash, result.class) - assert_equal(Array, result['record_ids'].class) - assert_equal(1, result['record_ids'][0]) - assert_equal(user.id, result['record_ids'].last) - assert(result['assets']) - assert(result['assets']['User']) - assert(result['assets']['User'][user.id.to_s]) - assert_equal(user.id, result['assets']['User'][user.id.to_s]['id']) - assert_equal(user.lastname, result['assets']['User'][user.id.to_s]['lastname']) - assert_equal(user.organization_id, result['assets']['User'][user.id.to_s]['organization_id']) - assert_not(result['assets']['User'][user.id.to_s]['password']) - - get '/api/v1/users?full=false', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(Hash, result[0].class) - assert_equal(user.id, result.last['id']) - assert_equal(user.lastname, result.last['lastname']) - assert_not(result.last['organization']) - assert_equal(user.role_ids, result.last['role_ids']) - assert_equal(user.organization_id, result.last['organization_id']) - assert_not(result.last['password']) - assert_equal(@admin.id, result.last['updated_by_id']) - assert_equal(@admin.id, result.last['created_by_id']) - end - - test '04.03 ticket create and response format' do - organization = Organization.first - params = { - firstname: 'newfirstname123', - note: 'some note', - organization: organization.name, - } - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - user = User.find(result['id']) - assert_equal(user.firstname, result['firstname']) - assert_equal(user.organization_id, result['organization_id']) - assert_not(result['organization']) - assert_not(result['password']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - post '/api/v1/users?expand=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - user = User.find(result['id']) - assert_equal(user.firstname, result['firstname']) - assert_equal(user.organization_id, result['organization_id']) - assert_equal(user.organization.name, result['organization']) - assert_not(result['password']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - post '/api/v1/users?full=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - user = User.find(result['id']) - assert(result['assets']) - assert(result['assets']['User']) - assert(result['assets']['User'][user.id.to_s]) - assert_equal(user.id, result['assets']['User'][user.id.to_s]['id']) - assert_equal(user.firstname, result['assets']['User'][user.id.to_s]['firstname']) - assert_equal(user.lastname, result['assets']['User'][user.id.to_s]['lastname']) - assert_not(result['assets']['User'][user.id.to_s]['password']) - - assert(result['assets']['User'][@admin.id.to_s]) - assert_equal(@admin.id, result['assets']['User'][@admin.id.to_s]['id']) - assert_equal(@admin.firstname, result['assets']['User'][@admin.id.to_s]['firstname']) - assert_equal(@admin.lastname, result['assets']['User'][@admin.id.to_s]['lastname']) - assert_not(result['assets']['User'][@admin.id.to_s]['password']) - - end - - test '04.04 ticket update and response formats' do - roles = Role.where(name: 'Customer') - organization = Organization.first - user = User.create!( - login: 'rest-customer3@example.com', - firstname: 'Rest', - lastname: 'Customer3', - email: 'rest-customer3@example.com', - password: 'customer3pw', - active: true, - organization: organization, - roles: roles, - updated_by_id: @admin.id, - created_by_id: @admin.id, - ) - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - params = { - firstname: 'a update firstname #1', - } - put "/api/v1/users/#{user.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - user = User.find(result['id']) - assert_equal(user.lastname, result['lastname']) - assert_equal(params[:firstname], result['firstname']) - assert_equal(user.organization_id, result['organization_id']) - assert_not(result['organization']) - assert_not(result['password']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - params = { - firstname: 'a update firstname #2', - } - put "/api/v1/users/#{user.id}?expand=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - user = User.find(result['id']) - assert_equal(user.lastname, result['lastname']) - assert_equal(params[:firstname], result['firstname']) - assert_equal(user.organization_id, result['organization_id']) - assert_equal(user.organization.name, result['organization']) - assert_not(result['password']) - assert_equal(@admin.id, result['updated_by_id']) - assert_equal(@admin.id, result['created_by_id']) - - params = { - firstname: 'a update firstname #3', - } - put "/api/v1/users/#{user.id}?full=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - user = User.find(result['id']) - assert(result['assets']) - assert(result['assets']['User']) - assert(result['assets']['User'][user.id.to_s]) - assert_equal(user.id, result['assets']['User'][user.id.to_s]['id']) - assert_equal(params[:firstname], result['assets']['User'][user.id.to_s]['firstname']) - assert_equal(user.lastname, result['assets']['User'][user.id.to_s]['lastname']) - assert_not(result['assets']['User'][user.id.to_s]['password']) - - assert(result['assets']['User'][@admin.id.to_s]) - assert_equal(@admin.id, result['assets']['User'][@admin.id.to_s]['id']) - assert_equal(@admin.firstname, result['assets']['User'][@admin.id.to_s]['firstname']) - assert_equal(@admin.lastname, result['assets']['User'][@admin.id.to_s]['lastname']) - assert_not(result['assets']['User'][@admin.id.to_s]['password']) - - end - - test '05.01 csv example - customer no access' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw') - - get '/api/v1/users/import_example', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('Not authorized (user)!', result['error']) - end - - test '05.02 csv example - admin access' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - get '/api/v1/users/import_example', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - - rows = CSV.parse(@response.body) - header = rows.shift - - assert_equal('id', header[0]) - assert_equal('login', header[1]) - assert_equal('firstname', header[2]) - assert_equal('lastname', header[3]) - assert_equal('email', header[4]) - assert(header.include?('organization')) - end - - test '05.03 csv import - admin access' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - # invalid file - csv_file_path = Rails.root.join('test', 'data', 'csv', 'user_simple_col_not_existing.csv') - csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') - post '/api/v1/users/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials } - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert_equal(true, result['try']) - assert_equal(2, result['records'].count) - assert_equal('failed', result['result']) - assert_equal(2, result['errors'].count) - assert_equal("Line 1: unknown attribute 'firstname2' for User.", result['errors'][0]) - assert_equal("Line 2: unknown attribute 'firstname2' for User.", result['errors'][1]) - - # valid file try - csv_file_path = Rails.root.join('test', 'data', 'csv', 'user_simple.csv') - csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') - post '/api/v1/users/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials } - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert_equal(true, result['try']) - assert_equal(2, result['records'].count) - assert_equal('success', result['result']) - - assert_nil(User.find_by(login: 'user-simple-import1')) - assert_nil(User.find_by(login: 'user-simple-import2')) - - # valid file - csv_file_path = Rails.root.join('test', 'data', 'csv', 'user_simple.csv') - csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') - post '/api/v1/users/import', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials } - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Hash, result.class) - - assert_equal(false, result['try']) - assert_equal(2, result['records'].count) - assert_equal('success', result['result']) - - user1 = User.find_by(login: 'user-simple-import1') - assert(user1) - assert_equal(user1.login, 'user-simple-import1') - assert_equal(user1.firstname, 'firstname-simple-import1') - assert_equal(user1.lastname, 'lastname-simple-import1') - assert_equal(user1.email, 'user-simple-import1@example.com') - assert_equal(user1.active, true) - user2 = User.find_by(login: 'user-simple-import2') - assert(user2) - assert_equal(user2.login, 'user-simple-import2') - assert_equal(user2.firstname, 'firstname-simple-import2') - assert_equal(user2.lastname, 'lastname-simple-import2') - assert_equal(user2.email, 'user-simple-import2@example.com') - assert_equal(user2.active, false) - - user1.destroy! - user2.destroy! - end - - test 'user search sortable' do - firstname = "user_search_sortable #{rand(999_999_999)}" - - roles = Role.where(name: 'Customer') - user1 = User.create_or_update( - login: 'rest-user_search_sortableA@example.com', - firstname: "#{firstname} A", - lastname: 'user_search_sortableA', - email: 'rest-user_search_sortableA@example.com', - password: 'user_search_sortableA', - active: true, - roles: roles, - organization_id: @organization.id, - out_of_office: false, - created_at: '2016-02-05 17:42:00', - updated_at: '2016-02-05 20:42:00', - updated_by_id: 1, - created_by_id: 1, - ) - user2 = User.create_or_update( - login: 'rest-user_search_sortableB@example.com', - firstname: "#{firstname} B", - lastname: 'user_search_sortableB', - email: 'rest-user_search_sortableB@example.com', - password: 'user_search_sortableB', - active: true, - roles: roles, - organization_id: @organization.id, - out_of_office_start_at: '2016-02-06 19:42:00', - out_of_office_end_at: '2016-02-07 19:42:00', - out_of_office_replacement_id: 1, - out_of_office: true, - created_at: '2016-02-05 19:42:00', - updated_at: '2016-02-05 19:42:00', - updated_by_id: 1, - created_by_id: 1, - ) - Scheduler.worker(true) - sleep 2 # let es time to come ready - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - result.collect! { |v| v['id'] } - assert_equal([user1.id, user2.id], result) - - get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'created_at', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - result.collect! { |v| v['id'] } - assert_equal([user1.id, user2.id], result) - - get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'firstname', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - result.collect! { |v| v['id'] } - assert_equal([user1.id, user2.id], result) - - get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'firstname', order_by: 'desc' }, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - result.collect! { |v| v['id'] } - assert_equal([user2.id, user1.id], result) - - get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[firstname created_at], order_by: %w[desc asc] }, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - result.collect! { |v| v['id'] } - assert_equal([user2.id, user1.id], result) - - get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[firstname created_at], order_by: %w[desc asc] }, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - result.collect! { |v| v['id'] } - assert_equal([user2.id, user1.id], result) - - get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'out_of_office', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - result.collect! { |v| v['id'] } - assert_equal([user1.id, user2.id], result) - - get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'out_of_office', order_by: 'desc' }, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - result.collect! { |v| v['id'] } - assert_equal([user2.id, user1.id], result) - - get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[created_by_id created_at], order_by: %w[asc asc] }, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - result.collect! { |v| v['id'] } - assert_equal([user1.id, user2.id], result) - end - -end diff --git a/test/controllers/users_organization_controller_test.rb b/test/controllers/users_organization_controller_test.rb deleted file mode 100644 index 17b8aa0c6..000000000 --- a/test/controllers/users_organization_controller_test.rb +++ /dev/null @@ -1,773 +0,0 @@ -require 'test_helper' - -class UsersOrganizationControllerTest < ActionDispatch::IntegrationTest - include SearchindexHelper - - setup do - - # set accept header - @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } - - # create agent - roles = Role.where(name: %w[Admin Agent]) - groups = Group.all - - UserInfo.current_user_id = 1 - - @backup_admin = User.create!( - login: 'backup-admin', - firstname: 'Backup', - lastname: 'Agent', - email: 'backup-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - @admin = User.create!( - login: 'rest-admin', - firstname: 'Rest', - lastname: 'Agent', - email: 'rest-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - # create agent - roles = Role.where(name: 'Agent') - @agent = User.create!( - login: 'rest-agent@example.com', - firstname: 'Rest', - lastname: 'Agent', - email: 'rest-agent@example.com', - password: 'agentpw', - active: true, - roles: roles, - groups: groups, - ) - - # create customer without org - roles = Role.where(name: 'Customer') - @customer_without_org = User.create!( - login: 'rest-customer1@example.com', - firstname: 'Rest', - lastname: 'Customer1', - email: 'rest-customer1@example.com', - password: 'customer1pw', - active: true, - roles: roles, - ) - - # create orgs - @organization = Organization.create!( - name: 'Rest Org', - note: 'Rest Org A', - ) - @organization2 = Organization.create!( - name: 'Rest Org #2', - note: 'Rest Org B', - ) - @organization3 = Organization.create!( - name: 'Rest Org #3', - note: 'Rest Org C', - ) - - # create customer with org - @customer_with_org = User.create!( - login: 'rest-customer2@example.com', - firstname: 'Rest', - lastname: 'Customer2', - email: 'rest-customer2@example.com', - password: 'customer2pw', - active: true, - roles: roles, - organization_id: @organization.id, - ) - - configure_elasticsearch do - - travel 1.minute - - rebuild_searchindex - - # execute background jobs - Scheduler.worker(true) - - sleep 6 - end - end - - test 'user create tests - no user' do - - post '/api/v1/signshow', params: {}, headers: @headers - - # create user with disabled feature - Setting.set('user_create_account', false) - token = @response.headers['CSRF-TOKEN'] - - # token based on form - params = { email: 'some_new_customer@example.com', authenticity_token: token } - post '/api/v1/users', params: params.to_json, headers: @headers - assert_response(422) - result = JSON.parse(@response.body) - assert(result['error']) - assert_equal('Feature not enabled!', result['error']) - - # token based on headers - headers = @headers.merge('X-CSRF-Token' => token) - params = { email: 'some_new_customer@example.com' } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(422) - result = JSON.parse(@response.body) - assert(result['error']) - assert_equal('Feature not enabled!', result['error']) - - Setting.set('user_create_account', true) - - # no signup param with enabled feature - params = { email: 'some_new_customer@example.com' } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(422) - result = JSON.parse(@response.body) - assert(result['error']) - assert_equal('Only signup with not authenticate user possible!', result['error']) - - # already existing user with enabled feature - params = { email: 'rest-customer1@example.com', signup: true } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(422) - result = JSON.parse(@response.body) - assert(result['error']) - assert_equal('Email address is already used for other user.', result['error']) - - # email missing with enabled feature - params = { firstname: 'some firstname', signup: true } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(422) - result = JSON.parse(@response.body) - assert(result['error']) - assert_equal('Attribute \'email\' required!', result['error']) - - # email missing with enabled feature - params = { firstname: 'some firstname', signup: true } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(422) - result = JSON.parse(@response.body) - assert(result['error']) - assert_equal('Attribute \'email\' required!', result['error']) - - # create user with enabled feature (take customer role) - params = { firstname: 'Me First', lastname: 'Me Last', email: 'new_here@example.com', signup: true } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - - assert_equal('Me First', result['firstname']) - assert_equal('Me Last', result['lastname']) - assert_equal('new_here@example.com', result['login']) - assert_equal('new_here@example.com', result['email']) - user = User.find(result['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - - # create user with admin role (not allowed for signup, take customer role) - role = Role.lookup(name: 'Admin') - params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin@example.com', role_ids: [ role.id ], signup: true } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - user = User.find(result['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - - # create user with agent role (not allowed for signup, take customer role) - role = Role.lookup(name: 'Agent') - params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent@example.com', role_ids: [ role.id ], signup: true } - post '/api/v1/users', params: params.to_json, headers: headers - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - user = User.find(result['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - - # no user (because of no session) - get '/api/v1/users', params: {}, headers: headers - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('authentication failed', result['error']) - - # me - get '/api/v1/users/me', params: {}, headers: headers - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('authentication failed', result['error']) - end - - test 'auth tests - not existing user' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('not_existing@example.com', 'adminpw') - - # me - get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('authentication failed', result['error']) - - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('authentication failed', result['error']) - end - - test 'auth tests - username auth, wrong pw' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'not_existing') - - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('authentication failed', result['error']) - end - - test 'auth tests - email auth, wrong pw' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'not_existing') - - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal('authentication failed', result['error']) - end - - test 'auth tests - username auth' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'adminpw') - - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - end - - test 'auth tests - email auth' do - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - end - - test 'user index and create with admin' do - - # email auth - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') - - # me - get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result['email'], 'rest-admin@example.com') - - # index - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - - # index - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result.class, Array) - assert(result.length >= 3) - - # show/:id - get "/api/v1/users/#{@agent.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result.class, Hash) - assert_equal(result['email'], 'rest-agent@example.com') - - get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result.class, Hash) - assert_equal(result['email'], 'rest-customer1@example.com') - - # create user with admin role - role = Role.lookup(name: 'Admin') - params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_admin@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - user = User.find(result['id']) - assert(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert_not(user.role?('Customer')) - assert_equal('new_admin_by_admin@example.com', result['login']) - assert_equal('new_admin_by_admin@example.com', result['email']) - - # create user with agent role - role = Role.lookup(name: 'Agent') - params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_admin1@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - user = User.find(result['id']) - assert_not(user.role?('Admin')) - assert(user.role?('Agent')) - assert_not(user.role?('Customer')) - assert_equal('new_agent_by_admin1@example.com', result['login']) - assert_equal('new_agent_by_admin1@example.com', result['email']) - - role = Role.lookup(name: 'Agent') - params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - user = User.find(result['id']) - assert_not(user.role?('Admin')) - assert(user.role?('Agent')) - assert_not(user.role?('Customer')) - assert_equal('new_agent_by_admin2@example.com', result['login']) - assert_equal('new_agent_by_admin2@example.com', result['email']) - assert_equal('Agent', result['firstname']) - assert_equal('First', result['lastname']) - - role = Role.lookup(name: 'Agent') - params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert(result) - assert_equal('Email address is already used for other user.', result['error']) - - # missing required attributes - params = { note: 'some note' } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert(result) - assert_equal('Minimum one identifier (login, firstname, lastname, phone or email) for user is required.', result['error']) - - # invalid email - params = { firstname: 'newfirstname123', email: 'some_what', note: 'some note' } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(422) - result = JSON.parse(@response.body) - assert(result) - assert_equal('Invalid email', result['error']) - - # with valid attributes - params = { firstname: 'newfirstname123', note: 'some note' } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result = JSON.parse(@response.body) - assert(result) - user = User.find(result['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - assert(result['login'].start_with?('auto-')) - assert_equal('', result['email']) - assert_equal('newfirstname123', result['firstname']) - assert_equal('', result['lastname']) - end - - test 'user index and create with agent' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw') - - # me - get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result['email'], 'rest-agent@example.com') - - # index - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - - # index - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result.class, Array) - assert(result.length >= 3) - - get '/api/v1/users?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - users = User.order(:id).limit(2) - assert_equal(users[0].id, result[0]['id']) - assert_equal(users[1].id, result[1]['id']) - assert_equal(2, result.count) - - get '/api/v1/users?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - users = User.order(:id).limit(4) - assert_equal(users[2].id, result[0]['id']) - assert_equal(users[3].id, result[1]['id']) - assert_equal(2, result.count) - - # create user with admin role - firstname = "First test#{rand(999_999_999)}" - role = Role.lookup(name: 'Admin') - params = { firstname: "Admin#{firstname}", lastname: 'Admin Last', email: 'new_admin_by_agent@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result_user1 = JSON.parse(@response.body) - assert(result_user1) - user = User.find(result_user1['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - assert_equal('new_admin_by_agent@example.com', result_user1['login']) - assert_equal('new_admin_by_agent@example.com', result_user1['email']) - - # create user with agent role - role = Role.lookup(name: 'Agent') - params = { firstname: "Agent#{firstname}", lastname: 'Agent Last', email: 'new_agent_by_agent@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result_user1 = JSON.parse(@response.body) - assert(result_user1) - user = User.find(result_user1['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - assert_equal('new_agent_by_agent@example.com', result_user1['login']) - assert_equal('new_agent_by_agent@example.com', result_user1['email']) - - # create user with customer role - role = Role.lookup(name: 'Customer') - params = { firstname: "Customer#{firstname}", lastname: 'Customer Last', email: 'new_customer_by_agent@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(201) - result_user1 = JSON.parse(@response.body) - assert(result_user1) - user = User.find(result_user1['id']) - assert_not(user.role?('Admin')) - assert_not(user.role?('Agent')) - assert(user.role?('Customer')) - assert_equal('new_customer_by_agent@example.com', result_user1['login']) - assert_equal('new_customer_by_agent@example.com', result_user1['email']) - - # search as agent - Scheduler.worker(true) - sleep 2 # let es time to come ready - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - - assert_equal(result_user1['id'], result[0]['id']) - assert_equal("Customer#{firstname}", result[0]['firstname']) - assert_equal('Customer Last', result[0]['lastname']) - assert(result[0]['role_ids']) - assert_not(result[0]['roles']) - - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(result_user1['id'], result[0]['id']) - assert_equal("Customer#{firstname}", result[0]['firstname']) - assert_equal('Customer Last', result[0]['lastname']) - assert(result[0]['role_ids']) - assert(result[0]['roles']) - - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(result_user1['id'], result[0]['id']) - assert_equal("Customer#{firstname} Customer Last ", result[0]['label']) - assert_equal("Customer#{firstname} Customer Last ", result[0]['value']) - assert_not(result[0]['role_ids']) - assert_not(result[0]['roles']) - - role = Role.find_by(name: 'Agent') - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(0, result.count) - - role = Role.find_by(name: 'Customer') - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(result_user1['id'], result[0]['id']) - assert_equal("Customer#{firstname} Customer Last ", result[0]['label']) - assert_equal("Customer#{firstname} Customer Last ", result[0]['value']) - assert_not(result[0]['role_ids']) - assert_not(result[0]['roles']) - - permission = Permission.find_by(name: 'ticket.agent') - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(0, result.count) - - permission = Permission.find_by(name: 'ticket.customer') - get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal(result_user1['id'], result[0]['id']) - assert_equal("Customer#{firstname} Customer Last ", result[0]['label']) - assert_equal("Customer#{firstname} Customer Last ", result[0]['value']) - assert_not(result[0]['role_ids']) - assert_not(result[0]['roles']) - end - - test 'user index and create with customer1' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw') - - # me - get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result['email'], 'rest-customer1@example.com') - - # index - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Array) - assert_equal(result.length, 1) - - # show/:id - get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['email'], 'rest-customer1@example.com') - - get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert(result['error']) - - # create user with admin role - role = Role.lookup(name: 'Admin') - params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_customer1@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - - # create user with agent role - role = Role.lookup(name: 'Agent') - params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_customer1@example.com', role_ids: [ role.id ] } - post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - - # search - Scheduler.worker(true) - get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - end - - test 'user index with customer2' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw') - - # me - get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert(result) - assert_equal(result['email'], 'rest-customer2@example.com') - - # index - get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Array) - assert_equal(result.length, 1) - - # show/:id - get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['email'], 'rest-customer2@example.com') - - get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert(result['error']) - - # search - Scheduler.worker(true) - get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - end - - test 'organization index with agent' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw') - - # index - get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Array) - assert_equal(result[0]['member_ids'].class, Array) - assert(result.length >= 3) - - get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - organizations = Organization.order(:id).limit(2) - assert_equal(organizations[0].id, result[0]['id']) - assert_equal(organizations[0].member_ids, result[0]['member_ids']) - assert_equal(organizations[1].id, result[1]['id']) - assert_equal(organizations[1].member_ids, result[1]['member_ids']) - assert_equal(2, result.count) - - get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - organizations = Organization.order(:id).limit(4) - assert_equal(organizations[2].id, result[0]['id']) - assert_equal(organizations[2].member_ids, result[0]['member_ids']) - assert_equal(organizations[3].id, result[1]['id']) - assert_equal(organizations[3].member_ids, result[1]['member_ids']) - - assert_equal(2, result.count) - - # show/:id - get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['member_ids'].class, Array) - assert_not(result['members']) - assert_equal(result['name'], 'Rest Org') - - get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['member_ids'].class, Array) - assert_not(result['members']) - assert_equal(result['name'], 'Rest Org #2') - - # search as agent - Scheduler.worker(true) - get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal('Zammad Foundation', result[0]['name']) - assert(result[0]['member_ids']) - assert_not(result[0]['members']) - - get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal('Zammad Foundation', result[0]['name']) - assert(result[0]['member_ids']) - assert(result[0]['members']) - - get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(Array, result.class) - assert_equal('Zammad Foundation', result[0]['label']) - assert_equal('Zammad Foundation', result[0]['value']) - assert_not(result[0]['member_ids']) - assert_not(result[0]['members']) - end - - test 'organization index with customer1' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw') - - # index - get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Array) - assert_equal(result.length, 0) - - # show/:id - get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_nil(result['name']) - - get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_nil(result['name']) - - # search - Scheduler.worker(true) - get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - end - - test 'organization index with customer2' do - - credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw') - - # index - get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Array) - assert_equal(result.length, 1) - - # show/:id - get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(200) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_equal(result['name'], 'Rest Org') - - get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - result = JSON.parse(@response.body) - assert_equal(result.class, Hash) - assert_nil(result['name']) - - # search - Scheduler.worker(true) - get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials) - assert_response(401) - end - -end