Sutty/trabajo-afectivo
5
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Refactored all controller mini tests and migrated them to rspec request specs

Browse source
This commit is contained in:
Rolf Schmidt 2018-09-19 15:54:49 +02:00
parent 769fb19064
commit 29b616d61d
62 changed files with 8566 additions and 13319 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
.gitlab-ci.yml
View file

@ -78,7 +78,6 @@ test:unit:mysql:
- rake db:migrate - rake db:migrate
- rake db:seed - rake db:seed
- rake test:units - rake test:units
- rake test:controllers
- ruby -I test/ test/integration/object_manager_test.rb - ruby -I test/ test/integration/object_manager_test.rb
- ruby -I test/ test/integration/object_manager_attributes_controller_test.rb - ruby -I test/ test/integration/object_manager_attributes_controller_test.rb
- ruby -I test/ test/integration/package_test.rb - ruby -I test/ test/integration/package_test.rb
@ -96,7 +95,6 @@ test:unit:postgresql:
- rake db:migrate - rake db:migrate
- rake db:seed - rake db:seed
- rake test:units - rake test:units
- rake test:controllers
- ruby -I test/ test/integration/object_manager_test.rb - ruby -I test/ test/integration/object_manager_test.rb
- ruby -I test/ test/integration/object_manager_attributes_controller_test.rb - ruby -I test/ test/integration/object_manager_attributes_controller_test.rb
- ruby -I test/ test/integration/package_test.rb - ruby -I test/ test/integration/package_test.rb
@ -242,11 +240,8 @@ test:integration:es_mysql:
- rake db:migrate - rake db:migrate
- ruby -I test/ test/integration/elasticsearch_active_test.rb - ruby -I test/ test/integration/elasticsearch_active_test.rb
- ruby -I test/ test/integration/elasticsearch_test.rb - ruby -I test/ test/integration/elasticsearch_test.rb
- ruby -I test/ test/controllers/search_controller_test.rb
- ruby -I test/ test/integration/report_test.rb - ruby -I test/ test/integration/report_test.rb
- ruby -I test/ test/controllers/form_controller_test.rb - bundle exec rspec --tag searchindex
- ruby -I test/ test/controllers/users_controller_test.rb
- ruby -I test/ test/controllers/organizations_controller_test.rb
- rake db:drop - rake db:drop
test:integration:es_postgresql: test:integration:es_postgresql:
@ -262,11 +257,8 @@ test:integration:es_postgresql:
- rake db:migrate - rake db:migrate
- ruby -I test/ test/integration/elasticsearch_active_test.rb - ruby -I test/ test/integration/elasticsearch_active_test.rb
- ruby -I test/ test/integration/elasticsearch_test.rb - ruby -I test/ test/integration/elasticsearch_test.rb
- ruby -I test/ test/controllers/search_controller_test.rb
- ruby -I test/ test/integration/report_test.rb - ruby -I test/ test/integration/report_test.rb
- ruby -I test/ test/controllers/form_controller_test.rb - bundle exec rspec --tag searchindex
- ruby -I test/ test/controllers/users_controller_test.rb
- ruby -I test/ test/controllers/organizations_controller_test.rb
- rake db:drop - rake db:drop
test:integration:zendesk_mysql: test:integration:zendesk_mysql:

4
spec/factories/email_address.rb
View file

@ -1,7 +1,7 @@
FactoryBot.define do FactoryBot.define do
factory :email_address do factory :email_address do
email 'zammad@localhost' sequence(:email) { |n| "zammad#{n}@localhost.com" }
realname 'zammad' sequence(:realname) { |n| "zammad#{n}" }
channel_id 1 channel_id 1
created_by_id 1 created_by_id 1
updated_by_id 1 updated_by_id 1

10
spec/factories/ticket/time_accounting.rb Normal file
View file

@ -0,0 +1,10 @@
FactoryBot.define do
factory :ticket_time_accounting, class: Ticket::TimeAccounting do
ticket_id { FactoryBot.create(:ticket).id }
ticket_article_id { FactoryBot.create(:ticket_article).id }
time_unit 200
created_by_id 1
created_at Time.zone.now
updated_at Time.zone.now
end
end

164
spec/requests/api_auth_on_behalf_of_spec.rb Normal file
View file

@ -0,0 +1,164 @@
require 'rails_helper'
RSpec.describe 'Api Auth On Behalf Of', type: :request do
let(:admin_user) do
create(:admin_user, groups: Group.all)
end
let(:agent_user) do
create(:agent_user)
end
let(:customer_user) do
create(:customer_user)
end
describe 'request handling' do
it 'does X-On-Behalf-Of auth - ticket create admin for customer by id' do
params = {
title: 'a new ticket #3',
group: 'Users',
priority: '2 normal',
state: 'new',
customer_id: customer_user.id,
article: {
body: 'some test 123',
},
}
authenticated_as(admin_user, on_behalf_of: customer_user.id)
post '/api/v1/tickets', params: params, as: :json
expect(response).to have_http_status(201)
expect(json_response).to be_a_kind_of(Hash)
expect(customer_user.id).to eq(json_response['created_by_id'])
end
it 'does X-On-Behalf-Of auth - ticket create admin for customer by login' do
ActivityStream.cleanup(1.year)
params = {
title: 'a new ticket #3',
group: 'Users',
priority: '2 normal',
state: 'new',
customer_id: customer_user.id,
article: {
body: 'some test 123',
},
}
authenticated_as(admin_user, on_behalf_of: customer_user.login)
post '/api/v1/tickets', params: params, as: :json
expect(response).to have_http_status(201)
json_response_ticket = json_response
expect(json_response_ticket).to be_a_kind_of(Hash)
expect(customer_user.id).to eq(json_response_ticket['created_by_id'])
authenticated_as(admin_user)
get '/api/v1/activity_stream?full=true', params: {}, as: :json
expect(response).to have_http_status(200)
json_response_activity = json_response
expect(json_response_activity).to be_a_kind_of(Hash)
ticket_created = nil
json_response_activity['record_ids'].each do |record_id|
activity_stream = ActivityStream.find(record_id)
next if activity_stream.object.name != 'Ticket'
next if activity_stream.o_id != json_response_ticket['id'].to_i
ticket_created = activity_stream
end
expect(ticket_created).to be_truthy
expect(customer_user.id).to eq(ticket_created.created_by_id)
get '/api/v1/activity_stream', params: {}, as: :json
expect(response).to have_http_status(200)
json_response_activity = json_response
expect(json_response_activity).to be_a_kind_of(Array)
ticket_created = nil
json_response_activity.each do |record|
activity_stream = ActivityStream.find(record['id'])
next if activity_stream.object.name != 'Ticket'
next if activity_stream.o_id != json_response_ticket['id']
ticket_created = activity_stream
end
expect(ticket_created).to be_truthy
expect(customer_user.id).to eq(ticket_created.created_by_id)
end
it 'does X-On-Behalf-Of auth - ticket create admin for customer by email' do
params = {
title: 'a new ticket #3',
group: 'Users',
priority: '2 normal',
state: 'new',
customer_id: customer_user.id,
article: {
body: 'some test 123',
},
}
authenticated_as(admin_user, on_behalf_of: customer_user.email)
post '/api/v1/tickets', params: params, as: :json
expect(response).to have_http_status(201)
expect(json_response).to be_a_kind_of(Hash)
expect(customer_user.id).to eq(json_response['created_by_id'])
end
it 'does X-On-Behalf-Of auth - ticket create admin for unknown' do
params = {
title: 'a new ticket #3',
group: 'Users',
priority: '2 normal',
state: 'new',
customer_id: customer_user.id,
article: {
body: 'some test 123',
},
}
authenticated_as(admin_user, on_behalf_of: 99_449_494_949)
post '/api/v1/tickets', params: params, as: :json
expect(response).to have_http_status(401)
expect(@response.header.key?('Access-Control-Allow-Origin')).to be_falsey
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq("No such user '99449494949'")
end
it 'does X-On-Behalf-Of auth - ticket create customer for admin' do
params = {
title: 'a new ticket #3',
group: 'Users',
priority: '2 normal',
state: 'new',
customer_id: customer_user.id,
article: {
body: 'some test 123',
},
}
authenticated_as(customer_user, on_behalf_of: admin_user.email)
post '/api/v1/tickets', params: params, as: :json
expect(response).to have_http_status(401)
expect(@response.header.key?('Access-Control-Allow-Origin')).to be_falsey
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq("Current user has no permission to use 'X-On-Behalf-Of'!")
end
it 'does X-On-Behalf-Of auth - ticket create admin for customer by email but no permitted action' do
params = {
title: 'a new ticket #3',
group: 'secret1234',
priority: '2 normal',
state: 'new',
customer_id: customer_user.id,
article: {
body: 'some test 123',
},
}
authenticated_as(admin_user, on_behalf_of: customer_user.email)
post '/api/v1/tickets', params: params, as: :json
expect(response).to have_http_status(422)
expect(@response.header.key?('Access-Control-Allow-Origin')).to be_falsey
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('No lookup value found for \'group\': "secret1234"')
end
end
end

383
spec/requests/api_auth_spec.rb Normal file
View file

@ -0,0 +1,383 @@
require 'rails_helper'
RSpec.describe 'Api Auth', type: :request do
let(:admin_user) do
create(:admin_user)
end
let(:agent_user) do
create(:agent_user)
end
let(:customer_user) do
create(:customer_user)
end
describe 'request handling' do
it 'does basic auth - admin' do
Setting.set('api_password_access', false)
authenticated_as(admin_user)
get '/api/v1/sessions', params: {}, as: :json
expect(response).to have_http_status(401)
expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('API password access disabled!')
Setting.set('api_password_access', true)
get '/api/v1/sessions', params: {}, as: :json
expect(response).to have_http_status(200)
expect(response.header['Access-Control-Allow-Origin']).to eq('*')
expect(json_response).to be_a_kind_of(Hash)
expect(json_response).to be_truthy
end
it 'does basic auth - agent' do
Setting.set('api_password_access', false)
authenticated_as(agent_user)
get '/api/v1/tickets', params: {}, as: :json
expect(response).to have_http_status(401)
expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('API password access disabled!')
Setting.set('api_password_access', true)
get '/api/v1/tickets', params: {}, as: :json
expect(response).to have_http_status(200)
expect(response.header['Access-Control-Allow-Origin']).to eq('*')
expect(json_response).to be_a_kind_of(Array)
expect(json_response).to be_truthy
end
it 'does basic auth - customer' do
Setting.set('api_password_access', false)
authenticated_as(customer_user)
get '/api/v1/tickets', params: {}, as: :json
expect(response).to have_http_status(401)
expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('API password access disabled!')
Setting.set('api_password_access', true)
get '/api/v1/tickets', params: {}, as: :json
expect(response).to have_http_status(200)
expect(response.header['Access-Control-Allow-Origin']).to eq('*')
expect(json_response).to be_a_kind_of(Array)
expect(json_response).to be_truthy
end
it 'does token auth - admin' do
admin_token = create(
:token,
action: 'api',
persistent: true,
user_id: admin_user.id,
preferences: {
permission: ['admin.session'],
},
)
authenticated_as(admin_user, token: admin_token)
Setting.set('api_token_access', false)
get '/api/v1/sessions', params: {}, as: :json
expect(response).to have_http_status(401)
expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('API token access disabled!')
Setting.set('api_token_access', true)
get '/api/v1/sessions', params: {}, as: :json
expect(response).to have_http_status(200)
expect(response.header['Access-Control-Allow-Origin']).to eq('*')
expect(json_response).to be_a_kind_of(Hash)
expect(json_response).to be_truthy
admin_token.preferences[:permission] = ['admin.session_not_existing']
admin_token.save!
get '/api/v1/sessions', params: {}, as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('Not authorized (token)!')
admin_token.preferences[:permission] = []
admin_token.save!
get '/api/v1/sessions', params: {}, as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('Not authorized (token)!')
admin_user.active = false
admin_user.save!
get '/api/v1/sessions', params: {}, as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('User is inactive!')
admin_token.preferences[:permission] = ['admin.session']
admin_token.save!
get '/api/v1/sessions', params: {}, as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('User is inactive!')
admin_user.active = true
admin_user.save!
get '/api/v1/sessions', params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response).to be_truthy
get '/api/v1/roles', params: {}, as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('Not authorized (token)!')
admin_token.preferences[:permission] = ['admin.session_not_existing', 'admin.role']
admin_token.save!
get '/api/v1/roles', params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response).to be_truthy
admin_token.preferences[:permission] = ['ticket.agent']
admin_token.save!
get '/api/v1/organizations', params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response).to be_truthy
name = "some org name #{rand(999_999_999)}"
post '/api/v1/organizations', params: { name: name }, as: :json
expect(response).to have_http_status(201)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['name']).to eq(name)
expect(json_response).to be_truthy
name = "some org name #{rand(999_999_999)} - 2"
put "/api/v1/organizations/#{json_response['id']}", params: { name: name }, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['name']).to eq(name)
expect(json_response).to be_truthy
admin_token.preferences[:permission] = ['admin.organization']
admin_token.save!
get '/api/v1/organizations', params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response).to be_truthy
name = "some org name #{rand(999_999_999)}"
post '/api/v1/organizations', params: { name: name }, as: :json
expect(response).to have_http_status(201)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['name']).to eq(name)
expect(json_response).to be_truthy
name = "some org name #{rand(999_999_999)} - 2"
put "/api/v1/organizations/#{json_response['id']}", params: { name: name }, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['name']).to eq(name)
expect(json_response).to be_truthy
admin_token.preferences[:permission] = ['admin']
admin_token.save!
get '/api/v1/organizations', params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response).to be_truthy
name = "some org name #{rand(999_999_999)}"
post '/api/v1/organizations', params: { name: name }, as: :json
expect(response).to have_http_status(201)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['name']).to eq(name)
expect(json_response).to be_truthy
name = "some org name #{rand(999_999_999)} - 2"
put "/api/v1/organizations/#{json_response['id']}", params: { name: name }, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['name']).to eq(name)
expect(json_response).to be_truthy
end
it 'does token auth - agent' do
agent_token = create(
:token,
action: 'api',
persistent: true,
user_id: agent_user.id,
)
authenticated_as(agent_user, token: agent_token)
Setting.set('api_token_access', false)
get '/api/v1/tickets', params: {}, as: :json
expect(response).to have_http_status(401)
expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('API token access disabled!')
Setting.set('api_token_access', true)
get '/api/v1/tickets', params: {}, as: :json
expect(response).to have_http_status(200)
expect(response.header['Access-Control-Allow-Origin']).to eq('*')
expect(json_response).to be_a_kind_of(Array)
expect(json_response).to be_truthy
get '/api/v1/organizations', params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response).to be_truthy
name = "some org name #{rand(999_999_999)}"
post '/api/v1/organizations', params: { name: name }, as: :json
expect(response).to have_http_status(401)
end
it 'does token auth - customer' do
customer_token = create(
:token,
action: 'api',
persistent: true,
user_id: customer_user.id,
)
authenticated_as(customer_user, token: customer_token)
Setting.set('api_token_access', false)
get '/api/v1/tickets', params: {}, as: :json
expect(response).to have_http_status(401)
expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('API token access disabled!')
Setting.set('api_token_access', true)
get '/api/v1/tickets', params: {}, as: :json
expect(response.header['Access-Control-Allow-Origin']).to eq('*')
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response).to be_truthy
get '/api/v1/organizations', params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response).to be_truthy
name = "some org name #{rand(999_999_999)}"
post '/api/v1/organizations', params: { name: name }, as: :json
expect(response).to have_http_status(401)
end
it 'does token auth - invalid user - admin' do
admin_token = create(
:token,
action: 'api',
persistent: true,
user_id: admin_user.id,
)
authenticated_as(admin_user, token: admin_token)
admin_user.active = false
admin_user.save!
Setting.set('api_token_access', false)
get '/api/v1/sessions', params: {}, as: :json
expect(response).to have_http_status(401)
expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('API token access disabled!')
Setting.set('api_token_access', true)
get '/api/v1/sessions', params: {}, as: :json
expect(response).to have_http_status(401)
expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('User is inactive!')
end
it 'does token auth - expired' do
Setting.set('api_token_access', true)
admin_token = create(
:token,
action: 'api',
persistent: true,
user_id: admin_user.id,
expires_at: Time.zone.today
)
authenticated_as(admin_user, token: admin_token)
get '/api/v1/tickets', params: {}, as: :json
expect(response).to have_http_status(401)
expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('Not authorized (token expired)!')
admin_token.reload
expect(admin_token.last_used_at).to be_within(1.second).of(Time.zone.now)
end
it 'does token auth - not expired' do
Setting.set('api_token_access', true)
admin_token = create(
:token,
action: 'api',
persistent: true,
user_id: admin_user.id,
expires_at: Time.zone.tomorrow
)
authenticated_as(admin_user, token: admin_token)
get '/api/v1/tickets', params: {}, as: :json
expect(response).to have_http_status(200)
expect(response.header['Access-Control-Allow-Origin']).to eq('*')
expect(json_response).to be_a_kind_of(Array)
expect(json_response).to be_truthy
admin_token.reload
expect(admin_token.last_used_at).to be_within(1.second).of(Time.zone.now)
end
it 'does session auth - admin' do
create(:admin_user, login: 'api-admin@example.com', password: 'adminpw')
post '/api/v1/signin', params: { username: 'api-admin@example.com', password: 'adminpw', fingerprint: '123456789' }
expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
expect(response).to have_http_status(201)
get '/api/v1/sessions', params: {}
expect(response).to have_http_status(200)
expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
expect(json_response).to be_a_kind_of(Hash)
expect(json_response).to be_truthy
end
end
end

112
spec/requests/basic_spec.rb Normal file
View file

@ -0,0 +1,112 @@
require 'rails_helper'
RSpec.describe 'Basics', type: :request do
describe 'request handling' do
it 'does json requests' do
# 404
get '/not_existing_url', as: :json
expect(response).to have_http_status(404)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('No route matches [GET] /not_existing_url')
# 401
get '/api/v1/organizations', as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('authentication failed')
# 422
get '/tests/unprocessable_entity', as: :json
expect(response).to have_http_status(422)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('some error message')
# 401
get '/tests/not_authorized', as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('some error message')
# 401
get '/tests/ar_not_found', as: :json
expect(response).to have_http_status(404)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('some error message')
# 500
get '/tests/standard_error', as: :json
expect(response).to have_http_status(500)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('some error message')
# 422
get '/tests/argument_error', as: :json
expect(response).to have_http_status(422)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('some error message')
end
it 'does html requests' do
# 404
get '/not_existing_url'
expect(response).to have_http_status(404)
expect(response.body).to match(/<html/)
expect(response.body).to match(%r{<title>404: Not Found</title>})
expect(response.body).to match(%r{<h1>404: Requested Ressource was not found.</h1>})
expect(response.body).to match(%r{No route matches \[GET\] /not_existing_url})
# 401
get '/api/v1/organizations'
expect(response).to have_http_status(401)
expect(response.body).to match(/<html/)
expect(response.body).to match(%r{<title>401: Unauthorized</title>})
expect(response.body).to match(%r{<h1>401: Unauthorized</h1>})
expect(response.body).to match(/authentication failed/)
# 422
get '/tests/unprocessable_entity'
expect(response).to have_http_status(422)
expect(response.body).to match(/<html/)
expect(response.body).to match(%r{<title>422: Unprocessable Entity</title>})
expect(response.body).to match(%r{<h1>422: The change you wanted was rejected.</h1>})
expect(response.body).to match(/some error message/)
# 401
get '/tests/not_authorized'
expect(response).to have_http_status(401)
expect(response.body).to match(/<html/)
expect(response.body).to match(%r{<title>401: Unauthorized</title>})
expect(response.body).to match(%r{<h1>401: Unauthorized</h1>})
expect(response.body).to match(/some error message/)
# 401
get '/tests/ar_not_found'
expect(response).to have_http_status(404)
expect(response.body).to match(/<html/)
expect(response.body).to match(%r{<title>404: Not Found</title>})
expect(response.body).to match(%r{<h1>404: Requested Ressource was not found.</h1>})
expect(response.body).to match(/some error message/)
# 500
get '/tests/standard_error'
expect(response).to have_http_status(500)
expect(response.body).to match(/<html/)
expect(response.body).to match(%r{<title>500: Something went wrong</title>})
expect(response.body).to match(%r{<h1>500: We're sorry, but something went wrong.</h1>})
expect(response.body).to match(/some error message/)
# 422
get '/tests/argument_error'
expect(response).to have_http_status(422)
expect(response.body).to match(/<html/)
expect(response.body).to match(%r{<title>422: Unprocessable Entity</title>})
expect(response.body).to match(%r{<h1>422: The change you wanted was rejected.</h1>})
expect(response.body).to match(/some error message/)
end
end
end

63
spec/requests/calendar_spec.rb Normal file
View file

@ -0,0 +1,63 @@
require 'rails_helper'
RSpec.describe 'Calendars', type: :request do
let(:admin_user) do
create(:admin_user)
end
describe 'request handling' do
it 'does calendar index with nobody' do
get '/api/v1/calendars', as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('authentication failed')
get '/api/v1/calendars_init', as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('authentication failed')
end
it 'does calendar index with admin' do
authenticated_as(admin_user)
get '/api/v1/calendars', as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response).to be_truthy
expect(json_response.count).to eq(1)
get '/api/v1/calendars?expand=true', as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response).to be_truthy
expect(json_response.count).to eq(1)
get '/api/v1/calendars?full=true', as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response).to be_truthy
expect(json_response['record_ids']).to be_truthy
expect(json_response['record_ids'].count).to eq(1)
expect(json_response['assets']).to be_truthy
expect(json_response['assets']).to be_present
# index
get '/api/v1/calendars_init', as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['record_ids']).to be_truthy
expect(json_response['ical_feeds']).to be_truthy
expect(json_response['ical_feeds']['http://www.google.com/calendar/ical/da.danish%23holiday%40group.v.calendar.google.com/public/basic.ics']).to eq('Denmark')
expect(json_response['ical_feeds']['http://www.google.com/calendar/ical/de.austrian%23holiday%40group.v.calendar.google.com/public/basic.ics']).to eq('Austria')
expect(json_response['timezones']).to be_truthy
expect(json_response['timezones']['Africa/Johannesburg']).to eq(2)
expect(json_response['timezones']['America/Sitka']).to eq(-8)
expect(json_response['assets']).to be_truthy
end
end
end

221
spec/requests/form_spec.rb Normal file
View file

@ -0,0 +1,221 @@
require 'rails_helper'
RSpec.describe 'Form', type: :request, searchindex: true do
before(:each) do
rebuild_searchindex
end
describe 'request handling' do
it 'does get config call' do
post '/api/v1/form_config', params: {}, as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('Not authorized')
end
it 'does get config call' do
Setting.set('form_ticket_create', true)
post '/api/v1/form_config', params: {}, as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('Not authorized')
end
it 'does get config call & do submit' do
Setting.set('form_ticket_create', true)
fingerprint = SecureRandom.hex(40)
post '/api/v1/form_config', params: { fingerprint: fingerprint }, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['enabled']).to eq(true)
expect(json_response['endpoint']).to eq('http://zammad.example.com/api/v1/form_submit')
expect(json_response['token']).to be_truthy
token = json_response['token']
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: 'invalid' }, as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('Not authorized')
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token }, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['errors']).to be_truthy
expect(json_response['errors']['name']).to eq('required')
expect(json_response['errors']['email']).to eq('required')
expect(json_response['errors']['title']).to eq('required')
expect(json_response['errors']['body']).to eq('required')
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, email: 'some' }, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['errors']).to be_truthy
expect(json_response['errors']['name']).to eq('required')
expect(json_response['errors']['email']).to eq('invalid')
expect(json_response['errors']['title']).to eq('required')
expect(json_response['errors']['body']).to eq('required')
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['errors']).to be_falsey
expect(json_response['ticket']).to be_truthy
expect(json_response['ticket']['id']).to be_truthy
expect(json_response['ticket']['number']).to be_truthy
travel 5.hours
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['errors']).to be_falsey
expect(json_response['ticket']).to be_truthy
expect(json_response['ticket']['id']).to be_truthy
expect(json_response['ticket']['number']).to be_truthy
travel 20.hours
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }, as: :json
expect(response).to have_http_status(401)
end
it 'does get config call & do submit' do
Setting.set('form_ticket_create', true)
fingerprint = SecureRandom.hex(40)
post '/api/v1/form_config', params: { fingerprint: fingerprint }, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['enabled']).to eq(true)
expect(json_response['endpoint']).to eq('http://zammad.example.com/api/v1/form_submit')
expect(json_response['token']).to be_truthy
token = json_response['token']
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: 'invalid' }, as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('Not authorized')
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token }, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['errors']).to be_truthy
expect(json_response['errors']['name']).to eq('required')
expect(json_response['errors']['email']).to eq('required')
expect(json_response['errors']['title']).to eq('required')
expect(json_response['errors']['body']).to eq('required')
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, email: 'some' }, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['errors']).to be_truthy
expect(json_response['errors']['name']).to eq('required')
expect(json_response['errors']['email']).to eq('invalid')
expect(json_response['errors']['title']).to eq('required')
expect(json_response['errors']['body']).to eq('required')
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'somebody@example.com', title: 'test', body: 'hello' }, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['errors']).to be_truthy
expect(json_response['errors']['email']).to eq('invalid')
end
it 'does limits' do
skip('No ES configured') if !SearchIndexBackend.enabled?
Setting.set('form_ticket_create', true)
fingerprint = SecureRandom.hex(40)
post '/api/v1/form_config', params: { fingerprint: fingerprint }, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['enabled']).to eq(true)
expect(json_response['endpoint']).to eq('http://zammad.example.com/api/v1/form_submit')
expect(json_response['token']).to be_truthy
token = json_response['token']
(1..20).each do |count|
travel 10.seconds
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: "test#{count}", body: 'hello' }, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['errors']).to be_falsey
expect(json_response['errors']).to be_falsey
expect(json_response['ticket']).to be_truthy
expect(json_response['ticket']['id']).to be_truthy
expect(json_response['ticket']['number']).to be_truthy
Scheduler.worker(true)
sleep 1 # wait until elasticsearch is index
end
sleep 10 # wait until elasticsearch is index
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test-last', body: 'hello' }, as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to be_truthy
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json', 'REMOTE_ADDR' => '1.2.3.5' }
(1..20).each do |count|
travel 10.seconds
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: "test-2-#{count}", body: 'hello' }, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['errors']).to be_falsey
expect(json_response['ticket']).to be_truthy
expect(json_response['ticket']['id']).to be_truthy
expect(json_response['ticket']['number']).to be_truthy
Scheduler.worker(true)
sleep 1 # wait until elasticsearch is index
end
sleep 10 # wait until elasticsearch is index
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test-2-last', body: 'hello' }, as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to be_truthy
end
it 'does customer_ticket_create false disables form' do
Setting.set('form_ticket_create', false)
Setting.set('customer_ticket_create', true)
fingerprint = SecureRandom.hex(40)
post '/api/v1/form_config', params: { fingerprint: fingerprint }, as: :json
token = json_response['token']
params = {
fingerprint: fingerprint,
token: token,
name: 'Bob Smith',
email: 'discard@znuny.com',
title: 'test',
body: 'hello'
}
post '/api/v1/form_submit', params: params, as: :json
expect(response).to have_http_status(401)
end
end
end

237
spec/requests/integration/check_mk_spec.rb Normal file
View file

@ -0,0 +1,237 @@
require 'rails_helper'
RSpec.describe 'Integration Check MK', type: :request do
before(:each) do
token = SecureRandom.urlsafe_base64(16)
Setting.set('check_mk_token', token)
Setting.set('check_mk_integration', true)
end
describe 'request handling' do
it 'does fail without a token' do
post '/api/v1/integration/check_mk/', params: {}
expect(response).to have_http_status(404)
end
it 'does fail with invalid token and feature enabled' do
post '/api/v1/integration/check_mk/invalid_token', params: {}
expect(response).to have_http_status(422)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('Invalid token!')
end
it 'does create and close a ticket' do
params = {
event_id: '123',
state: 'down',
host: 'some host',
service: 'some service',
}
post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['result']).to be_truthy
expect(json_response['ticket_id']).to be_truthy
expect(json_response['ticket_number']).to be_truthy
ticket = Ticket.find(json_response['ticket_id'])
expect(ticket.state.name).to eq('new')
expect(ticket.articles.count).to eq(1)
params = {
event_id: '123',
state: 'up',
host: 'some host',
service: 'some service',
}
post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['result']).not_to be_empty
expect(json_response['ticket_ids']).to include(ticket.id)
ticket.reload
expect(ticket.state.name).to eq('closed')
expect(ticket.articles.count).to eq(2)
end
it 'does double create and auto close' do
params = {
event_id: '123',
state: 'down',
host: 'some host',
service: 'some service',
}
post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['result']).to be_truthy
expect(json_response['ticket_id']).to be_truthy
expect(json_response['ticket_number']).to be_truthy
ticket = Ticket.find(json_response['ticket_id'])
expect(ticket.state.name).to eq('new')
expect(ticket.articles.count).to eq(1)
params = {
event_id: '123',
state: 'down',
host: 'some host',
service: 'some service',
}
post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['result']).to eq('ticket already open, added note')
expect(json_response['ticket_ids']).to include(ticket.id)
ticket.reload
expect(ticket.state.name).to eq('new')
expect(ticket.articles.count).to eq(2)
params = {
event_id: '123',
state: 'up',
host: 'some host',
service: 'some service',
}
post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['result']).to be_truthy
expect(json_response['ticket_ids']).to include(ticket.id)
ticket.reload
expect(ticket.state.name).to eq('closed')
expect(ticket.articles.count).to eq(3)
end
it 'does ticket close which get ignored' do
params = {
event_id: '123',
state: 'up',
host: 'some host',
service: 'some service',
}
post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['result']).to eq('no open tickets found, ignore action')
end
it 'does double create and no auto close' do
Setting.set('check_mk_auto_close', false)
params = {
event_id: '123',
state: 'down',
host: 'some host',
service: 'some service',
}
post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['result']).to be_truthy
expect(json_response['ticket_id']).to be_truthy
expect(json_response['ticket_number']).to be_truthy
ticket = Ticket.find(json_response['ticket_id'])
expect(ticket.state.name).to eq('new')
expect(ticket.articles.count).to eq(1)
params = {
event_id: '123',
state: 'down',
host: 'some host',
service: 'some service',
}
post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['result']).to eq('ticket already open, added note')
expect(json_response['ticket_ids']).to include(ticket.id)
ticket.reload
expect(ticket.state.name).to eq('new')
expect(ticket.articles.count).to eq(2)
params = {
event_id: '123',
state: 'up',
host: 'some host',
service: 'some service',
}
post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['result']).to eq('ticket already open, added note')
expect(json_response['ticket_ids']).to include(ticket.id)
ticket.reload
expect(ticket.state.name).to eq('new')
expect(ticket.articles.count).to eq(3)
end
it 'does double create and auto close - host only' do
params = {
event_id: '123',
state: 'down',
host: 'some host',
}
post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['result']).to be_truthy
expect(json_response['ticket_id']).to be_truthy
expect(json_response['ticket_number']).to be_truthy
ticket = Ticket.find(json_response['ticket_id'])
expect(ticket.state.name).to eq('new')
expect(ticket.articles.count).to eq(1)
params = {
event_id: '123',
state: 'down',
host: 'some host',
}
post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['result']).to eq('ticket already open, added note')
expect(json_response['ticket_ids']).to include(ticket.id)
ticket.reload
expect(ticket.state.name).to eq('new')
expect(ticket.articles.count).to eq(2)
params = {
event_id: '123',
state: 'up',
host: 'some host',
}
post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['result']).to be_truthy
expect(json_response['ticket_ids']).to include(ticket.id)
ticket.reload
expect(ticket.state.name).to eq('closed')
expect(ticket.articles.count).to eq(3)
end
end
end

477
spec/requests/integration/cti_spec.rb Normal file
View file

@ -0,0 +1,477 @@
require 'rails_helper'
RSpec.describe 'Integration CTI', type: :request do
let(:agent_user) do
create(:agent_user)
end
let!(:customer_user1) do
create(
:customer_user,
login: 'ticket-caller_id_cti-customer1@example.com',
firstname: 'CallerId',
lastname: 'Customer1',
phone: '+49 99999 222222',
fax: '+49 99999 222223',
mobile: '+4912347114711',
note: 'Phone at home: +49 99999 222224',
)
end
let!(:customer_user2) do
create(
:customer_user,
login: 'ticket-caller_id_cti-customer2@example.com',
firstname: 'CallerId',
lastname: 'Customer2',
phone: '+49 99999 222222 2',
)
end
let!(:customer_user3) do
create(
:customer_user,
login: 'ticket-caller_id_cti-customer3@example.com',
firstname: 'CallerId',
lastname: 'Customer3',
phone: '+49 99999 222222 2',
)
end
before(:each) do
Cti::Log.destroy_all
Setting.set('cti_integration', true)
Setting.set('cti_config', {
outbound: {
routing_table: [
{
dest: '41*',
caller_id: '41715880339000',
},
{
dest: '491714000000',
caller_id: '41715880339000',
},
],
default_caller_id: '4930777000000',
},
inbound: {
block_caller_ids: [
{
caller_id: '491715000000',
note: 'some note',
}
],
notify_user_ids: {
2 => true,
4 => false,
},
}
})
Cti::CallerId.rebuild
end
describe 'request handling' do
it 'does token check' do
params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&call_id=4991155921769858278-1&user%5B%5D=user+1&user%5B%5D=user+2'
post '/api/v1/cti/not_existing_token', params: params
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('Invalid token, please contact your admin!')
end
it 'does basic call' do
token = Setting.get('cti_token')
# inbound - I
params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&call_id=4991155921769858278-1&user%5B%5D=user+1&user%5B%5D=user+2'
post "/api/v1/cti/#{token}", params: params
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response).to be_blank
# inbound - II - block caller
params = 'event=newCall&direction=in&from=491715000000&to=4930600000000&call_id=4991155921769858278-2&user%5B%5D=user+1&user%5B%5D=user+2'
post "/api/v1/cti/#{token}", params: params
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['action']).to eq('reject')
expect(json_response['reason']).to eq('busy')
# outbound - I - set default_caller_id
params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&call_id=8621106404543334274-3&user%5B%5D=user+1'
post "/api/v1/cti/#{token}", params: params
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['action']).to eq('dial')
expect(json_response['number']).to eq('4912347114711')
expect(json_response['caller_id']).to eq('4930777000000')
# outbound - II - set caller_id based on routing_table by explicite number
params = 'event=newCall&direction=out&from=4930600000000&to=491714000000&call_id=8621106404543334274-4&user%5B%5D=user+1'
post "/api/v1/cti/#{token}", params: params
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['action']).to eq('dial')
expect(json_response['number']).to eq('491714000000')
expect(json_response['caller_id']).to eq('41715880339000')
# outbound - III - set caller_id based on routing_table by 41*
params = 'event=newCall&direction=out&from=4930600000000&to=4147110000000&call_id=8621106404543334274-5&user%5B%5D=user+1'
post "/api/v1/cti/#{token}", params: params
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['action']).to eq('dial')
expect(json_response['number']).to eq('4147110000000')
expect(json_response['caller_id']).to eq('41715880339000')
# no config
Setting.set('cti_config', {})
params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&call_id=4991155921769858278-6&user%5B%5D=user+1&user%5B%5D=user+2'
post "/api/v1/cti/#{token}", params: params
expect(response).to have_http_status(422)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('Feature not configured, please contact your admin!')
end
it 'does log call' do
token = Setting.get('cti_token')
# outbound - I - new call
params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&call_id=1234567890-1&user%5B%5D=user+1'
post "/api/v1/cti/#{token}", params: params
expect(response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-1')
expect(log).to be_truthy
expect(log.from).to eq('4930777000000')
expect(log.to).to eq('4912347114711')
expect(log.direction).to eq('out')
expect(log.from_comment).to eq('user 1')
expect(log.to_comment).to eq('CallerId Customer1')
expect(log.comment).to be_nil
expect(log.state).to eq('newCall')
expect(log.done).to eq(true)
expect(log.initialized_at).to be_truthy
expect(log.start_at).to be_nil
expect(log.end_at).to be_nil
expect(log.duration_waiting_time).to be_nil
expect(log.duration_talking_time).to be_nil
# outbound - I - hangup by agent
params = 'event=hangup&direction=out&call_id=1234567890-1&cause=cancel'
post "/api/v1/cti/#{token}", params: params
expect(response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-1')
expect(log).to be_truthy
expect(log.from).to eq('4930777000000')
expect(log.to).to eq('4912347114711')
expect(log.direction).to eq('out')
expect(log.from_comment).to eq('user 1')
expect(log.to_comment).to eq('CallerId Customer1')
expect(log.comment).to eq('cancel')
expect(log.state).to eq('hangup')
expect(log.done).to eq(true)
expect(log.initialized_at).to be_truthy
expect(log.start_at).to be_nil
expect(log.end_at).to be_truthy
expect(log.duration_waiting_time).to be_truthy
expect(log.duration_talking_time).to be_nil
# outbound - II - new call
params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&call_id=1234567890-2&user%5B%5D=user+1'
post "/api/v1/cti/#{token}", params: params
expect(response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-2')
expect(log).to be_truthy
expect(log.from).to eq('4930777000000')
expect(log.to).to eq('4912347114711')
expect(log.direction).to eq('out')
expect(log.from_comment).to eq('user 1')
expect(log.to_comment).to eq('CallerId Customer1')
expect(log.comment).to be_nil
expect(log.state).to eq('newCall')
expect(log.done).to eq(true)
expect(log.initialized_at).to be_truthy
expect(log.start_at).to be_nil
expect(log.end_at).to be_nil
expect(log.duration_waiting_time).to be_nil
expect(log.duration_talking_time).to be_nil
# outbound - II - answer by customer
params = 'event=answer&direction=out&call_id=1234567890-2&from=4930600000000&to=4912347114711'
post "/api/v1/cti/#{token}", params: params
expect(response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-2')
expect(log).to be_truthy
expect(log.from).to eq('4930777000000')
expect(log.to).to eq('4912347114711')
expect(log.direction).to eq('out')
expect(log.from_comment).to eq('user 1')
expect(log.to_comment).to eq('CallerId Customer1')
expect(log.comment).to be_nil
expect(log.state).to eq('answer')
expect(log.done).to eq(true)
expect(log.initialized_at).to be_truthy
expect(log.start_at).to be_truthy
expect(log.end_at).to be_nil
expect(log.duration_waiting_time).to be_truthy
expect(log.duration_talking_time).to be_nil
# outbound - II - hangup by customer
params = 'event=hangup&direction=out&call_id=1234567890-2&cause=normalClearing&from=4930600000000&to=4912347114711'
post "/api/v1/cti/#{token}", params: params
expect(response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-2')
expect(log).to be_truthy
expect(log.from).to eq('4930777000000')
expect(log.to).to eq('4912347114711')
expect(log.direction).to eq('out')
expect(log.from_comment).to eq('user 1')
expect(log.to_comment).to eq('CallerId Customer1')
expect(log.comment).to eq('normalClearing')
expect(log.state).to eq('hangup')
expect(log.done).to eq(true)
expect(log.initialized_at).to be_truthy
expect(log.start_at).to be_truthy
expect(log.end_at).to be_truthy
expect(log.duration_waiting_time).to be_truthy
expect(log.duration_talking_time).to be_truthy
# inbound - I - new call
params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&call_id=1234567890-3&user%5B%5D=user+1'
post "/api/v1/cti/#{token}", params: params
expect(response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-3')
expect(log).to be_truthy
expect(log.to).to eq('4930600000000')
expect(log.from).to eq('4912347114711')
expect(log.direction).to eq('in')
expect(log.to_comment).to eq('user 1')
expect(log.from_comment).to eq('CallerId Customer1')
expect(log.comment).to be_nil
expect(log.state).to eq('newCall')
expect(log.done).to eq(false)
expect(log.initialized_at).to be_truthy
expect(log.start_at).to be_nil
expect(log.end_at).to be_nil
expect(log.duration_waiting_time).to be_nil
expect(log.duration_talking_time).to be_nil
# inbound - I - answer by customer
params = 'event=answer&direction=in&call_id=1234567890-3&to=4930600000000&from=4912347114711'
post "/api/v1/cti/#{token}", params: params
expect(response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-3')
expect(log).to be_truthy
expect(log.to).to eq('4930600000000')
expect(log.from).to eq('4912347114711')
expect(log.direction).to eq('in')
expect(log.to_comment).to eq('user 1')
expect(log.from_comment).to eq('CallerId Customer1')
expect(log.comment).to be_nil
expect(log.state).to eq('answer')
expect(log.done).to eq(true)
expect(log.initialized_at).to be_truthy
expect(log.start_at).to be_truthy
expect(log.end_at).to be_nil
expect(log.duration_waiting_time).to be_truthy
expect(log.duration_talking_time).to be_nil
# inbound - I - hangup by customer
params = 'event=hangup&direction=in&call_id=1234567890-3&cause=normalClearing&to=4930600000000&from=4912347114711'
post "/api/v1/cti/#{token}", params: params
expect(response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-3')
expect(log).to be_truthy
expect(log.to).to eq('4930600000000')
expect(log.from).to eq('4912347114711')
expect(log.direction).to eq('in')
expect(log.to_comment).to eq('user 1')
expect(log.from_comment).to eq('CallerId Customer1')
expect(log.comment).to eq('normalClearing')
expect(log.state).to eq('hangup')
expect(log.done).to eq(true)
expect(log.initialized_at).to be_truthy
expect(log.start_at).to be_truthy
expect(log.end_at).to be_truthy
expect(log.duration_waiting_time).to be_truthy
expect(log.duration_talking_time).to be_truthy
# inbound - II - new call
params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&call_id=1234567890-4&user%5B%5D=user+1,user+2'
post "/api/v1/cti/#{token}", params: params
expect(response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-4')
expect(log).to be_truthy
expect(log.to).to eq('4930600000000')
expect(log.from).to eq('4912347114711')
expect(log.direction).to eq('in')
expect(log.to_comment).to eq('user 1,user 2')
expect(log.from_comment).to eq('CallerId Customer1')
expect(log.comment).to be_nil
expect(log.state).to eq('newCall')
expect(log.done).to eq(false)
expect(log.initialized_at).to be_truthy
expect(log.start_at).to be_nil
expect(log.end_at).to be_nil
expect(log.duration_waiting_time).to be_nil
expect(log.duration_talking_time).to be_nil
# inbound - II - answer by voicemail
params = 'event=answer&direction=in&call_id=1234567890-4&to=4930600000000&from=4912347114711&user=voicemail'
post "/api/v1/cti/#{token}", params: params
expect(response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-4')
expect(log).to be_truthy
expect(log.to).to eq('4930600000000')
expect(log.from).to eq('4912347114711')
expect(log.direction).to eq('in')
expect(log.to_comment).to eq('voicemail')
expect(log.from_comment).to eq('CallerId Customer1')
expect(log.comment).to be_nil
expect(log.state).to eq('answer')
expect(log.done).to eq(true)
expect(log.initialized_at).to be_truthy
expect(log.start_at).to be_truthy
expect(log.end_at).to be_nil
expect(log.duration_waiting_time).to be_truthy
expect(log.duration_talking_time).to be_nil
# inbound - II - hangup by customer
params = 'event=hangup&direction=in&call_id=1234567890-4&cause=normalClearing&to=4930600000000&from=4912347114711'
post "/api/v1/cti/#{token}", params: params
expect(response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-4')
expect(log).to be_truthy
expect(log.to).to eq('4930600000000')
expect(log.from).to eq('4912347114711')
expect(log.direction).to eq('in')
expect(log.to_comment).to eq('voicemail')
expect(log.from_comment).to eq('CallerId Customer1')
expect(log.comment).to eq('normalClearing')
expect(log.state).to eq('hangup')
expect(log.done).to eq(false)
expect(log.initialized_at).to be_truthy
expect(log.start_at).to be_truthy
expect(log.end_at).to be_truthy
expect(log.duration_waiting_time).to be_truthy
expect(log.duration_talking_time).to be_truthy
# inbound - III - new call
params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&call_id=1234567890-5&user%5B%5D=user+1,user+2'
post "/api/v1/cti/#{token}", params: params
expect(response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-5')
expect(log).to be_truthy
expect(log.to).to eq('4930600000000')
expect(log.from).to eq('4912347114711')
expect(log.direction).to eq('in')
expect(log.to_comment).to eq('user 1,user 2')
expect(log.from_comment).to eq('CallerId Customer1')
expect(log.comment).to be_nil
expect(log.state).to eq('newCall')
expect(log.done).to eq(false)
expect(log.initialized_at).to be_truthy
expect(log.start_at).to be_nil
expect(log.end_at).to be_nil
expect(log.duration_waiting_time).to be_nil
expect(log.duration_talking_time).to be_nil
# inbound - III - hangup by customer
params = 'event=hangup&direction=in&call_id=1234567890-5&cause=normalClearing&to=4930600000000&from=4912347114711'
post "/api/v1/cti/#{token}", params: params
expect(response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-5')
expect(log).to be_truthy
expect(log.to).to eq('4930600000000')
expect(log.from).to eq('4912347114711')
expect(log.direction).to eq('in')
expect(log.to_comment).to eq('user 1,user 2')
expect(log.from_comment).to eq('CallerId Customer1')
expect(log.comment).to eq('normalClearing')
expect(log.state).to eq('hangup')
expect(log.done).to eq(false)
expect(log.initialized_at).to be_truthy
expect(log.start_at).to be_nil
expect(log.end_at).to be_truthy
expect(log.duration_waiting_time).to be_truthy
expect(log.duration_talking_time).to be_nil
# inbound - IV - new call
params = 'event=newCall&direction=in&to=4930600000000&from=49999992222222&call_id=1234567890-6&user%5B%5D=user+1,user+2'
post "/api/v1/cti/#{token}", params: params
expect(response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-6')
expect(log).to be_truthy
expect(log.to).to eq('4930600000000')
expect(log.from).to eq('49999992222222')
expect(log.direction).to eq('in')
expect(log.to_comment).to eq('user 1,user 2')
expect(log.from_comment).to eq('CallerId Customer3,CallerId Customer2')
expect(log.preferences['to']).to be_falsey
expect(log.preferences['from']).to be_truthy
expect(log.comment).to be_nil
expect(log.state).to eq('newCall')
expect(log.done).to eq(false)
expect(log.initialized_at).to be_truthy
expect(log.start_at).to be_nil
expect(log.end_at).to be_nil
expect(log.duration_waiting_time).to be_nil
expect(log.duration_talking_time).to be_nil
# inbound - IV - new call
params = 'event=newCall&direction=in&to=4930600000000&from=anonymous&call_id=1234567890-7&user%5B%5D=user+1,user+2'
post "/api/v1/cti/#{token}", params: params
expect(response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-7')
expect(log).to be_truthy
expect(log.to).to eq('4930600000000')
expect(log.from).to eq('anonymous')
expect(log.direction).to eq('in')
expect(log.to_comment).to eq('user 1,user 2')
expect(log.from_comment).to be_nil
expect(log.preferences['to']).to be_falsey
expect(log.preferences['from']).to be_falsey
expect(log.comment).to be_nil
expect(log.state).to eq('newCall')
expect(log.done).to eq(false)
expect(log.initialized_at).to be_truthy
expect(log.start_at).to be_nil
expect(log.end_at).to be_nil
expect(log.duration_waiting_time).to be_nil
expect(log.duration_talking_time).to be_nil
# get caller list
get '/api/v1/cti/log'
expect(response).to have_http_status(401)
authenticated_as(agent_user)
get '/api/v1/cti/log', as: :json
expect(response).to have_http_status(200)
expect(json_response['list']).to be_a_kind_of(Array)
expect(json_response['list'].count).to eq(7)
expect(json_response['assets']).to be_truthy
expect(json_response['assets']['User']).to be_truthy
expect(json_response['assets']['User'][customer_user2.id.to_s]).to be_truthy
expect(json_response['assets']['User'][customer_user3.id.to_s]).to be_truthy
expect(json_response['list'][0]['call_id']).to eq('1234567890-7')
expect(json_response['list'][1]['call_id']).to eq('1234567890-6')
expect(json_response['list'][2]['call_id']).to eq('1234567890-5')
expect(json_response['list'][3]['call_id']).to eq('1234567890-4')
expect(json_response['list'][4]['call_id']).to eq('1234567890-3')
expect(json_response['list'][5]['call_id']).to eq('1234567890-2')
expect(json_response['list'][5]['state']).to eq('hangup')
expect(json_response['list'][5]['from']).to eq('4930777000000')
expect(json_response['list'][5]['from_comment']).to eq('user 1')
expect(json_response['list'][5]['to']).to eq('4912347114711')
expect(json_response['list'][5]['to_comment']).to eq('CallerId Customer1')
expect(json_response['list'][5]['comment']).to eq('normalClearing')
expect(json_response['list'][5]['state']).to eq('hangup')
expect(json_response['list'][6]['call_id']).to eq('1234567890-1')
end
end
end

445
spec/requests/integration/sipgate_spec.rb Normal file
View file

@ -0,0 +1,445 @@
require 'rails_helper'
RSpec.describe 'Integration Sipgate', type: :request do
let(:agent_user) do
create(:agent_user)
end
let!(:customer_user1) do
create(
:customer_user,
login: 'ticket-caller_id_cti-customer1@example.com',
firstname: 'CallerId',
lastname: 'Customer1',
phone: '+49 99999 222222',
fax: '+49 99999 222223',
mobile: '+4912347114711',
note: 'Phone at home: +49 99999 222224',
)
end
let!(:customer_user2) do
create(
:customer_user,
login: 'ticket-caller_id_cti-customer2@example.com',
firstname: 'CallerId',
lastname: 'Customer2',
phone: '+49 99999 222222 2',
)
end
let!(:customer_user3) do
create(
:customer_user,
login: 'ticket-caller_id_cti-customer3@example.com',
firstname: 'CallerId',
lastname: 'Customer3',
phone: '+49 99999 222222 2',
)
end
before(:each) do
Cti::Log.destroy_all
Setting.set('sipgate_integration', true)
Setting.set('sipgate_config', {
outbound: {
routing_table: [
{
dest: '41*',
caller_id: '41715880339000',
},
{
dest: '491714000000',
caller_id: '41715880339000',
},
],
default_caller_id: '4930777000000',
},
inbound: {
block_caller_ids: [
{
caller_id: '491715000000',
note: 'some note',
}
],
notify_user_ids: {
2 => true,
4 => false,
},
}
},)
Cti::CallerId.rebuild
end
describe 'request handling' do
it 'does basic call' do
# inbound - I
params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&callId=4991155921769858278-1&user%5B%5D=user+1&user%5B%5D=user+2'
post '/api/v1/sipgate/in', params: params
expect(@response).to have_http_status(200)
on_hangup = nil
on_answer = nil
content = @response.body
response = REXML::Document.new(content)
response.elements.each('Response') do |element|
on_hangup = element.attributes['onHangup']
on_answer = element.attributes['onAnswer']
end
expect(on_hangup).to eq('http://zammad.example.com/api/v1/sipgate/in')
expect(on_answer).to eq('http://zammad.example.com/api/v1/sipgate/in')
# inbound - II - block caller
params = 'event=newCall&direction=in&from=491715000000&to=4930600000000&callId=4991155921769858278-2&user%5B%5D=user+1&user%5B%5D=user+2'
post '/api/v1/sipgate/in', params: params
expect(@response).to have_http_status(200)
on_hangup = nil
on_answer = nil
content = @response.body
response = REXML::Document.new(content)
response.elements.each('Response') do |element|
on_hangup = element.attributes['onHangup']
on_answer = element.attributes['onAnswer']
end
expect(on_hangup).to eq('http://zammad.example.com/api/v1/sipgate/in')
expect(on_answer).to eq('http://zammad.example.com/api/v1/sipgate/in')
reason = nil
response.elements.each('Response/Reject') do |element|
reason = element.attributes['reason']
end
expect(reason).to eq('busy')
# outbound - I - set default_caller_id
params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&callId=8621106404543334274-3&user%5B%5D=user+1'
post '/api/v1/sipgate/out', params: params
expect(@response).to have_http_status(200)
on_hangup = nil
on_answer = nil
caller_id = nil
number_to_dail = nil
content = @response.body
response = REXML::Document.new(content)
response.elements.each('Response') do |element|
on_hangup = element.attributes['onHangup']
on_answer = element.attributes['onAnswer']
end
response.elements.each('Response/Dial') do |element|
caller_id = element.attributes['callerId']
end
response.elements.each('Response/Dial/Number') do |element|
number_to_dail = element.text
end
expect(caller_id).to eq('4930777000000')
expect(number_to_dail).to eq('4912347114711')
expect(on_hangup).to eq('http://zammad.example.com/api/v1/sipgate/out')
expect(on_answer).to eq('http://zammad.example.com/api/v1/sipgate/out')
# outbound - II - set caller_id based on routing_table by explicite number
params = 'event=newCall&direction=out&from=4930600000000&to=491714000000&callId=8621106404543334274-4&user%5B%5D=user+1'
post '/api/v1/sipgate/out', params: params
expect(@response).to have_http_status(200)
on_hangup = nil
on_answer = nil
caller_id = nil
number_to_dail = nil
content = @response.body
response = REXML::Document.new(content)
response.elements.each('Response') do |element|
on_hangup = element.attributes['onHangup']
on_answer = element.attributes['onAnswer']
end
response.elements.each('Response/Dial') do |element|
caller_id = element.attributes['callerId']
end
response.elements.each('Response/Dial/Number') do |element|
number_to_dail = element.text
end
expect(caller_id).to eq('41715880339000')
expect(number_to_dail).to eq('491714000000')
expect(on_hangup).to eq('http://zammad.example.com/api/v1/sipgate/out')
expect(on_answer).to eq('http://zammad.example.com/api/v1/sipgate/out')
# outbound - III - set caller_id based on routing_table by 41*
params = 'event=newCall&direction=out&from=4930600000000&to=4147110000000&callId=8621106404543334274-5&user%5B%5D=user+1'
post '/api/v1/sipgate/out', params: params
expect(@response).to have_http_status(200)
on_hangup = nil
on_answer = nil
caller_id = nil
number_to_dail = nil
content = @response.body
response = REXML::Document.new(content)
response.elements.each('Response') do |element|
on_hangup = element.attributes['onHangup']
on_answer = element.attributes['onAnswer']
end
response.elements.each('Response/Dial') do |element|
caller_id = element.attributes['callerId']
end
response.elements.each('Response/Dial/Number') do |element|
number_to_dail = element.text
end
expect(caller_id).to eq('41715880339000')
expect(number_to_dail).to eq('4147110000000')
expect(on_hangup).to eq('http://zammad.example.com/api/v1/sipgate/out')
expect(on_answer).to eq('http://zammad.example.com/api/v1/sipgate/out')
# no config
Setting.set('sipgate_config', {})
params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&callId=4991155921769858278-6&user%5B%5D=user+1&user%5B%5D=user+2'
post '/api/v1/sipgate/in', params: params
expect(@response).to have_http_status(422)
error = nil
content = @response.body
response = REXML::Document.new(content)
response.elements.each('Response/Error') do |element|
error = element.text
end
expect(error).to eq('Feature not configured, please contact your admin!')
end
it 'does log call' do
# outbound - I - new call
params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&callId=1234567890-1&user%5B%5D=user+1'
post '/api/v1/sipgate/out', params: params
expect(@response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-1')
expect(log).to be_truthy
expect(log.from).to eq('4930777000000')
expect(log.to).to eq('4912347114711')
expect(log.direction).to eq('out')
expect(log.from_comment).to eq('user 1')
expect(log.to_comment).to eq('CallerId Customer1')
expect(log.comment).to be_nil
expect(log.state).to eq('newCall')
expect(log.done).to eq(true)
# outbound - I - hangup by agent
params = 'event=hangup&direction=out&callId=1234567890-1&cause=cancel'
post '/api/v1/sipgate/out', params: params
expect(@response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-1')
expect(log).to be_truthy
expect(log.from).to eq('4930777000000')
expect(log.to).to eq('4912347114711')
expect(log.direction).to eq('out')
expect(log.from_comment).to eq('user 1')
expect(log.to_comment).to eq('CallerId Customer1')
expect(log.comment).to eq('cancel')
expect(log.state).to eq('hangup')
expect(log.done).to eq(true)
# outbound - II - new call
params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&callId=1234567890-2&user%5B%5D=user+1'
post '/api/v1/sipgate/out', params: params
expect(@response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-2')
expect(log).to be_truthy
expect(log.from).to eq('4930777000000')
expect(log.to).to eq('4912347114711')
expect(log.direction).to eq('out')
expect(log.from_comment).to eq('user 1')
expect(log.to_comment).to eq('CallerId Customer1')
expect(log.comment).to be_nil
expect(log.state).to eq('newCall')
expect(log.done).to eq(true)
# outbound - II - answer by customer
params = 'event=answer&direction=out&callId=1234567890-2&from=4930600000000&to=4912347114711'
post '/api/v1/sipgate/out', params: params
expect(@response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-2')
expect(log).to be_truthy
expect(log.from).to eq('4930777000000')
expect(log.to).to eq('4912347114711')
expect(log.direction).to eq('out')
expect(log.from_comment).to eq('user 1')
expect(log.to_comment).to eq('CallerId Customer1')
expect(log.comment).to be_nil
expect(log.state).to eq('answer')
expect(log.done).to eq(true)
# outbound - II - hangup by customer
params = 'event=hangup&direction=out&callId=1234567890-2&cause=normalClearing&from=4930600000000&to=4912347114711'
post '/api/v1/sipgate/out', params: params
expect(@response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-2')
expect(log).to be_truthy
expect(log.from).to eq('4930777000000')
expect(log.to).to eq('4912347114711')
expect(log.direction).to eq('out')
expect(log.from_comment).to eq('user 1')
expect(log.to_comment).to eq('CallerId Customer1')
expect(log.comment).to eq('normalClearing')
expect(log.state).to eq('hangup')
expect(log.done).to eq(true)
# inbound - I - new call
params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&callId=1234567890-3&user%5B%5D=user+1'
post '/api/v1/sipgate/in', params: params
expect(@response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-3')
expect(log).to be_truthy
expect(log.to).to eq('4930600000000')
expect(log.from).to eq('4912347114711')
expect(log.direction).to eq('in')
expect(log.to_comment).to eq('user 1')
expect(log.from_comment).to eq('CallerId Customer1')
expect(log.comment).to be_nil
expect(log.state).to eq('newCall')
expect(log.done).to eq(false)
# inbound - I - answer by customer
params = 'event=answer&direction=in&callId=1234567890-3&to=4930600000000&from=4912347114711'
post '/api/v1/sipgate/in', params: params
expect(@response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-3')
expect(log).to be_truthy
expect(log.to).to eq('4930600000000')
expect(log.from).to eq('4912347114711')
expect(log.direction).to eq('in')
expect(log.to_comment).to eq('user 1')
expect(log.from_comment).to eq('CallerId Customer1')
expect(log.comment).to be_nil
expect(log.state).to eq('answer')
expect(log.done).to eq(true)
# inbound - I - hangup by customer
params = 'event=hangup&direction=in&callId=1234567890-3&cause=normalClearing&to=4930600000000&from=4912347114711'
post '/api/v1/sipgate/in', params: params
expect(@response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-3')
expect(log).to be_truthy
expect(log.to).to eq('4930600000000')
expect(log.from).to eq('4912347114711')
expect(log.direction).to eq('in')
expect(log.to_comment).to eq('user 1')
expect(log.from_comment).to eq('CallerId Customer1')
expect(log.comment).to eq('normalClearing')
expect(log.state).to eq('hangup')
expect(log.done).to eq(true)
# inbound - II - new call
params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&callId=1234567890-4&user%5B%5D=user+1,user+2'
post '/api/v1/sipgate/in', params: params
expect(@response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-4')
expect(log).to be_truthy
expect(log.to).to eq('4930600000000')
expect(log.from).to eq('4912347114711')
expect(log.direction).to eq('in')
expect(log.to_comment).to eq('user 1,user 2')
expect(log.from_comment).to eq('CallerId Customer1')
expect(log.comment).to be_nil
expect(log.state).to eq('newCall')
expect(log.done).to eq(false)
# inbound - II - answer by voicemail
params = 'event=answer&direction=in&callId=1234567890-4&to=4930600000000&from=4912347114711&user=voicemail'
post '/api/v1/sipgate/in', params: params
expect(@response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-4')
expect(log).to be_truthy
expect(log.to).to eq('4930600000000')
expect(log.from).to eq('4912347114711')
expect(log.direction).to eq('in')
expect(log.to_comment).to eq('voicemail')
expect(log.from_comment).to eq('CallerId Customer1')
expect(log.comment).to be_nil
expect(log.state).to eq('answer')
expect(log.done).to eq(true)
# inbound - II - hangup by customer
params = 'event=hangup&direction=in&callId=1234567890-4&cause=normalClearing&to=4930600000000&from=4912347114711'
post '/api/v1/sipgate/in', params: params
expect(@response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-4')
expect(log).to be_truthy
expect(log.to).to eq('4930600000000')
expect(log.from).to eq('4912347114711')
expect(log.direction).to eq('in')
expect(log.to_comment).to eq('voicemail')
expect(log.from_comment).to eq('CallerId Customer1')
expect(log.comment).to eq('normalClearing')
expect(log.state).to eq('hangup')
expect(log.done).to eq(false)
# inbound - III - new call
params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&callId=1234567890-5&user%5B%5D=user+1,user+2'
post '/api/v1/sipgate/in', params: params
expect(@response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-5')
expect(log).to be_truthy
expect(log.to).to eq('4930600000000')
expect(log.from).to eq('4912347114711')
expect(log.direction).to eq('in')
expect(log.to_comment).to eq('user 1,user 2')
expect(log.from_comment).to eq('CallerId Customer1')
expect(log.comment).to be_nil
expect(log.state).to eq('newCall')
expect(log.done).to eq(false)
# inbound - III - hangup by customer
params = 'event=hangup&direction=in&callId=1234567890-5&cause=normalClearing&to=4930600000000&from=4912347114711'
post '/api/v1/sipgate/in', params: params
expect(@response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-5')
expect(log).to be_truthy
expect(log.to).to eq('4930600000000')
expect(log.from).to eq('4912347114711')
expect(log.direction).to eq('in')
expect(log.to_comment).to eq('user 1,user 2')
expect(log.from_comment).to eq('CallerId Customer1')
expect(log.comment).to eq('normalClearing')
expect(log.state).to eq('hangup')
expect(log.done).to eq(false)
# inbound - IV - new call
params = 'event=newCall&direction=in&to=4930600000000&from=49999992222222&callId=1234567890-6&user%5B%5D=user+1,user+2'
post '/api/v1/sipgate/in', params: params
expect(@response).to have_http_status(200)
log = Cti::Log.find_by(call_id: '1234567890-6')
expect(log).to be_truthy
expect(log.to).to eq('4930600000000')
expect(log.from).to eq('49999992222222')
expect(log.direction).to eq('in')
expect(log.to_comment).to eq('user 1,user 2')
expect(log.from_comment).to eq('CallerId Customer3,CallerId Customer2')
expect(log.preferences['to']).to be_falsey
expect(log.preferences['from']).to be_truthy
expect(log.comment).to be_nil
expect(log.state).to eq('newCall')
expect(log.done).to eq(false)
# get caller list
get '/api/v1/cti/log'
expect(@response).to have_http_status(401)
authenticated_as(agent_user)
get '/api/v1/cti/log', as: :json
expect(@response).to have_http_status(200)
expect(json_response['list']).to be_a_kind_of(Array)
expect(json_response['list'].count).to eq(6)
expect(json_response['assets']).to be_truthy
expect(json_response['assets']['User']).to be_truthy
expect(json_response['assets']['User'][customer_user2.id.to_s]).to be_truthy
expect(json_response['assets']['User'][customer_user3.id.to_s]).to be_truthy
expect(json_response['list'][0]['call_id']).to eq('1234567890-6')
expect(json_response['list'][1]['call_id']).to eq('1234567890-5')
expect(json_response['list'][2]['call_id']).to eq('1234567890-4')
expect(json_response['list'][3]['call_id']).to eq('1234567890-3')
expect(json_response['list'][4]['call_id']).to eq('1234567890-2')
expect(json_response['list'][4]['state']).to eq('hangup')
expect(json_response['list'][4]['from']).to eq('4930777000000')
expect(json_response['list'][4]['from_comment']).to eq('user 1')
expect(json_response['list'][4]['to']).to eq('4912347114711')
expect(json_response['list'][4]['to_comment']).to eq('CallerId Customer1')
expect(json_response['list'][4]['comment']).to eq('normalClearing')
expect(json_response['list'][4]['state']).to eq('hangup')
expect(json_response['list'][5]['call_id']).to eq('1234567890-1')
end
end
end

31
spec/requests/o_auth_spec.rb Normal file
View file

@ -0,0 +1,31 @@
require 'rails_helper'
RSpec.describe 'OAuth', type: :request do
describe 'request handling' do
it 'does o365 - start' do
get '/auth/microsoft_office365'
expect(response).to have_http_status(302)
expect(response.body).to include('https://login.microsoftonline.com/common/oauth2/v2.0/authorize')
expect(response.body).to include('redirect_uri=http%3A%2F%2Fzammad.example.com%2Fauth%2Fmicrosoft_office365%2Fcallback')
expect(response.body).to include('scope=openid+email+profile')
expect(response.body).to include('response_type=code')
end
it 'does o365 - callback' do
get '/auth/microsoft_office365/callback?code=1234&state=1234'
expect(response).to have_http_status(302)
expect(response.body).to include('302 Moved')
end
it 'does auth failure' do
get '/auth/failure?message=123&strategy=some_provider'
expect(response).to have_http_status(422)
expect(response.body).to include('<title>422: Unprocessable Entity</title>')
expect(response.body).to include('<h1>422: The change you wanted was rejected.</h1>')
expect(response.body).to include('<div>Message from some_provider: 123</div>')
end
end
end

557
spec/requests/organization_spec.rb Normal file
View file

@ -0,0 +1,557 @@
require 'rails_helper'
RSpec.describe 'Organization', type: :request, searchindex: true do
let!(:admin_user) do
create(:admin_user, groups: Group.all)
end
let!(:agent_user) do
create(:agent_user, firstname: 'Search 1234', groups: Group.all)
end
let!(:customer_user) do
create(:customer_user)
end
let!(:organization) do
create(
:organization,
name: 'Rest Org #1',
note: 'Rest Org #1',
created_at: '2017-09-05 10:00:00',
)
end
let!(:organization2) do
create(
:organization,
name: 'Rest Org #2',
note: 'Rest Org #2',
created_at: '2017-09-05 11:00:00',
)
end
let!(:organization3) do
create(
:organization,
name: 'Rest Org #3',
note: 'Rest Org #3',
created_at: '2017-09-05 12:00:00',
)
end
let!(:customer_user2) do
create(:customer_user, organization: organization)
end
before(:each) do
configure_elasticsearch do
travel 1.minute
rebuild_searchindex
# execute background jobs
Scheduler.worker(true)
sleep 6
end
end
describe 'request handling' do
it 'does index with agent' do
# index
authenticated_as(agent_user)
get '/api/v1/organizations', params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response[0]['member_ids']).to be_a_kind_of(Array)
expect(json_response.length >= 3).to be_truthy
get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
organizations = Organization.order(:id).limit(2)
expect(json_response[0]['id']).to eq(organizations[0].id)
expect(json_response[0]['member_ids']).to eq(organizations[0].member_ids)
expect(json_response[1]['id']).to eq(organizations[1].id)
expect(json_response[1]['member_ids']).to eq(organizations[1].member_ids)
expect(json_response.count).to eq(2)
get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
organizations = Organization.order(:id).limit(4)
expect(json_response[0]['id']).to eq(organizations[2].id)
expect(json_response[0]['member_ids']).to eq(organizations[2].member_ids)
expect(json_response[1]['id']).to eq(organizations[3].id)
expect(json_response[1]['member_ids']).to eq(organizations[3].member_ids)
expect(json_response.count).to eq(2)
# show/:id
get "/api/v1/organizations/#{organization.id}", params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['member_ids']).to be_a_kind_of(Array)
expect(json_response['members']).to be_falsey
expect('Rest Org #1').to eq(json_response['name'])
get "/api/v1/organizations/#{organization2.id}", params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['member_ids']).to be_a_kind_of(Array)
expect(json_response['members']).to be_falsey
expect('Rest Org #2').to eq(json_response['name'])
# search as agent
Scheduler.worker(true)
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response[0]['name']).to eq('Zammad Foundation')
expect(json_response[0]['member_ids']).to be_truthy
expect(json_response[0]['members']).to be_falsey
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response[0]['name']).to eq('Zammad Foundation')
expect(json_response[0]['member_ids']).to be_truthy
expect(json_response[0]['members']).to be_truthy
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response[0]['label']).to eq('Zammad Foundation')
expect(json_response[0]['value']).to eq('Zammad Foundation')
expect(json_response[0]['member_ids']).to be_falsey
expect(json_response[0]['members']).to be_falsey
end
it 'does index with customer1' do
# index
authenticated_as(customer_user)
get '/api/v1/organizations', params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response.length).to eq(0)
# show/:id
get "/api/v1/organizations/#{organization.id}", params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['name']).to be_nil
get "/api/v1/organizations/#{organization2.id}", params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['name']).to be_nil
# search
Scheduler.worker(true)
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, as: :json
expect(response).to have_http_status(401)
end
it 'does index with customer2' do
# index
authenticated_as(customer_user2)
get '/api/v1/organizations', params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response.length).to eq(1)
# show/:id
get "/api/v1/organizations/#{organization.id}", params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect('Rest Org #1').to eq(json_response['name'])
get "/api/v1/organizations/#{organization2.id}", params: {}, as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['name']).to be_nil
# search
Scheduler.worker(true)
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, as: :json
expect(response).to have_http_status(401)
end
it 'does organization search sortable' do
authenticated_as(admin_user)
get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: {}, as: :json
expect(response).to have_http_status(200)
result = json_response
result.collect! { |v| v['id'] }
expect(result).to be_a_kind_of(Array)
expect(result).to eq([ organization.id, organization3.id, organization2.id ])
get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'created_at', order_by: 'asc' }, as: :json
expect(response).to have_http_status(200)
result = json_response
result.collect! { |v| v['id'] }
expect(result).to be_a_kind_of(Array)
expect(result).to eq([ organization.id, organization2.id, organization3.id ])
get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'note', order_by: 'asc' }, as: :json
expect(response).to have_http_status(200)
result = json_response
result.collect! { |v| v['id'] }
expect(result).to be_a_kind_of(Array)
expect(result).to eq([ organization.id, organization2.id, organization3.id ])
get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'note', order_by: 'desc' }, as: :json
expect(response).to have_http_status(200)
result = json_response
result.collect! { |v| v['id'] }
expect(result).to be_a_kind_of(Array)
expect(result).to eq([ organization3.id, organization2.id, organization.id ])
get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: %w[note created_at], order_by: %w[desc asc] }, as: :json
expect(response).to have_http_status(200)
result = json_response
result.collect! { |v| v['id'] }
expect(result).to be_a_kind_of(Array)
expect(result).to eq([ organization3.id, organization2.id, organization.id ])
end
it 'does organization show and response format' do
organization = create(
:organization,
name: 'Rest Org NEW',
members: [customer_user],
updated_by_id: admin_user.id,
created_by_id: admin_user.id,
)
authenticated_as(admin_user)
get "/api/v1/organizations/#{organization.id}", params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['id']).to eq(organization.id)
expect(json_response['name']).to eq(organization.name)
expect(json_response['members']).to be_falsey
expect(json_response['member_ids']).to eq([customer_user.id])
expect(json_response['updated_by_id']).to eq(admin_user.id)
expect(json_response['created_by_id']).to eq(admin_user.id)
get "/api/v1/organizations/#{organization.id}?expand=true", params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['id']).to eq(organization.id)
expect(json_response['name']).to eq(organization.name)
expect(json_response['members']).to be_truthy
expect(json_response['member_ids']).to eq([customer_user.id])
expect(json_response['updated_by_id']).to eq(admin_user.id)
expect(json_response['created_by_id']).to eq(admin_user.id)
get "/api/v1/organizations/#{organization.id}?expand=false", params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['id']).to eq(organization.id)
expect(json_response['name']).to eq(organization.name)
expect(json_response['members']).to be_falsey
expect(json_response['member_ids']).to eq([customer_user.id])
expect(json_response['updated_by_id']).to eq(admin_user.id)
expect(json_response['created_by_id']).to eq(admin_user.id)
get "/api/v1/organizations/#{organization.id}?full=true", params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['id']).to eq(organization.id)
expect(json_response['assets']).to be_truthy
expect(json_response['assets']['Organization']).to be_truthy
expect(json_response['assets']['Organization'][organization.id.to_s]).to be_truthy
expect(json_response['assets']['Organization'][organization.id.to_s]['id']).to eq(organization.id)
expect(json_response['assets']['Organization'][organization.id.to_s]['name']).to eq(organization.name)
expect(json_response['assets']['Organization'][organization.id.to_s]['member_ids']).to eq(organization.member_ids)
expect(json_response['assets']['Organization'][organization.id.to_s]['members']).to be_falsey
get "/api/v1/organizations/#{organization.id}?full=false", params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['id']).to eq(organization.id)
expect(json_response['name']).to eq(organization.name)
expect(json_response['members']).to be_falsey
expect(json_response['member_ids']).to eq([customer_user.id])
expect(json_response['updated_by_id']).to eq(admin_user.id)
expect(json_response['created_by_id']).to eq(admin_user.id)
end
it 'does organization index and response format' do
organization = create(
:organization,
name: 'Rest Org NEW',
members: [customer_user],
updated_by_id: admin_user.id,
created_by_id: admin_user.id,
)
authenticated_as(admin_user)
get '/api/v1/organizations', params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response[0].class).to eq(Hash)
expect(json_response.last['id']).to eq(organization.id)
expect(json_response.last['name']).to eq(organization.name)
expect(json_response.last['members']).to be_falsey
expect(json_response.last['member_ids']).to eq(organization.member_ids)
expect(json_response.last['updated_by_id']).to eq(admin_user.id)
expect(json_response.last['created_by_id']).to eq(admin_user.id)
get '/api/v1/organizations?expand=true', params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response[0].class).to eq(Hash)
expect(json_response.last['id']).to eq(organization.id)
expect(json_response.last['name']).to eq(organization.name)
expect(json_response.last['member_ids']).to eq(organization.member_ids)
expect([customer_user.login]).to eq(organization.members.pluck(:login))
expect(json_response.last['updated_by_id']).to eq(admin_user.id)
expect(json_response.last['created_by_id']).to eq(admin_user.id)
get '/api/v1/organizations?expand=false', params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response[0].class).to eq(Hash)
expect(json_response.last['id']).to eq(organization.id)
expect(json_response.last['name']).to eq(organization.name)
expect(json_response.last['members']).to be_falsey
expect(json_response.last['member_ids']).to eq(organization.member_ids)
expect(json_response.last['updated_by_id']).to eq(admin_user.id)
expect(json_response.last['created_by_id']).to eq(admin_user.id)
get '/api/v1/organizations?full=true', params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['record_ids'].class).to eq(Array)
expect(json_response['record_ids'][0]).to eq(1)
expect(json_response['record_ids'].last).to eq(organization.id)
expect(json_response['assets']).to be_truthy
expect(json_response['assets']['Organization']).to be_truthy
expect(json_response['assets']['Organization'][organization.id.to_s]).to be_truthy
expect(json_response['assets']['Organization'][organization.id.to_s]['id']).to eq(organization.id)
expect(json_response['assets']['Organization'][organization.id.to_s]['name']).to eq(organization.name)
expect(json_response['assets']['Organization'][organization.id.to_s]['member_ids']).to eq(organization.member_ids)
expect(json_response['assets']['Organization'][organization.id.to_s]['members']).to be_falsey
get '/api/v1/organizations?full=false', params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response[0].class).to eq(Hash)
expect(json_response.last['id']).to eq(organization.id)
expect(json_response.last['name']).to eq(organization.name)
expect(json_response.last['members']).to be_falsey
expect(json_response.last['member_ids']).to eq(organization.member_ids)
expect(json_response.last['updated_by_id']).to eq(admin_user.id)
expect(json_response.last['created_by_id']).to eq(admin_user.id)
end
it 'does ticket create and response format' do
params = {
name: 'Rest Org NEW',
members: [customer_user.login],
}
authenticated_as(admin_user)
post '/api/v1/organizations', params: params, as: :json
expect(response).to have_http_status(201)
expect(json_response).to be_a_kind_of(Hash)
organization = Organization.find(json_response['id'])
expect(json_response['name']).to eq(organization.name)
expect(json_response['member_ids']).to eq(organization.member_ids)
expect(json_response['members']).to be_falsey
expect(json_response['updated_by_id']).to eq(admin_user.id)
expect(json_response['created_by_id']).to eq(admin_user.id)
params[:name] = 'Rest Org NEW #2'
post '/api/v1/organizations?expand=true', params: params, as: :json
expect(response).to have_http_status(201)
expect(json_response).to be_a_kind_of(Hash)
organization = Organization.find(json_response['id'])
expect(json_response['name']).to eq(organization.name)
expect(json_response['member_ids']).to eq(organization.member_ids)
expect(json_response['members']).to eq(organization.members.pluck(:login))
expect(json_response['updated_by_id']).to eq(admin_user.id)
expect(json_response['created_by_id']).to eq(admin_user.id)
params[:name] = 'Rest Org NEW #3'
post '/api/v1/organizations?full=true', params: params, as: :json
expect(response).to have_http_status(201)
expect(json_response).to be_a_kind_of(Hash)
organization = Organization.find(json_response['id'])
expect(json_response['assets']).to be_truthy
expect(json_response['assets']['Organization']).to be_truthy
expect(json_response['assets']['Organization'][organization.id.to_s]).to be_truthy
expect(json_response['assets']['Organization'][organization.id.to_s]['id']).to eq(organization.id)
expect(json_response['assets']['Organization'][organization.id.to_s]['name']).to eq(organization.name)
expect(json_response['assets']['Organization'][organization.id.to_s]['member_ids']).to eq(organization.member_ids)
expect(json_response['assets']['Organization'][organization.id.to_s]['members']).to be_falsey
end
it 'does ticket update and response formats' do
organization = create(
:organization,
name: 'Rest Org NEW',
members: [customer_user],
updated_by_id: admin_user.id,
created_by_id: admin_user.id,
)
params = {
name: 'a update name #1',
}
authenticated_as(admin_user)
put "/api/v1/organizations/#{organization.id}", params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
organization = Organization.find(json_response['id'])
expect(json_response['name']).to eq(params[:name])
expect(json_response['member_ids']).to eq(organization.member_ids)
expect(json_response['members']).to be_falsey
expect(json_response['updated_by_id']).to eq(admin_user.id)
expect(json_response['created_by_id']).to eq(admin_user.id)
params = {
name: 'a update name #2',
}
put "/api/v1/organizations/#{organization.id}?expand=true", params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
organization = Organization.find(json_response['id'])
expect(json_response['name']).to eq(params[:name])
expect(json_response['member_ids']).to eq(organization.member_ids)
expect([customer_user.login]).to eq(organization.members.pluck(:login))
expect(json_response['updated_by_id']).to eq(admin_user.id)
expect(json_response['created_by_id']).to eq(admin_user.id)
params = {
name: 'a update name #3',
}
put "/api/v1/organizations/#{organization.id}?full=true", params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
organization = Organization.find(json_response['id'])
expect(json_response['assets']).to be_truthy
expect(json_response['assets']['Organization']).to be_truthy
expect(json_response['assets']['Organization'][organization.id.to_s]).to be_truthy
expect(json_response['assets']['Organization'][organization.id.to_s]['id']).to eq(organization.id)
expect(json_response['assets']['Organization'][organization.id.to_s]['name']).to eq(params[:name])
expect(json_response['assets']['Organization'][organization.id.to_s]['member_ids']).to eq(organization.member_ids)
expect(json_response['assets']['Organization'][organization.id.to_s]['members']).to be_falsey
end
it 'does csv example - customer no access' do
authenticated_as(customer_user)
get '/api/v1/organizations/import_example', params: {}, as: :json
expect(response).to have_http_status(401)
expect(json_response['error']).to eq('Not authorized (user)!')
end
it 'does csv example - admin access' do
authenticated_as(admin_user)
get '/api/v1/organizations/import_example', params: {}, as: :json
expect(response).to have_http_status(200)
rows = CSV.parse(@response.body)
header = rows.shift
expect(header[0]).to eq('id')
expect(header[1]).to eq('name')
expect(header[2]).to eq('shared')
expect(header[3]).to eq('domain')
expect(header[4]).to eq('domain_assignment')
expect(header[5]).to eq('active')
expect(header[6]).to eq('note')
expect(header.include?('members')).to be_truthy
end
it 'does csv import - admin access' do
UserInfo.current_user_id = 1
customer1 = create(
:customer_user,
login: 'customer1-members@example.com',
firstname: 'Member',
lastname: 'Customer',
email: 'customer1-members@example.com',
password: 'customerpw',
active: true,
)
customer2 = create(
:customer_user,
login: 'customer2-members@example.com',
firstname: 'Member',
lastname: 'Customer',
email: 'customer2-members@example.com',
password: 'customerpw',
active: true,
)
UserInfo.current_user_id = nil
# invalid file
authenticated_as(admin_user)
csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple_col_not_existing.csv')
csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' }
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['try']).to eq(true)
expect(json_response['records'].count).to eq(2)
expect(json_response['result']).to eq('failed')
expect(json_response['errors'].count).to eq(2)
expect(json_response['errors'][0]).to eq("Line 1: unknown attribute 'name2' for Organization.")
expect(json_response['errors'][1]).to eq("Line 2: unknown attribute 'name2' for Organization.")
# valid file try
csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv')
csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' }
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['try']).to eq(true)
expect(json_response['records'].count).to eq(2)
expect(json_response['result']).to eq('success')
expect(Organization.find_by(name: 'organization-member-import1')).to be_nil
expect(Organization.find_by(name: 'organization-member-import2')).to be_nil
# valid file
csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv')
csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
post '/api/v1/organizations/import', params: { file: csv_file, col_sep: ';' }
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['try']).to eq(false)
expect(json_response['records'].count).to eq(2)
expect(json_response['result']).to eq('success')
organization1 = Organization.find_by(name: 'organization-member-import1')
expect(organization1).to be_truthy
expect(organization1.name).to eq('organization-member-import1')
expect(organization1.members.count).to eq(1)
expect(organization1.members.first.login).to eq(customer1.login)
expect(organization1.active).to eq(true)
organization2 = Organization.find_by(name: 'organization-member-import2')
expect(organization2).to be_truthy
expect(organization2.name).to eq('organization-member-import2')
expect(organization2.members.count).to eq(1)
expect(organization2.members.first.login).to eq(customer2.login)
expect(organization2.active).to eq(false)
end
end
end

186
spec/requests/overview_spec.rb Normal file
View file

@ -0,0 +1,186 @@
require 'rails_helper'
RSpec.describe 'Overviews', type: :request do
let(:admin_user) do
create(:admin_user)
end
describe 'request handling' do
it 'does return no permissions' do
params = {
name: 'Overview2',
link: 'my_overview',
roles: Role.where(name: 'Agent').pluck(:name),
condition: {
'ticket.state_id' => {
operator: 'is',
value: [1, 2, 3],
},
},
order: {
by: 'created_at',
direction: 'DESC',
},
view: {
d: %w[title customer state created_at],
s: %w[number title customer state created_at],
m: %w[number title customer state created_at],
view_mode_default: 's',
},
}
agent_user = create(:agent_user, password: 'we need a password here')
authenticated_as(agent_user)
post '/api/v1/overviews', params: params, as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('authentication failed')
end
it 'does create overviews' do
params = {
name: 'Overview2',
link: 'my_overview',
roles: Role.where(name: 'Agent').pluck(:name),
condition: {
'ticket.state_id' => {
operator: 'is',
value: [1, 2, 3],
},
},
order: {
by: 'created_at',
direction: 'DESC',
},
view: {
d: %w[title customer state created_at],
s: %w[number title customer state created_at],
m: %w[number title customer state created_at],
view_mode_default: 's',
},
}
authenticated_as(admin_user)
post '/api/v1/overviews', params: params, as: :json
expect(response).to have_http_status(201)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['name']).to eq('Overview2')
expect(json_response['link']).to eq('my_overview')
post '/api/v1/overviews', params: params, as: :json
expect(response).to have_http_status(201)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['name']).to eq('Overview2')
expect(json_response['link']).to eq('my_overview_1')
end
it 'does set mass prio' do
roles = Role.where(name: 'Agent')
overview1 = Overview.create!(
name: 'Overview1',
link: 'my_overview',
roles: roles,
condition: {
'ticket.state_id' => {
operator: 'is',
value: [1, 2, 3],
},
},
order: {
by: 'created_at',
direction: 'DESC',
},
view: {
d: %w[title customer state created_at],
s: %w[number title customer state created_at],
m: %w[number title customer state created_at],
view_mode_default: 's',
},
prio: 1,
updated_by_id: 1,
created_by_id: 1,
)
overview2 = Overview.create!(
name: 'Overview2',
link: 'my_overview',
roles: roles,
condition: {
'ticket.state_id' => {
operator: 'is',
value: [1, 2, 3],
},
},
order: {
by: 'created_at',
direction: 'DESC',
},
view: {
d: %w[title customer state created_at],
s: %w[number title customer state created_at],
m: %w[number title customer state created_at],
view_mode_default: 's',
},
prio: 2,
updated_by_id: 1,
created_by_id: 1,
)
params = {
prios: [
[overview2.id, 1],
[overview1.id, 2],
]
}
authenticated_as(admin_user)
post '/api/v1/overviews_prio', params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['success']).to eq(true)
overview1.reload
overview2.reload
expect(overview1.prio).to eq(2)
expect(overview2.prio).to eq(1)
end
it 'does create an overview with group_by direction' do
params = {
name: 'Overview2',
link: 'my_overview',
roles: Role.where(name: 'Agent').pluck(:name),
condition: {
'ticket.state_id' => {
operator: 'is',
value: [1, 2, 3],
},
},
order: {
by: 'created_at',
direction: 'DESC',
},
group_by: 'priority',
group_direction: 'ASC',
view: {
d: %w[title customer state created_at],
s: %w[number title customer state created_at],
m: %w[number title customer state created_at],
view_mode_default: 's',
},
}
authenticated_as(admin_user)
post '/api/v1/overviews', params: params, as: :json
expect(response).to have_http_status(201)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['name']).to eq('Overview2')
expect(json_response['link']).to eq('my_overview')
expect(json_response['group_by']).to eq('priority')
expect(json_response['group_direction']).to eq('ASC')
end
end
end

75
spec/requests/package_spec.rb Normal file
View file

@ -0,0 +1,75 @@
require 'rails_helper'
RSpec.describe 'Packages', type: :request do
let(:admin_user) do
create(:admin_user)
end
let(:agent_user) do
create(:agent_user)
end
let(:customer_user) do
create(:customer_user)
end
describe 'request handling' do
it 'does packages index with nobody' do
get '/api/v1/packages', as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['packages']).to be_falsey
expect(json_response['error']).to eq('authentication failed')
end
it 'does packages index with admin' do
authenticated_as(admin_user)
get '/api/v1/packages', as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['packages']).to be_truthy
end
it 'does packages index with admin and wrong pw' do
authenticated_as(admin_user, password: 'wrongadminpw')
get '/api/v1/packages', as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('authentication failed')
end
it 'does packages index with inactive admin' do
admin_user = create(:admin_user, active: false, password: 'we need a password here')
authenticated_as(admin_user)
get '/api/v1/packages', as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('authentication failed')
end
it 'does packages index with agent' do
authenticated_as(agent_user)
get '/api/v1/packages', as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['packages']).to be_falsey
expect(json_response['error']).to eq('Not authorized (user)!')
end
it 'does packages index with customer' do
authenticated_as(customer_user)
get '/api/v1/packages', as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['packages']).to be_falsey
expect(json_response['error']).to eq('Not authorized (user)!')
end
end
end

59
spec/requests/report_spec.rb Normal file
View file

@ -0,0 +1,59 @@
require 'rails_helper'
RSpec.describe 'Report', type: :request, searchindex: true do
let!(:admin_user) do
create(:admin_user)
end
let!(:agent_user) do
create(:agent_user)
end
let!(:customer_user) do
create(:customer_user)
end
let!(:year) do
DateTime.now.utc.year
end
let!(:month) do
DateTime.now.utc.month
end
let!(:week) do
DateTime.now.utc.strftime('%U').to_i
end
let!(:day) do
DateTime.now.utc.day
end
let!(:ticket) do
create(:ticket, title: 'ticket for report', customer: customer_user)
end
let!(:article) do
create(:ticket_article, ticket_id: ticket.id, type: Ticket::Article::Type.lookup(name: 'note') )
end
before(:each) do
configure_elasticsearch do
travel 1.minute
rebuild_searchindex
# execute background jobs
Scheduler.worker(true)
sleep 6
end
end
describe 'request handling' do
it 'does report example - admin access' do
authenticated_as(admin_user)
get "/api/v1/reports/sets?sheet=true;metric=count;year=#{year};month=#{month};week=#{week};day=#{day};timeRange=year;profile_id=1;downloadBackendSelected=count::created", params: {}, as: :json
expect(response).to have_http_status(200)
assert(@response['Content-Disposition'])
expect(@response['Content-Disposition']).to eq('attachment; filename="tickets--all--Created.xls"')
expect(@response['Content-Type']).to eq('application/vnd.ms-excel')
end
end
end

330
spec/requests/search_spec.rb Normal file
View file

@ -0,0 +1,330 @@
require 'rails_helper'
RSpec.describe 'Search', type: :request, searchindex: true do
let!(:admin_user) do
create(:admin_user, groups: Group.all)
end
let!(:agent_user) do
create(:agent_user, firstname: 'Search 1234', groups: Group.all)
end
let!(:customer_user) do
create(:customer_user)
end
let!(:organization1) do
create(:organization, name: 'Rest Org')
end
let!(:organization2) do
create(:organization, name: 'Rest Org #2')
end
let!(:organization3) do
create(:organization, name: 'Rest Org #3')
end
let!(:organization4) do
create(:organization, name: 'Tes.t. Org')
end
let!(:organization5) do
create(:organization, name: 'ABC_D Org')
end
let!(:customer_user2) do
create(:customer_user, organization: organization1)
end
let!(:customer_user3) do
create(:customer_user, organization: organization1)
end
let!(:ticket1) do
create(:ticket, title: 'test 1234-1', customer: customer_user)
end
let!(:ticket2) do
create(:ticket, title: 'test 1234-2', customer: customer_user2)
end
let!(:ticket3) do
create(:ticket, title: 'test 1234-2', customer: customer_user3)
end
let!(:article1) do
create(:ticket_article, ticket_id: ticket1.id)
end
let!(:article2) do
create(:ticket_article, ticket_id: ticket2.id)
end
let!(:article3) do
create(:ticket_article, ticket_id: ticket3.id)
end
before(:each) do
configure_elasticsearch do
travel 1.minute
rebuild_searchindex
# execute background jobs
Scheduler.worker(true)
sleep 6
end
end
describe 'request handling' do
it 'does settings index with nobody' do
params = {
query: 'test 1234',
limit: 2,
}
post '/api/v1/search/ticket', params: params, as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response).to_not be_blank
expect(json_response['error']).to eq('authentication failed')
post '/api/v1/search/user', params: params, as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response).to_not be_blank
expect(json_response['error']).to eq('authentication failed')
post '/api/v1/search', params: params, as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response).to_not be_blank
expect(json_response['error']).to eq('authentication failed')
end
it 'does settings index with admin' do
params = {
query: '1234*',
limit: 1,
}
authenticated_as(admin_user)
post '/api/v1/search', params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response).to be_truthy
expect(json_response['result'][0]['type']).to eq('Ticket')
expect(json_response['result'][0]['id']).to eq(ticket3.id)
expect(json_response['result'][1]['type']).to eq('User')
expect(json_response['result'][1]['id']).to eq(agent_user.id)
expect(json_response['result'][2]).to be_falsey
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search', params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response).to be_truthy
expect(json_response['result'][0]['type']).to eq('Ticket')
expect(json_response['result'][0]['id']).to eq(ticket3.id)
expect(json_response['result'][1]['type']).to eq('Ticket')
expect(json_response['result'][1]['id']).to eq(ticket2.id)
expect(json_response['result'][2]['type']).to eq('Ticket')
expect(json_response['result'][2]['id']).to eq(ticket1.id)
expect(json_response['result'][3]['type']).to eq('User')
expect(json_response['result'][3]['id']).to eq(agent_user.id)
expect(json_response['result'][4]).to be_falsey
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search/ticket', params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response).to be_truthy
expect(json_response['result'][0]['type']).to eq('Ticket')
expect(json_response['result'][0]['id']).to eq(ticket3.id)
expect(json_response['result'][1]['type']).to eq('Ticket')
expect(json_response['result'][1]['id']).to eq(ticket2.id)
expect(json_response['result'][2]['type']).to eq('Ticket')
expect(json_response['result'][2]['id']).to eq(ticket1.id)
expect(json_response['result'][3]).to be_falsey
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search/user', params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['result'][0]['type']).to eq('User')
expect(json_response['result'][0]['id']).to eq(agent_user.id)
expect(json_response['result'][1]).to be_falsey
end
it 'does settings index with agent' do
params = {
query: '1234*',
limit: 1,
}
authenticated_as(agent_user)
post '/api/v1/search', params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response).to be_truthy
expect(json_response['result'][0]['type']).to eq('Ticket')
expect(json_response['result'][0]['id']).to eq(ticket3.id)
expect(json_response['result'][1]['type']).to eq('User')
expect(json_response['result'][1]['id']).to eq(agent_user.id)
expect(json_response['result'][2]).to be_falsey
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search', params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response).to be_truthy
expect(json_response['result'][0]['type']).to eq('Ticket')
expect(json_response['result'][0]['id']).to eq(ticket3.id)
expect(json_response['result'][1]['type']).to eq('Ticket')
expect(json_response['result'][1]['id']).to eq(ticket2.id)
expect(json_response['result'][2]['type']).to eq('Ticket')
expect(json_response['result'][2]['id']).to eq(ticket1.id)
expect(json_response['result'][3]['type']).to eq('User')
expect(json_response['result'][3]['id']).to eq(agent_user.id)
expect(json_response['result'][4]).to be_falsey
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search/ticket', params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response).to be_truthy
expect(json_response['result'][0]['type']).to eq('Ticket')
expect(json_response['result'][0]['id']).to eq(ticket3.id)
expect(json_response['result'][1]['type']).to eq('Ticket')
expect(json_response['result'][1]['id']).to eq(ticket2.id)
expect(json_response['result'][2]['type']).to eq('Ticket')
expect(json_response['result'][2]['id']).to eq(ticket1.id)
expect(json_response['result'][3]).to be_falsey
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search/user', params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['result'][0]['type']).to eq('User')
expect(json_response['result'][0]['id']).to eq(agent_user.id)
expect(json_response['result'][1]).to be_falsey
end
it 'does settings index with customer 1' do
params = {
query: '1234*',
limit: 10,
}
authenticated_as(customer_user)
post '/api/v1/search', params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response).to be_truthy
expect(json_response['result'][0]['type']).to eq('Ticket')
expect(json_response['result'][0]['id']).to eq(ticket1.id)
expect(json_response['result'][1]).to be_falsey
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search/ticket', params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response).to be_truthy
expect(json_response['result'][0]['type']).to eq('Ticket')
expect(json_response['result'][0]['id']).to eq(ticket1.id)
expect(json_response['result'][1]).to be_falsey
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search/user', params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['result'][0]).to be_falsey
end
it 'does settings index with customer 2' do
params = {
query: '1234*',
limit: 10,
}
authenticated_as(customer_user2)
post '/api/v1/search', params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response).to be_truthy
expect(json_response['result'][0]['type']).to eq('Ticket')
expect(json_response['result'][0]['id']).to eq(ticket3.id)
expect(json_response['result'][1]['type']).to eq('Ticket')
expect(json_response['result'][1]['id']).to eq(ticket2.id)
expect(json_response['result'][2]).to be_falsey
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search/ticket', params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response).to be_truthy
expect(json_response['result'][0]['type']).to eq('Ticket')
expect(json_response['result'][0]['id']).to eq(ticket3.id)
expect(json_response['result'][1]['type']).to eq('Ticket')
expect(json_response['result'][1]['id']).to eq(ticket2.id)
expect(json_response['result'][2]).to be_falsey
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search/user', params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['result'][0]).to be_falsey
end
# Verify fix for Github issue #2058 - Autocomplete hangs on dot in the new user form
it 'does searching for organization with a dot in its name' do
authenticated_as(agent_user)
get '/api/v1/search/organization?query=tes.', as: :json
expect(response).to have_http_status(200)
expect(json_response['result'].size).to eq(1)
expect(json_response['result'][0]['type']).to eq('Organization')
target_id = json_response['result'][0]['id']
expect(json_response['assets']['Organization'][target_id.to_s]['name']).to eq('Tes.t. Org')
end
# Search query H& should correctly match H&M
it 'does searching for organization with _ in its name' do
authenticated_as(agent_user)
get '/api/v1/search/organization?query=abc_', as: :json
expect(response).to have_http_status(200)
expect(json_response['result'].size).to eq(1)
expect(json_response['result'][0]['type']).to eq('Organization')
target_id = json_response['result'][0]['id']
expect(json_response['assets']['Organization'][target_id.to_s]['name']).to eq('ABC_D Org')
end
end
end

227
spec/requests/settings_spec.rb Normal file
View file

@ -0,0 +1,227 @@
require 'rails_helper'
RSpec.describe 'Settings', type: :request do
let(:admin_user) do
create(:admin_user)
end
let(:admin_api_user) do
role_api = create(:role)
role_api.permission_grant('admin.api')
create(:admin_user, roles: [role_api])
end
let(:agent_user) do
create(:agent_user)
end
let(:customer_user) do
create(:customer_user)
end
describe 'request handling' do
it 'does settings index with nobody' do
# index
get '/api/v1/settings', params: {}, as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['settings']).to be_falsey
# show
setting = Setting.find_by(name: 'product_name')
get "/api/v1/settings/#{setting.id}", params: {}, as: :json
expect(response).to have_http_status(401)
expect(json_response['error']).to eq('authentication failed')
end
it 'does settings index with admin' do
# index
authenticated_as(admin_user)
get '/api/v1/settings', params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response).to be_truthy
hit_api = false
hit_product_name = false
json_response.each do |setting|
if setting['name'] == 'api_token_access'
hit_api = true
end
if setting['name'] == 'product_name'
hit_product_name = true
end
end
expect(hit_api).to eq(true)
expect(hit_product_name).to eq(true)
# show
setting = Setting.find_by(name: 'product_name')
get "/api/v1/settings/#{setting.id}", params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['name']).to eq('product_name')
setting = Setting.find_by(name: 'api_token_access')
get "/api/v1/settings/#{setting.id}", params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['name']).to eq('api_token_access')
# update
setting = Setting.find_by(name: 'product_name')
params = {
id: setting.id,
name: 'some_new_name',
preferences: {
permission: ['admin.branding', 'admin.some_new_permission'],
some_new_key: true,
}
}
put "/api/v1/settings/#{setting.id}", params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['name']).to eq('product_name')
expect(json_response['preferences']['permission'].length).to eq(1)
expect(json_response['preferences']['permission'][0]).to eq('admin.branding')
expect(json_response['preferences']['some_new_key']).to eq(true)
# update
setting = Setting.find_by(name: 'api_token_access')
params = {
id: setting.id,
name: 'some_new_name',
preferences: {
permission: ['admin.branding', 'admin.some_new_permission'],
some_new_key: true,
}
}
put "/api/v1/settings/#{setting.id}", params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['name']).to eq('api_token_access')
expect(json_response['preferences']['permission'].length).to eq(1)
expect(json_response['preferences']['permission'][0]).to eq('admin.api')
expect(json_response['preferences']['some_new_key']).to eq(true)
# delete
setting = Setting.find_by(name: 'product_name')
delete "/api/v1/settings/#{setting.id}", params: {}, as: :json
expect(response).to have_http_status(401)
expect(json_response['error']).to eq('Not authorized (feature not possible)')
end
it 'does settings index with admin-api' do
# index
authenticated_as(admin_api_user)
get '/api/v1/settings', params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response).to be_truthy
hit_api = false
hit_product_name = false
json_response.each do |setting|
if setting['name'] == 'api_token_access'
hit_api = true
end
if setting['name'] == 'product_name'
hit_product_name = true
end
end
expect(hit_api).to eq(true)
expect(hit_product_name).to eq(false)
# show
setting = Setting.find_by(name: 'product_name')
get "/api/v1/settings/#{setting.id}", params: {}, as: :json
expect(response).to have_http_status(401)
expect(json_response['error']).to eq('Not authorized (required ["admin.branding"])')
setting = Setting.find_by(name: 'api_token_access')
get "/api/v1/settings/#{setting.id}", params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['name']).to eq('api_token_access')
# update
setting = Setting.find_by(name: 'product_name')
params = {
id: setting.id,
name: 'some_new_name',
preferences: {
permission: ['admin.branding', 'admin.some_new_permission'],
some_new_key: true,
}
}
put "/api/v1/settings/#{setting.id}", params: params, as: :json
expect(response).to have_http_status(401)
expect(json_response['error']).to eq('Not authorized (required ["admin.branding"])')
# update
setting = Setting.find_by(name: 'api_token_access')
params = {
id: setting.id,
name: 'some_new_name',
preferences: {
permission: ['admin.branding', 'admin.some_new_permission'],
some_new_key: true,
}
}
put "/api/v1/settings/#{setting.id}", params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['name']).to eq('api_token_access')
expect(json_response['preferences']['permission'].length).to eq(1)
expect(json_response['preferences']['permission'][0]).to eq('admin.api')
expect(json_response['preferences']['some_new_key']).to eq(true)
# delete
setting = Setting.find_by(name: 'product_name')
delete "/api/v1/settings/#{setting.id}", params: {}, as: :json
expect(response).to have_http_status(401)
expect(json_response['error']).to eq('Not authorized (feature not possible)')
end
it 'does settings index with agent' do
# index
authenticated_as(agent_user)
get '/api/v1/settings', params: {}, as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['settings']).to be_falsey
expect(json_response['error']).to eq('Not authorized (user)!')
# show
setting = Setting.find_by(name: 'product_name')
get "/api/v1/settings/#{setting.id}", params: {}, as: :json
expect(response).to have_http_status(401)
expect(json_response['error']).to eq('Not authorized (user)!')
end
it 'does settings index with customer' do
# index
authenticated_as(customer_user)
get '/api/v1/settings', params: {}, as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['settings']).to be_falsey
expect(json_response['error']).to eq('Not authorized (user)!')
# show
setting = Setting.find_by(name: 'product_name')
get "/api/v1/settings/#{setting.id}", params: {}, as: :json
expect(response).to have_http_status(401)
expect(json_response['error']).to eq('Not authorized (user)!')
# delete
setting = Setting.find_by(name: 'product_name')
delete "/api/v1/settings/#{setting.id}", params: {}, as: :json
expect(response).to have_http_status(401)
expect(json_response['error']).to eq('Not authorized (user)!')
end
end
end

45
spec/requests/sla_spec.rb Normal file
View file

@ -0,0 +1,45 @@
require 'rails_helper'
RSpec.describe 'SLAs', type: :request do
let(:admin_user) do
create(:admin_user)
end
describe 'request handling' do
it 'does index sla with nobody' do
get '/api/v1/slas', as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('authentication failed')
end
it 'does index sla with admin' do
authenticated_as(admin_user)
get '/api/v1/slas', as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response).to be_truthy
expect(json_response.count).to eq(0)
get '/api/v1/slas?expand=true', as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response).to be_truthy
expect(json_response.count).to eq(0)
get '/api/v1/slas?full=true', as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response).to be_truthy
expect(json_response['record_ids']).to be_truthy
expect(json_response['record_ids']).to be_blank
expect(json_response['assets']).to be_truthy
expect(json_response['assets']['Calendar']).to be_present
expect(json_response['assets']).to be_present
end
end
end

82
spec/requests/taskbar_spec.rb Normal file
View file

@ -0,0 +1,82 @@
require 'rails_helper'
RSpec.describe 'Taskbars', type: :request do
let(:agent_user) do
create(:agent_user)
end
let(:customer_user) do
create(:customer_user)
end
describe 'request handling' do
it 'does task ownership' do
params = {
user_id: customer_user.id,
client_id: '123',
key: 'Ticket-5',
callback: 'TicketZoom',
state: {
ticket: {
owner_id: agent_user.id,
},
article: {},
},
params: {
ticket_id: 5,
shown: true,
},
prio: 3,
notify: false,
active: false,
}
authenticated_as(agent_user)
post '/api/v1/taskbar', params: params, as: :json
expect(response).to have_http_status(201)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['client_id']).to eq('123')
expect(json_response['user_id']).to eq(agent_user.id)
expect(json_response['params']['ticket_id']).to eq(5)
expect(json_response['params']['shown']).to eq(true)
taskbar_id = json_response['id']
params[:user_id] = customer_user.id
params[:params] = {
ticket_id: 5,
shown: false,
}
put "/api/v1/taskbar/#{taskbar_id}", params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['client_id']).to eq('123')
expect(json_response['user_id']).to eq(agent_user.id)
expect(json_response['params']['ticket_id']).to eq(5)
expect(json_response['params']['shown']).to eq(false)
# try to access with other user
params = {
active: true,
}
authenticated_as(customer_user)
put "/api/v1/taskbar/#{taskbar_id}", params: params, as: :json
expect(response).to have_http_status(422)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('Not allowed to access this task.')
delete "/api/v1/taskbar/#{taskbar_id}", params: {}, as: :json
expect(response).to have_http_status(422)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('Not allowed to access this task.')
# delete with correct user
authenticated_as(agent_user)
delete "/api/v1/taskbar/#{taskbar_id}", params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response).to be_blank
end
end
end

104
spec/requests/text_module_spec.rb Normal file
View file

@ -0,0 +1,104 @@
require 'rails_helper'
require 'byebug'
RSpec.describe 'Text Module', type: :request do
let(:admin_user) do
create(:admin_user)
end
let(:agent_user) do
create(:agent_user)
end
let(:customer_user) do
create(:customer_user)
end
describe 'request handling' do
it 'does csv example - customer no access' do
authenticated_as(customer_user)
get '/api/v1/text_modules/import_example', as: :json
expect(response).to have_http_status(401)
expect(json_response['error']).to eq('Not authorized (user)!')
end
it 'does csv example - admin access' do
TextModule.load('en-en')
authenticated_as(admin_user)
get '/api/v1/text_modules/import_example', as: :json
expect(response).to have_http_status(200)
rows = CSV.parse(@response.body)
header = rows.shift
expect(header[0]).to eq('id')
expect(header[1]).to eq('name')
expect(header[2]).to eq('keywords')
expect(header[3]).to eq('content')
expect(header[4]).to eq('note')
expect(header[5]).to eq('active')
expect(header).to_not include('organization')
expect(header).to_not include('priority')
expect(header).to_not include('state')
expect(header).to_not include('owner')
expect(header).to_not include('customer')
end
it 'does csv import - admin access' do
# invalid file
csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple_col_not_existing.csv')
csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
authenticated_as(admin_user)
post '/api/v1/text_modules/import', params: { try: true, file: csv_file, col_sep: ';' }
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['try']).to be_truthy
expect(json_response['records'].count).to eq(2)
expect(json_response['result']).to eq('failed')
expect(json_response['errors'].count).to eq(2)
expect(json_response['errors'][0]).to eq("Line 1: unknown attribute 'keywords2' for TextModule.")
expect(json_response['errors'][1]).to eq("Line 2: unknown attribute 'keywords2' for TextModule.")
# valid file try
csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple.csv')
csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
post '/api/v1/text_modules/import?try=true', params: { file: csv_file, col_sep: ';' }
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['try']).to be_truthy
expect(json_response['records'].count).to eq(2)
expect(json_response['result']).to eq('success')
expect(TextModule.find_by(name: 'some name1')).to be_nil
expect(TextModule.find_by(name: 'some name2')).to be_nil
# valid file
csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple.csv')
csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
post '/api/v1/text_modules/import', params: { file: csv_file, col_sep: ';' }
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['try']).to eq(false)
expect(json_response['records'].count).to eq(2)
expect(json_response['result']).to eq('success')
text_module1 = TextModule.find_by(name: 'some name1')
expect(text_module1).to be_truthy
expect(text_module1.name).to eq('some name1')
expect(text_module1.keywords).to eq('keyword1')
expect(text_module1.content).to eq('some<br>content1')
expect(text_module1.active).to be_truthy
text_module2 = TextModule.find_by(name: 'some name2')
expect(text_module2).to be_truthy
expect(text_module2.name).to eq('some name2')
expect(text_module2.keywords).to eq('keyword2')
expect(text_module2.content).to eq('some content<br>test123')
expect(text_module2.active).to be_truthy
end
end
end

113
spec/requests/ticket/article_attachments_spec.rb Normal file
View file

@ -0,0 +1,113 @@
require 'rails_helper'
RSpec.describe 'Ticket Article Attachments', type: :request do
let(:agent_user) do
create(:agent_user, groups: Group.all)
end
describe 'request handling' do
it 'does test attachment urls' do
ticket1 = create(:ticket)
article1 = create(:ticket_article, ticket_id: ticket1.id)
store1 = Store.add(
object: 'Ticket::Article',
o_id: article1.id,
data: 'some content',
filename: 'some_file.txt',
preferences: {
'Content-Type' => 'text/plain',
},
created_by_id: 1,
)
article2 = create(:ticket_article, ticket_id: ticket1.id)
authenticated_as(agent_user)
get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store1.id}", params: {}
expect(response).to have_http_status(200)
expect('some content').to eq(@response.body)
authenticated_as(agent_user)
get "/api/v1/ticket_attachment/#{ticket1.id}/#{article2.id}/#{store1.id}", params: {}
expect(response).to have_http_status(401)
expect(@response.body).to match(/401: Unauthorized/)
ticket2 = create(:ticket)
ticket1.merge_to(
ticket_id: ticket2.id,
user_id: 1,
)
authenticated_as(agent_user)
get "/api/v1/ticket_attachment/#{ticket2.id}/#{article1.id}/#{store1.id}", params: {}
expect(response).to have_http_status(200)
expect('some content').to eq(@response.body)
authenticated_as(agent_user)
get "/api/v1/ticket_attachment/#{ticket2.id}/#{article2.id}/#{store1.id}", params: {}
expect(response).to have_http_status(401)
expect(@response.body).to match(/401: Unauthorized/)
# allow access via merged ticket id also
authenticated_as(agent_user)
get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store1.id}", params: {}
expect(response).to have_http_status(200)
expect('some content').to eq(@response.body)
authenticated_as(agent_user)
get "/api/v1/ticket_attachment/#{ticket1.id}/#{article2.id}/#{store1.id}", params: {}
expect(response).to have_http_status(401)
expect(@response.body).to match(/401: Unauthorized/)
end
it 'does test attachments for split' do
email_file_path = Rails.root.join('test', 'data', 'mail', 'mail024.box')
email_raw_string = File.read(email_file_path)
ticket_p, article_p, user_p = Channel::EmailParser.new.process({}, email_raw_string)
authenticated_as(agent_user)
get '/api/v1/ticket_split', params: { form_id: '1234-2', ticket_id: ticket_p.id, article_id: article_p.id }, as: :json
expect(response).to have_http_status(200)
expect(json_response['assets']).to be_truthy
expect(json_response['attachments']).to be_a_kind_of(Array)
expect(json_response['attachments'].count).to eq(1)
expect(json_response['attachments'][0]['filename']).to eq('rulesets-report.csv')
end
it 'does test attachments for forward' do
email_file_path = Rails.root.join('test', 'data', 'mail', 'mail008.box')
email_raw_string = File.read(email_file_path)
ticket_p, article_p, user_p = Channel::EmailParser.new.process({}, email_raw_string)
authenticated_as(agent_user)
post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: {}, as: :json
expect(response).to have_http_status(422)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('Need form_id to attach attachments to new form.')
post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-1' }, as: :json
expect(response).to have_http_status(200)
expect(json_response['attachments']).to be_a_kind_of(Array)
expect(json_response['attachments']).to be_blank
email_file_path = Rails.root.join('test', 'data', 'mail', 'mail024.box')
email_raw_string = File.read(email_file_path)
ticket_p, article_p, user_p = Channel::EmailParser.new.process({}, email_raw_string)
post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-2' }, as: :json
expect(response).to have_http_status(200)
expect(json_response['attachments']).to be_a_kind_of(Array)
expect(json_response['attachments'].count).to eq(1)
expect(json_response['attachments'][0]['filename']).to eq('rulesets-report.csv')
post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-2' }, as: :json
expect(response).to have_http_status(200)
expect(json_response['attachments']).to be_a_kind_of(Array)
expect(json_response['attachments']).to be_blank
end
end
end

475
spec/requests/ticket/article_spec.rb Normal file
View file

@ -0,0 +1,475 @@
require 'rails_helper'
RSpec.describe 'Ticket Article', type: :request do
let(:admin_user) do
create(:admin_user)
end
let(:agent_user) do
create(:agent_user, groups: Group.all)
end
let(:customer_user) do
create(:customer_user)
end
describe 'request handling' do
it 'does ticket create with agent and articles' do
params = {
title: 'a new ticket #1',
group: 'Users',
customer_id: customer_user.id,
article: {
body: 'some body',
}
}
authenticated_as(agent_user)
post '/api/v1/tickets', params: params, as: :json
expect(response).to have_http_status(201)
params = {
ticket_id: json_response['id'],
content_type: 'text/plain', # or text/html
body: 'some body',
type: 'note',
}
post '/api/v1/ticket_articles', params: params, as: :json
expect(response).to have_http_status(201)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['subject']).to be_nil
expect(json_response['body']).to eq('some body')
expect(json_response['content_type']).to eq('text/plain')
expect(json_response['updated_by_id']).to eq(agent_user.id)
expect(json_response['created_by_id']).to eq(agent_user.id)
ticket = Ticket.find(json_response['ticket_id'])
expect(ticket.articles.count).to eq(2)
expect(ticket.articles[0].attachments.count).to eq(0)
expect(ticket.articles[1].attachments.count).to eq(0)
params = {
ticket_id: json_response['ticket_id'],
content_type: 'text/html', # or text/html
body: 'some body <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUA
AAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO
9TXL0Y4OHwAAAABJRU5ErkJggg==" alt="Red dot" />',
type: 'note',
}
post '/api/v1/ticket_articles', params: params, as: :json
expect(response).to have_http_status(201)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['subject']).to be_nil
expect(json_response['body']).to_not match(/some body <img src="cid:.+?/)
expect(json_response['body']).to match(%r{some body <img src="/api/v1/ticket_attachment/.+?" alt="Red dot"})
expect(json_response['content_type']).to eq('text/html')
expect(json_response['updated_by_id']).to eq(agent_user.id)
expect(json_response['created_by_id']).to eq(agent_user.id)
expect(ticket.articles.count).to eq(3)
expect(ticket.articles[0].attachments.count).to eq(0)
expect(ticket.articles[1].attachments.count).to eq(0)
expect(ticket.articles[2].attachments.count).to eq(1)
expect(ticket.articles[2].attachments[0]['id']).to be_truthy
expect(ticket.articles[2].attachments[0]['filename']).to eq('image1.png')
expect(ticket.articles[2].attachments[0]['size']).to eq('21')
expect(ticket.articles[2].attachments[0]['preferences']['Mime-Type']).to eq('image/png')
expect(ticket.articles[2].attachments[0]['preferences']['Content-Disposition']).to eq('inline')
expect(ticket.articles[2].attachments[0]['preferences']['Content-ID']).to match(/@zammad.example.com/)
params = {
ticket_id: json_response['ticket_id'],
content_type: 'text/html', # or text/html
body: 'some body',
type: 'note',
attachments: [
'filename' => 'some_file.txt',
'data' => 'dGVzdCAxMjM=',
'mime-type' => 'text/plain',
],
}
post '/api/v1/ticket_articles', params: params, as: :json
expect(response).to have_http_status(201)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['subject']).to be_nil
expect(json_response['body']).to eq('some body')
expect(json_response['content_type']).to eq('text/html')
expect(json_response['updated_by_id']).to eq(agent_user.id)
expect(json_response['created_by_id']).to eq(agent_user.id)
expect(ticket.articles.count).to eq(4)
expect(ticket.articles[0].attachments.count).to eq(0)
expect(ticket.articles[1].attachments.count).to eq(0)
expect(ticket.articles[2].attachments.count).to eq(1)
expect(ticket.articles[3].attachments.count).to eq(1)
get "/api/v1/ticket_articles/#{json_response['id']}?expand=true", params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['attachments'].count).to eq(1)
expect(json_response['attachments'][0]['id']).to be_truthy
expect(json_response['attachments'][0]['filename']).to eq('some_file.txt')
expect(json_response['attachments'][0]['size']).to eq('8')
expect(json_response['attachments'][0]['preferences']['Mime-Type']).to eq('text/plain')
params = {
ticket_id: json_response['ticket_id'],
content_type: 'text/plain',
body: 'some body',
type: 'note',
preferences: {
some_key1: 123,
},
}
post '/api/v1/ticket_articles', params: params, as: :json
expect(response).to have_http_status(201)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['subject']).to be_nil
expect(json_response['body']).to eq('some body')
expect(json_response['content_type']).to eq('text/plain')
expect(json_response['updated_by_id']).to eq(agent_user.id)
expect(json_response['created_by_id']).to eq(agent_user.id)
expect(json_response['preferences']['some_key1']).to eq(123)
expect(ticket.articles.count).to eq(5)
params = {
body: 'some body 2',
preferences: {
some_key2: 'abc',
},
}
put "/api/v1/ticket_articles/#{json_response['id']}", params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['subject']).to be_nil
expect(json_response['body']).to eq('some body 2')
expect(json_response['content_type']).to eq('text/plain')
expect(json_response['updated_by_id']).to eq(agent_user.id)
expect(json_response['created_by_id']).to eq(agent_user.id)
expect(json_response['preferences']['some_key1']).to eq(123)
expect(json_response['preferences']['some_key2']).to eq('abc')
end
it 'does ticket create with customer and articles' do
params = {
title: 'a new ticket #2',
group: 'Users',
article: {
body: 'some body',
}
}
authenticated_as(customer_user)
post '/api/v1/tickets', params: params, as: :json
expect(response).to have_http_status(201)
params = {
ticket_id: json_response['id'],
content_type: 'text/plain', # or text/html
body: 'some body',
type: 'note',
}
post '/api/v1/ticket_articles', params: params, as: :json
expect(response).to have_http_status(201)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['subject']).to be_nil
expect(json_response['body']).to eq('some body')
expect(json_response['content_type']).to eq('text/plain')
expect(json_response['updated_by_id']).to eq(customer_user.id)
expect(json_response['created_by_id']).to eq(customer_user.id)
ticket = Ticket.find(json_response['ticket_id'])
expect(ticket.articles.count).to eq(2)
expect(ticket.articles[1].sender.name).to eq('Customer')
expect(ticket.articles[0].attachments.count).to eq(0)
expect(ticket.articles[1].attachments.count).to eq(0)
params = {
ticket_id: json_response['ticket_id'],
content_type: 'text/plain', # or text/html
body: 'some body',
sender: 'Agent',
type: 'note',
}
post '/api/v1/ticket_articles', params: params, as: :json
expect(response).to have_http_status(201)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['subject']).to be_nil
expect(json_response['body']).to eq('some body')
expect(json_response['content_type']).to eq('text/plain')
expect(json_response['updated_by_id']).to eq(customer_user.id)
expect(json_response['created_by_id']).to eq(customer_user.id)
ticket = Ticket.find(json_response['ticket_id'])
expect(ticket.articles.count).to eq(3)
expect(ticket.articles[2].sender.name).to eq('Customer')
expect(ticket.articles[2].internal).to eq(false)
expect(ticket.articles[0].attachments.count).to eq(0)
expect(ticket.articles[1].attachments.count).to eq(0)
expect(ticket.articles[2].attachments.count).to eq(0)
params = {
ticket_id: json_response['ticket_id'],
content_type: 'text/plain', # or text/html
body: 'some body 2',
sender: 'Agent',
type: 'note',
internal: true,
}
post '/api/v1/ticket_articles', params: params, as: :json
expect(response).to have_http_status(201)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['subject']).to be_nil
expect(json_response['body']).to eq('some body 2')
expect(json_response['content_type']).to eq('text/plain')
expect(json_response['updated_by_id']).to eq(customer_user.id)
expect(json_response['created_by_id']).to eq(customer_user.id)
ticket = Ticket.find(json_response['ticket_id'])
expect(ticket.articles.count).to eq(4)
expect(ticket.articles[3].sender.name).to eq('Customer')
expect(ticket.articles[3].internal).to eq(false)
expect(ticket.articles[0].attachments.count).to eq(0)
expect(ticket.articles[1].attachments.count).to eq(0)
expect(ticket.articles[2].attachments.count).to eq(0)
expect(ticket.articles[3].attachments.count).to eq(0)
# add internal article
article = create(
:ticket_article,
ticket_id: ticket.id,
internal: true,
sender: Ticket::Article::Sender.find_by(name: 'Agent'),
type: Ticket::Article::Type.find_by(name: 'note'),
)
expect(ticket.articles.count).to eq(5)
expect(ticket.articles[4].sender.name).to eq('Agent')
expect(ticket.articles[4].updated_by_id).to eq(1)
expect(ticket.articles[4].created_by_id).to eq(1)
expect(ticket.articles[0].attachments.count).to eq(0)
expect(ticket.articles[1].attachments.count).to eq(0)
expect(ticket.articles[2].attachments.count).to eq(0)
expect(ticket.articles[3].attachments.count).to eq(0)
expect(ticket.articles[4].attachments.count).to eq(0)
get "/api/v1/ticket_articles/#{article.id}", params: {}, as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('Not authorized')
put "/api/v1/ticket_articles/#{article.id}", params: { internal: false }, as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('Not authorized')
end
it 'does create phone ticket for customer and expected origin_by_id' do
params = {
title: 'a new ticket #1',
group: 'Users',
customer_id: customer_user.id,
article: {
body: 'some body',
sender: 'Customer',
type: 'phone',
}
}
authenticated_as(agent_user)
post '/api/v1/tickets', params: params, as: :json
expect(response).to have_http_status(201)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['title']).to eq('a new ticket #1')
article = Ticket::Article.find_by(ticket_id: json_response['id'])
expect(article.origin_by_id).to eq(customer_user.id)
expect(article.from).to eq("#{customer_user.firstname} #{customer_user.lastname} <#{customer_user.email}>")
end
it 'does create phone ticket by customer and manipulate origin_by_id' do
params = {
title: 'a new ticket #1',
group: 'Users',
customer_id: customer_user.id,
article: {
body: 'some body',
sender: 'Customer',
type: 'phone',
origin_by_id: 1,
}
}
authenticated_as(customer_user)
post '/api/v1/tickets', params: params, as: :json
expect(response).to have_http_status(201)
expect(json_response).to be_a_kind_of(Hash)
article = Ticket::Article.find_by(ticket_id: json_response['id'])
expect(article.origin_by_id).to eq(customer_user.id)
end
it 'does ticket split with html - check attachments' do
ticket = create(:ticket)
article = create(
:ticket_article,
ticket_id: ticket.id,
type: Ticket::Article::Type.lookup(name: 'note'),
sender: Ticket::Article::Sender.lookup(name: 'Customer'),
body: '<b>test</b> <img src="cid:15.274327094.140938@ZAMMAD.example.com"/> test <img src="cid:15.274327094.140938.3@ZAMMAD.example.com"/>',
content_type: 'text/html',
)
Store.add(
object: 'Ticket::Article',
o_id: article.id,
data: 'content_file1_normally_should_be_an_image',
filename: 'some_file1.jpg',
preferences: {
'Content-Type' => 'image/jpeg',
'Mime-Type' => 'image/jpeg',
'Content-ID' => '15.274327094.140938@zammad.example.com',
'Content-Disposition' => 'inline',
},
created_by_id: 1,
)
Store.add(
object: 'Ticket::Article',
o_id: article.id,
data: 'content_file2_normally_should_be_an_image',
filename: 'some_file2.jpg',
preferences: {
'Content-Type' => 'image/jpeg',
'Mime-Type' => 'image/jpeg',
'Content-ID' => '15.274327094.140938.2@zammad.example.com',
'Content-Disposition' => 'inline',
},
created_by_id: 1,
)
Store.add(
object: 'Ticket::Article',
o_id: article.id,
data: 'content_file3_normally_should_be_an_image',
filename: 'some_file3.jpg',
preferences: {
'Content-Type' => 'image/jpeg',
'Mime-Type' => 'image/jpeg',
'Content-ID' => '15.274327094.140938.3@zammad.example.com',
},
created_by_id: 1,
)
Store.add(
object: 'Ticket::Article',
o_id: article.id,
data: 'content_file4_normally_should_be_an_image',
filename: 'some_file4.jpg',
preferences: {
'Content-Type' => 'image/jpeg',
'Mime-Type' => 'image/jpeg',
'Content-ID' => '15.274327094.140938.4@zammad.example.com',
},
created_by_id: 1,
)
Store.add(
object: 'Ticket::Article',
o_id: article.id,
data: 'content_file1_normally_should_be_an_pdf',
filename: 'Rechnung_RE-2018-200.pdf',
preferences: {
'Content-Type' => 'application/octet-stream; name="Rechnung_RE-2018-200.pdf"',
'Mime-Type' => 'application/octet-stream',
'Content-ID' => '8AB0BEC88984EE4EBEF643C79C8E0346@zammad.example.com',
'Content-Description' => 'Rechnung_RE-2018-200.pdf',
'Content-Disposition' => 'attachment',
},
created_by_id: 1,
)
params = {
form_id: 'new_form_id123',
}
authenticated_as(agent_user)
post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['attachments']).to be_truthy
expect(json_response['attachments'].count).to eq(3)
post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['attachments']).to be_truthy
expect(json_response['attachments'].count).to eq(0)
end
it 'does ticket split with plain - check attachments' do
ticket = create(
:ticket,
updated_by_id: agent_user.id,
created_by_id: agent_user.id,
)
article = create(
:ticket_article,
ticket_id: ticket.id,
type: Ticket::Article::Type.lookup(name: 'note'),
sender: Ticket::Article::Sender.lookup(name: 'Customer'),
body: '<b>test</b> <img src="cid:15.274327094.140938@zammad.example.com"/>',
content_type: 'text/plain',
updated_by_id: 1,
created_by_id: 1,
)
Store.add(
object: 'Ticket::Article',
o_id: article.id,
data: 'content_file1_normally_should_be_an_image',
filename: 'some_file1.jpg',
preferences: {
'Content-Type' => 'image/jpeg',
'Mime-Type' => 'image/jpeg',
'Content-ID' => '15.274327094.140938@zammad.example.com',
'Content-Disposition' => 'inline',
},
created_by_id: 1,
)
Store.add(
object: 'Ticket::Article',
o_id: article.id,
data: 'content_file1_normally_should_be_an_image',
filename: 'some_file2.jpg',
preferences: {
'Content-Type' => 'image/jpeg',
'Mime-Type' => 'image/jpeg',
'Content-ID' => '15.274327094.140938.2@zammad.example.com',
'Content-Disposition' => 'inline',
},
created_by_id: 1,
)
Store.add(
object: 'Ticket::Article',
o_id: article.id,
data: 'content_file1_normally_should_be_an_pdf',
filename: 'Rechnung_RE-2018-200.pdf',
preferences: {
'Content-Type' => 'application/octet-stream; name="Rechnung_RE-2018-200.pdf"',
'Mime-Type' => 'application/octet-stream',
'Content-ID' => '8AB0BEC88984EE4EBEF643C79C8E0346@zammad.example.com',
'Content-Description' => 'Rechnung_RE-2018-200.pdf',
'Content-Disposition' => 'attachment',
},
created_by_id: 1,
)
params = {
form_id: 'new_form_id123',
}
authenticated_as(agent_user)
post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['attachments']).to be_truthy
expect(json_response['attachments'].count).to eq(3)
post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['attachments']).to be_truthy
expect(json_response['attachments'].count).to eq(0)
end
end
end

153
spec/requests/ticket/escalation_spec.rb Normal file
View file

@ -0,0 +1,153 @@
require 'rails_helper'
RSpec.describe 'Ticket Escalation', type: :request do
let!(:agent_user) do
create(:agent_user, groups: Group.all)
end
let!(:customer_user) do
create(:customer_user)
end
let!(:calendar) do
create(
:calendar,
name: 'Escalation Test',
timezone: 'Europe/Berlin',
business_hours: {
mon: {
active: true,
timeframes: [ ['00:00', '23:59'] ]
},
tue: {
active: true,
timeframes: [ ['00:00', '23:59'] ]
},
wed: {
active: true,
timeframes: [ ['00:00', '23:59'] ]
},
thu: {
active: true,
timeframes: [ ['00:00', '23:59'] ]
},
fri: {
active: true,
timeframes: [ ['00:00', '23:59'] ]
},
sat: {
active: true,
timeframes: [ ['00:00', '23:59'] ]
},
sun: {
active: true,
timeframes: [ ['00:00', '23:59'] ]
},
},
default: true,
ical_url: nil,
)
end
let!(:sla) do
create(
:sla,
name: 'test sla 1',
condition: {
'ticket.title' => {
operator: 'contains',
value: 'some value 123',
},
},
first_response_time: 60,
update_time: 180,
solution_time: 240,
calendar: calendar,
)
end
let!(:mail_group) do
create(:group, email_address: create(:email_address) )
end
describe 'request handling' do
it 'does escalate by ticket created via web' do
params = {
title: 'some value 123',
group: mail_group.name,
article: {
body: 'some test 123',
},
}
authenticated_as(customer_user)
post '/api/v1/tickets', params: params, as: :json
expect(response).to have_http_status(201)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id)
expect(json_response['title']).to eq('some value 123')
expect(json_response['updated_by_id']).to eq(customer_user.id)
expect(json_response['created_by_id']).to eq(customer_user.id)
ticket_p = Ticket.find(json_response['id'])
expect(json_response['escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['escalation_at'].iso8601)
expect(json_response['first_response_escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['first_response_escalation_at'].iso8601)
expect(json_response['update_escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['update_escalation_at'].iso8601)
expect(json_response['close_escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['close_escalation_at'].iso8601)
expect(ticket_p.escalation_at).to be_truthy
expect(ticket_p.first_response_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 1.hour).to_i)
expect(ticket_p.update_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 3.hours).to_i)
expect(ticket_p.close_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 4.hours).to_i)
expect(ticket_p.escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 1.hour).to_i)
end
it 'does escalate by ticket got created via email - reply by agent via web' do
email = "From: Bob Smith <customer@example.com>
To: #{mail_group.email_address.email}
Subject: some value 123
Some Text"
ticket_p, article_p, user_p, mail = Channel::EmailParser.new.process({}, email)
ticket_p.reload
expect(ticket_p.escalation_at).to be_truthy
expect(ticket_p.first_response_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 1.hour).to_i)
expect(ticket_p.update_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 3.hours).to_i)
expect(ticket_p.close_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 4.hours).to_i)
expect(ticket_p.escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 1.hour).to_i)
travel 3.hours
params = {
title: 'some value 123 - update',
article: {
body: 'some test 123',
type: 'email',
to: 'customer@example.com',
},
}
authenticated_as(agent_user)
put "/api/v1/tickets/#{ticket_p.id}", params: params, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'open').id)
expect(json_response['title']).to eq('some value 123 - update')
expect(json_response['updated_by_id']).to eq(agent_user.id)
expect(json_response['created_by_id']).to eq(user_p.id)
ticket_p.reload
expect(json_response['escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['escalation_at'].iso8601)
expect(json_response['first_response_escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['first_response_escalation_at'].iso8601)
expect(json_response['update_escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['update_escalation_at'].iso8601)
expect(json_response['close_escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['close_escalation_at'].iso8601)
expect(ticket_p.first_response_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 1.hour).to_i)
expect(ticket_p.update_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.last_contact_agent_at + 3.hours).to_i)
expect(ticket_p.close_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 4.hours).to_i)
expect(ticket_p.escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 4.hours).to_i)
end
end
end

2082
spec/requests/ticket_spec.rb Normal file
View file

File diff suppressed because it is too large Load diff

36
spec/requests/time_accounting_spec.rb Normal file
View file

@ -0,0 +1,36 @@
require 'rails_helper'
RSpec.describe 'Time Accounting', type: :request do
let(:admin_user) do
create(:admin_user)
end
let(:customer_user) do
create(:customer_user)
end
let(:year) do
DateTime.now.utc.year
end
let(:month) do
DateTime.now.utc.month
end
describe 'request handling' do
it 'does time account report' do
group = create(:group)
ticket = create(:ticket, state: Ticket::State.lookup(name: 'open'), customer: customer_user )
article = create(:ticket_article, ticket_id: ticket.id, type: Ticket::Article::Type.lookup(name: 'note') )
create(:ticket_time_accounting, ticket_id: ticket.id, ticket_article_id: article.id)
authenticated_as(admin_user)
get "/api/v1/time_accounting/log/by_ticket/#{year}/#{month}?download=true", params: {}
expect(response).to have_http_status(200)
expect(response['Content-Disposition']).to be_truthy
expect(response['Content-Disposition']).to eq("attachment; filename=\"by_ticket-#{year}-#{month}.xls\"")
expect(response['Content-Type']).to eq('application/vnd.ms-excel')
end
end
end

160
spec/requests/user/organization_spec.rb Normal file
View file

@ -0,0 +1,160 @@
require 'rails_helper'
RSpec.describe 'User Organization', type: :request, searchindex: true do
let!(:admin_user) do
create(:admin_user, groups: Group.all)
end
let!(:agent_user) do
create(:agent_user, groups: Group.all)
end
let!(:customer_user) do
create(:customer_user)
end
let!(:organization) do
create(:organization, name: 'Rest Org', note: 'Rest Org A')
end
let!(:organization2) do
create(:organization, name: 'Rest Org #2', note: 'Rest Org B')
end
let!(:organization3) do
create(:organization, name: 'Rest Org #3', note: 'Rest Org C')
end
let!(:customer_user2) do
create(:customer_user, organization: organization)
end
before(:each) do
configure_elasticsearch do
travel 1.minute
rebuild_searchindex
# execute background jobs
Scheduler.worker(true)
sleep 6
end
end
describe 'request handling' do
it 'does organization index with agent' do
authenticated_as(agent_user)
get '/api/v1/organizations', params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response[0]['member_ids']).to be_a_kind_of(Array)
expect(json_response.length >= 3).to be_truthy
get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response.class).to eq(Array)
organizations = Organization.order(:id).limit(2)
expect(json_response[0]['id']).to eq(organizations[0].id)
expect(json_response[0]['member_ids']).to eq(organizations[0].member_ids)
expect(json_response[1]['id']).to eq(organizations[1].id)
expect(json_response[1]['member_ids']).to eq(organizations[1].member_ids)
expect(json_response.count).to eq(2)
get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response.class).to eq(Array)
organizations = Organization.order(:id).limit(4)
expect(json_response[0]['id']).to eq(organizations[2].id)
expect(json_response[0]['member_ids']).to eq(organizations[2].member_ids)
expect(json_response[1]['id']).to eq(organizations[3].id)
expect(json_response[1]['member_ids']).to eq(organizations[3].member_ids)
expect(json_response.count).to eq(2)
# show/:id
get "/api/v1/organizations/#{organization.id}", params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['member_ids']).to be_a_kind_of(Array)
expect(json_response['members']).to be_falsey
expect('Rest Org').to eq(json_response['name'])
get "/api/v1/organizations/#{organization2.id}", params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['member_ids']).to be_a_kind_of(Array)
expect(json_response['members']).to be_falsey
expect('Rest Org #2').to eq(json_response['name'])
# search as agent
Scheduler.worker(true)
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response.class).to eq(Array)
expect(json_response[0]['name']).to eq('Zammad Foundation')
expect(json_response[0]['member_ids']).to be_truthy
expect(json_response[0]['members']).to be_falsey
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response.class).to eq(Array)
expect(json_response[0]['name']).to eq('Zammad Foundation')
expect(json_response[0]['member_ids']).to be_truthy
expect(json_response[0]['members']).to be_truthy
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response.class).to eq(Array)
expect(json_response[0]['label']).to eq('Zammad Foundation')
expect(json_response[0]['value']).to eq('Zammad Foundation')
expect(json_response[0]['member_ids']).to be_falsey
expect(json_response[0]['members']).to be_falsey
end
it 'does organization index with customer1' do
authenticated_as(customer_user)
get '/api/v1/organizations', params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response.length).to eq(0)
# show/:id
get "/api/v1/organizations/#{organization.id}", params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['name']).to be_nil
get "/api/v1/organizations/#{organization2.id}", params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['name']).to be_nil
# search
Scheduler.worker(true)
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, as: :json
expect(response).to have_http_status(401)
end
it 'does organization index with customer2' do
authenticated_as(customer_user2)
get '/api/v1/organizations', params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response.length).to eq(1)
# show/:id
get "/api/v1/organizations/#{organization.id}", params: {}, as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect('Rest Org').to eq(json_response['name'])
get "/api/v1/organizations/#{organization2.id}", params: {}, as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['name']).to be_nil
# search
Scheduler.worker(true)
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, as: :json
expect(response).to have_http_status(401)
end
end
end

676
spec/requests/user/permission_spec.rb Normal file
View file

@ -0,0 +1,676 @@
require 'rails_helper'
RSpec.describe 'User endpoint', type: :request do
let(:role_with_admin_user_permissions) do
create(:role).tap do |role|
role.permission_grant('admin.user')
end
end
let(:admin_with_admin_user_permissions) { create(:user, roles: [role_with_admin_user_permissions]) }
let(:role_without_admin_user_permissions) do
create(:role).tap do |role|
role.permission_grant('admin.tag')
end
end
let(:admin_without_admin_user_permissions) { create(:user, roles: [role_without_admin_user_permissions]) }
describe 'User creation' do
let(:attributes) { attributes_params_for(:user) }
it 'responds unauthorized for customer' do
requester = create(:customer_user)
authenticated_as(requester)
expect do
post api_v1_users_path, params: attributes
end.to not_change {
User.count
}
expect(response).to have_http_status(:unauthorized)
end
context 'privileged attributes' do
context 'group assignment' do
# group access assignment is in general only valid for agents
# see HasGroups.groups_access_permission?
let(:agent_attributes) do
attributes.merge(
roles: Role.where(name: 'Agent').map(&:name),
)
end
shared_examples 'group assignment' do |map_method_id|
it 'responds success for admin.user' do
authenticated_as(admin_with_admin_user_permissions)
expect do
post api_v1_users_path, params: payload
end.to change {
User.count
}.by(1)
expect(response).to have_http_status(:success)
expect(User.last.send(map_method_id)).to eq(send(map_method_id))
end
it 'responds unauthorized for sub admin without admin.user' do
authenticated_as(admin_without_admin_user_permissions)
expect do
post api_v1_users_path, params: payload
end.to not_change {
User.count
}
expect(response).to have_http_status(:unauthorized)
end
it 'responds successful for agent but removes assignment' do
requester = create(:agent_user)
authenticated_as(requester)
expect do
post api_v1_users_path, params: payload
end.to change {
User.count
}.by(1)
expect(response).to have_http_status(:success)
expect(User.last.send(map_method_id)).to be_blank
end
end
context 'parameter groups' do
let(:group_names_access_map) do
Group.all.map { |g| [g.name, ['full']] }.to_h
end
let(:payload) do
agent_attributes.merge(
groups: group_names_access_map,
)
end
it_behaves_like 'group assignment', :group_names_access_map
end
context 'parameter group_ids' do
let(:group_ids_access_map) do
Group.all.map { |g| [g.id, ['full']] }.to_h
end
let(:payload) do
agent_attributes.merge(
group_ids: group_ids_access_map,
)
end
it_behaves_like 'group assignment', :group_ids_access_map
end
end
context 'role assignment' do
shared_examples 'role assignment' do
let(:privileged) { Role.where(name: 'Admin') }
it 'responds success for admin.user' do
authenticated_as(admin_with_admin_user_permissions)
expect do
post api_v1_users_path, params: payload
end.to change {
User.count
}.by(1)
expect(response).to have_http_status(:success)
expect(User.last.roles).to eq(privileged)
end
it 'responds unauthorized for sub admin without admin.user' do
authenticated_as(admin_without_admin_user_permissions)
expect do
post api_v1_users_path, params: payload
end.to not_change {
User.count
}
expect(response).to have_http_status(:unauthorized)
end
it 'responds successful for agent but removes assignment' do
requester = create(:agent_user)
authenticated_as(requester)
expect do
post api_v1_users_path, params: payload
end.to change {
User.count
}.by(1)
expect(response).to have_http_status(:success)
expect(User.last.roles).to eq(Role.signup_roles)
end
end
context 'parameter roles' do
let(:payload) do
attributes.merge(
roles: privileged.map(&:name),
)
end
it_behaves_like 'role assignment'
end
context 'parameter role_ids' do
let(:payload) do
attributes.merge(
role_ids: privileged.map(&:id),
)
end
it_behaves_like 'role assignment'
end
end
end
end
describe 'User update' do
def authorized_update_request(requester:, requested:)
authenticated_as(requester)
expect do
put api_v1_update_user_path(requested), params: cleaned_params_for(requested).merge(firstname: 'Changed')
end.to change {
requested.reload.firstname
}
expect(response).to have_http_status(:success)
end
def unauthorized_update_request(requester:, requested:)
authenticated_as(requester)
expect do
put api_v1_update_user_path(requested), params: cleaned_params_for(requested).merge(firstname: 'Changed')
end.to not_change {
requested.reload.attributes
}
expect(response).to have_http_status(:unauthorized)
end
context 'request by admin.user' do
let(:requester) { admin_with_admin_user_permissions }
it 'is successful for same admin' do
authorized_update_request(
requester: requester,
requested: requester,
)
end
it 'is successful for other admin' do
authorized_update_request(
requester: requester,
requested: create(:admin_user),
)
end
it 'is successful for agent' do
authorized_update_request(
requester: requester,
requested: create(:agent_user),
)
end
it 'is successful for customer' do
authorized_update_request(
requester: requester,
requested: create(:customer_user),
)
end
end
context 'request by sub admin without admin.user' do
let(:requester) { admin_without_admin_user_permissions }
it 'is unauthorized for same admin' do
unauthorized_update_request(
requester: requester,
requested: requester,
)
end
it 'is unauthorized for other admin' do
unauthorized_update_request(
requester: requester,
requested: create(:admin_user),
)
end
it 'is unauthorized for agent' do
unauthorized_update_request(
requester: requester,
requested: create(:agent_user),
)
end
it 'is unauthorized for customer' do
unauthorized_update_request(
requester: requester,
requested: create(:customer_user),
)
end
end
context 'request by agent' do
let(:requester) { create(:agent_user) }
it 'is unauthorized for admin' do
unauthorized_update_request(
requester: requester,
requested: create(:admin_user),
)
end
it 'is unauthorized same agent' do
unauthorized_update_request(
requester: requester,
requested: requester,
)
end
it 'is unauthorized for other agent' do
unauthorized_update_request(
requester: requester,
requested: create(:agent_user),
)
end
it 'is successful for customer' do
authorized_update_request(
requester: requester,
requested: create(:customer_user),
)
end
end
context 'request by customer' do
let(:requester) { create(:customer_user) }
it 'is unauthorized for admin' do
unauthorized_update_request(
requester: requester,
requested: create(:admin_user),
)
end
it 'is unauthorized for agent' do
unauthorized_update_request(
requester: requester,
requested: create(:agent_user),
)
end
it 'is unauthorized for same customer' do
unauthorized_update_request(
requester: requester,
requested: requester,
)
end
it 'is unauthorized for other customer' do
unauthorized_update_request(
requester: requester,
requested: create(:customer_user),
)
end
it 'is unauthorized for same organization' do
same_organization = create(:organization)
requester.update!(organization: same_organization)
unauthorized_update_request(
requester: requester,
requested: create(:customer_user, organization: same_organization),
)
end
end
context 'privileged attributes' do
let(:requested) { create(:user) }
let(:attribute) { privileged.keys.first }
let(:payload) { cleaned_params_for(requested).merge(privileged) }
def value_of_attribute
# we need to call .to_a otherwise Rails will load the
# ActiveRecord::Associations::CollectionProxy
# on comparsion which is to late
requested.reload.public_send(attribute).to_a
end
shared_examples 'admin types requests' do
it 'responds success for admin.user' do
authenticated_as(admin_with_admin_user_permissions)
expect do
put api_v1_update_user_path(requested), params: payload
end.to change {
value_of_attribute
}
expect(response).to have_http_status(:success)
end
it 'responds unauthorized for sub admin without admin.user' do
authenticated_as(admin_without_admin_user_permissions)
expect do
put api_v1_update_user_path(requested), params: payload
end.to not_change {
value_of_attribute
}
expect(response).to have_http_status(:unauthorized)
end
end
shared_examples 'permitted agent update' do
it 'responds successful for agent but removes assignment' do
requester = create(:agent_user)
authenticated_as(requester)
expect do
put api_v1_update_user_path(requested), params: payload
end.to change {
value_of_attribute
}
expect(response).to have_http_status(:success)
end
end
shared_examples 'forbidden agent update' do
it 'responds successful for agent but removes assignment' do
requester = create(:agent_user)
authenticated_as(requester)
expect do
put api_v1_update_user_path(requested), params: payload
end.to not_change {
value_of_attribute
}
expect(response).to have_http_status(:success)
end
end
context 'group assignment' do
context 'parameter groups' do
let(:privileged) do
{
groups: Group.all.map { |g| [g.name, ['full']] }.to_h
}
end
it_behaves_like 'admin types requests'
it_behaves_like 'forbidden agent update'
end
context 'parameter group_ids' do
let(:privileged) do
{
group_ids: Group.all.map { |g| [g.id, ['full']] }.to_h
}
end
it_behaves_like 'admin types requests'
it_behaves_like 'forbidden agent update'
end
end
context 'role assignment' do
let(:admin_role) { Role.where(name: 'Admin') }
context 'parameter roles' do
let(:privileged) do
{
roles: admin_role.map(&:name),
}
end
it_behaves_like 'admin types requests'
it_behaves_like 'forbidden agent update'
end
context 'parameter role_ids' do
let(:privileged) do
{
role_ids: admin_role.map(&:id),
}
end
it_behaves_like 'admin types requests'
it_behaves_like 'forbidden agent update'
end
end
context 'organization assignment' do
let(:new_organizations) { create_list(:organization, 2) }
context 'parameter organizations' do
let(:privileged) do
{
organizations: new_organizations.map(&:name),
}
end
it_behaves_like 'admin types requests'
it_behaves_like 'permitted agent update'
end
context 'parameter organization_ids' do
let(:privileged) do
{
organization_ids: new_organizations.map(&:id),
}
end
it_behaves_like 'admin types requests'
it_behaves_like 'permitted agent update'
end
end
end
end
describe 'User deletion' do
def authorized_destroy_request(requester:, requested:)
authenticated_as(requester)
delete api_v1_delete_user_path(requested)
expect(response).to have_http_status(:success)
expect(requested).not_to exist_in_database
end
def unauthorized_destroy_request(requester:, requested:)
authenticated_as(requester)
delete api_v1_delete_user_path(requested)
expect(response).to have_http_status(:unauthorized)
expect(requested).to exist_in_database
end
context 'request by admin.user' do
let(:requester) { admin_with_admin_user_permissions }
it 'is successful for same admin' do
authorized_destroy_request(
requester: requester,
requested: requester,
)
end
it 'is successful for other admin' do
authorized_destroy_request(
requester: requester,
requested: create(:admin_user),
)
end
it 'is successful for agent' do
authorized_destroy_request(
requester: requester,
requested: create(:agent_user),
)
end
it 'is successful for customer' do
authorized_destroy_request(
requester: requester,
requested: create(:customer_user),
)
end
end
context 'request by sub admin without admin.user' do
let(:requester) { admin_without_admin_user_permissions }
it 'is unauthorized for same admin' do
unauthorized_destroy_request(
requester: requester,
requested: requester,
)
end
it 'is unauthorized for other admin' do
unauthorized_destroy_request(
requester: requester,
requested: create(:admin_user),
)
end
it 'is unauthorized for agent' do
unauthorized_destroy_request(
requester: requester,
requested: create(:agent_user),
)
end
it 'is unauthorized for customer' do
unauthorized_destroy_request(
requester: requester,
requested: create(:customer_user),
)
end
end
context 'request by agent' do
let(:requester) { create(:agent_user) }
it 'is unauthorized for admin' do
unauthorized_destroy_request(
requester: requester,
requested: create(:admin_user),
)
end
it 'is unauthorized same agent' do
unauthorized_destroy_request(
requester: requester,
requested: requester,
)
end
it 'is unauthorized for other agent' do
unauthorized_destroy_request(
requester: requester,
requested: create(:agent_user),
)
end
it 'is unauthorized for customer' do
unauthorized_destroy_request(
requester: requester,
requested: create(:customer_user),
)
end
end
context 'request by customer' do
let(:requester) { create(:customer_user) }
it 'is unauthorized for admin' do
unauthorized_destroy_request(
requester: requester,
requested: create(:admin_user),
)
end
it 'is unauthorized for agent' do
unauthorized_destroy_request(
requester: requester,
requested: create(:agent_user),
)
end
it 'is unauthorized for same customer' do
unauthorized_destroy_request(
requester: requester,
requested: requester,
)
end
it 'is unauthorized for other customer' do
unauthorized_destroy_request(
requester: requester,
requested: create(:customer_user),
)
end
it 'is unauthorized for same organization' do
same_organization = create(:organization)
requester.update!(organization: same_organization)
unauthorized_destroy_request(
requester: requester,
requested: create(:customer_user, organization: same_organization),
)
end
end
end
end

1607
spec/requests/user_spec.rb
View file

File diff suppressed because it is too large Load diff

36
spec/support/request.rb
View file

@ -51,16 +51,38 @@ module ZammadSpecSupportRequest
# @example # @example
# authenticated_as(some_admin_user) # authenticated_as(some_admin_user)
# #
# @example
# authenticated_as(some_admin_user, on_behalf_of: customer_user)
#
# @example
# authenticated_as(some_admin_user, password: 'wrongpw')
#
# @example
# authenticated_as(some_admin_user, password: 'wrongpw', token: create(:token, action: 'api', user_id: some_admin_user.id) )
#
# @example
# authenticated_as(nil, login: 'not_existing', password: 'wrongpw' )
#
# @return nil # @return nil
def authenticated_as(user) def authenticated_as(user, login: nil, password: nil, token: nil, on_behalf_of: nil)
password ||= user.password
login ||= user.login
# mock authentication otherwise login won't # mock authentication otherwise login won't
# if user has no password (which is expensive to create) # if user has no password (which is expensive to create)
if user.password.nil? if password.nil?
allow(User).to receive(:authenticate).with(user.login, '').and_return(user) allow(User).to receive(:authenticate).with(login, '').and_return(user)
end end
credentials = ActionController::HttpAuthentication::Basic.encode_credentials(user.login, user.password) # if we want to authenticate by token
add_headers('Authorization' => credentials) if token.present?
credentials = "Token token=#{token.name}"
return add_headers('Authorization' => credentials)
end
credentials = ActionController::HttpAuthentication::Basic.encode_credentials(login, password)
add_headers('Authorization' => credentials, 'X-On-Behalf-Of' => on_behalf_of)
end end
# Provides a Hash of attributes for the given FactoryBot # Provides a Hash of attributes for the given FactoryBot
@ -106,4 +128,8 @@ end
RSpec.configure do |config| RSpec.configure do |config|
config.include ZammadSpecSupportRequest, type: :request config.include ZammadSpecSupportRequest, type: :request
config.before(:each, type: :request) do
Setting.set('system_init_done', true)
end
end end

56
spec/support/searchindex_backend.rb Normal file
View file

@ -0,0 +1,56 @@
require 'rake'
module SearchindexBackendHelper
def configure_elasticsearch(required: false)
if ENV['ES_URL'].blank?
return if !required
raise "ERROR: Need ES_URL - hint ES_URL='http://127.0.0.1:9200'"
end
Setting.set('es_url', ENV['ES_URL'])
# Setting.set('es_url', 'http://127.0.0.1:9200')
# Setting.set('es_index', 'estest.local_zammad')
# Setting.set('es_user', 'elasticsearch')
# Setting.set('es_password', 'zammad')
if ENV['ES_INDEX_RAND'].present?
rand_id = ENV.fetch('CI_JOB_ID', "r#{rand(999)}")
test_method_name = subject.gsub(/[^\w]/, '_')
ENV['ES_INDEX'] = "es_index_#{test_method_name}_#{rand_id}_#{rand(999_999_999)}"
end
if ENV['ES_INDEX'].blank?
raise "ERROR: Need ES_INDEX - hint ES_INDEX='estest.local_zammad'"
end
Setting.set('es_index', ENV['ES_INDEX'])
# set max attachment size in mb
Setting.set('es_attachment_max_size_in_mb', 1)
yield if block_given?
end
def rebuild_searchindex
Rake::Task.clear
Zammad::Application.load_tasks
Rake::Task['searchindex:rebuild'].execute
end
def self.included(base)
# Execute in RSpec class context
base.class_exec do
after(:each) do
next if ENV['ES_URL'].blank?
Rake::Task['searchindex:drop'].execute
end
end
end
end
RSpec.configure do |config|
config.include SearchindexBackendHelper, searchindex: true
end

443
test/controllers/api_auth_controller_test.rb
View file

@ -1,443 +0,0 @@
require 'test_helper'
class ApiAuthControllerTest < ActionDispatch::IntegrationTest
setup do
# set accept header
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
# create agent
roles = Role.where(name: %w[Admin Agent])
groups = Group.all
UserInfo.current_user_id = 1
@admin = User.create!(
login: 'api-admin',
firstname: 'API',
lastname: 'Admin',
email: 'api-admin@example.com',
password: 'adminpw',
active: true,
roles: roles,
groups: groups,
)
# create agent
roles = Role.where(name: 'Agent')
@agent = User.create!(
login: 'api-agent@example.com',
firstname: 'API',
lastname: 'Agent',
email: 'api-agent@example.com',
password: 'agentpw',
active: true,
roles: roles,
groups: groups,
)
# create customer without org
roles = Role.where(name: 'Customer')
@customer = User.create!(
login: 'api-customer1@example.com',
firstname: 'API',
lastname: 'Customer1',
email: 'api-customer1@example.com',
password: 'customer1pw',
active: true,
roles: roles,
)
end
test 'basic auth - admin' do
admin_credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-admin@example.com', 'adminpw')
Setting.set('api_password_access', false)
get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
assert_response(401)
assert_not(@response.header.key?('Access-Control-Allow-Origin'))
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('API password access disabled!', result['error'])
Setting.set('api_password_access', true)
get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
assert_response(200)
assert_equal('*', @response.header['Access-Control-Allow-Origin'])
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
end
test 'basic auth - agent' do
agent_credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-agent@example.com', 'agentpw')
Setting.set('api_password_access', false)
get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => agent_credentials)
assert_response(401)
assert_not(@response.header.key?('Access-Control-Allow-Origin'))
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('API password access disabled!', result['error'])
Setting.set('api_password_access', true)
get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => agent_credentials)
assert_response(200)
assert_equal('*', @response.header['Access-Control-Allow-Origin'])
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert(result)
end
test 'basic auth - customer' do
customer_credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-customer1@example.com', 'customer1pw')
Setting.set('api_password_access', false)
get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => customer_credentials)
assert_response(401)
assert_not(@response.header.key?('Access-Control-Allow-Origin'))
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('API password access disabled!', result['error'])
Setting.set('api_password_access', true)
get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => customer_credentials)
assert_response(200)
assert_equal('*', @response.header['Access-Control-Allow-Origin'])
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert(result)
end
test 'token auth - admin' do
admin_token = Token.create(
action: 'api',
persistent: true,
user_id: @admin.id,
preferences: {
permission: ['admin.session'],
},
)
admin_credentials = "Token token=#{admin_token.name}"
Setting.set('api_token_access', false)
get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
assert_response(401)
assert_not(@response.header.key?('Access-Control-Allow-Origin'))
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('API token access disabled!', result['error'])
Setting.set('api_token_access', true)
get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
assert_response(200)
assert_equal('*', @response.header['Access-Control-Allow-Origin'])
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
admin_token.preferences[:permission] = ['admin.session_not_existing']
admin_token.save!
get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('Not authorized (token)!', result['error'])
admin_token.preferences[:permission] = []
admin_token.save!
get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('Not authorized (token)!', result['error'])
@admin.active = false
@admin.save!
get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('User is inactive!', result['error'])
admin_token.preferences[:permission] = ['admin.session']
admin_token.save!
get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('User is inactive!', result['error'])
@admin.active = true
@admin.save!
get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
get '/api/v1/roles', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('Not authorized (token)!', result['error'])
admin_token.preferences[:permission] = ['admin.session_not_existing', 'admin.role']
admin_token.save!
get '/api/v1/roles', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert(result)
admin_token.preferences[:permission] = ['ticket.agent']
admin_token.save!
get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert(result)
name = "some org name #{rand(999_999_999)}"
post '/api/v1/organizations', params: { name: name }.to_json, headers: @headers.merge('Authorization' => admin_credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(name, result['name'])
assert(result)
name = "some org name #{rand(999_999_999)} - 2"
put "/api/v1/organizations/#{result['id']}", params: { name: name }.to_json, headers: @headers.merge('Authorization' => admin_credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(name, result['name'])
assert(result)
admin_token.preferences[:permission] = ['admin.organization']
admin_token.save!
get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert(result)
name = "some org name #{rand(999_999_999)}"
post '/api/v1/organizations', params: { name: name }.to_json, headers: @headers.merge('Authorization' => admin_credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(name, result['name'])
assert(result)
name = "some org name #{rand(999_999_999)} - 2"
put "/api/v1/organizations/#{result['id']}", params: { name: name }.to_json, headers: @headers.merge('Authorization' => admin_credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(name, result['name'])
assert(result)
admin_token.preferences[:permission] = ['admin']
admin_token.save!
get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert(result)
name = "some org name #{rand(999_999_999)}"
post '/api/v1/organizations', params: { name: name }.to_json, headers: @headers.merge('Authorization' => admin_credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(name, result['name'])
assert(result)
name = "some org name #{rand(999_999_999)} - 2"
put "/api/v1/organizations/#{result['id']}", params: { name: name }.to_json, headers: @headers.merge('Authorization' => admin_credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(name, result['name'])
assert(result)
end
test 'token auth - agent' do
agent_token = Token.create(
action: 'api',
persistent: true,
user_id: @agent.id,
)
agent_credentials = "Token token=#{agent_token.name}"
Setting.set('api_token_access', false)
get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => agent_credentials)
assert_response(401)
assert_not(@response.header.key?('Access-Control-Allow-Origin'))
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('API token access disabled!', result['error'])
Setting.set('api_token_access', true)
get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => agent_credentials)
assert_response(200)
assert_equal('*', @response.header['Access-Control-Allow-Origin'])
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert(result)
get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => agent_credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert(result)
name = "some org name #{rand(999_999_999)}"
post '/api/v1/organizations', params: { name: name }.to_json, headers: @headers.merge('Authorization' => agent_credentials)
assert_response(401)
end
test 'token auth - customer' do
customer_token = Token.create(
action: 'api',
persistent: true,
user_id: @customer.id,
)
customer_credentials = "Token token=#{customer_token.name}"
Setting.set('api_token_access', false)
get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => customer_credentials)
assert_response(401)
assert_not(@response.header.key?('Access-Control-Allow-Origin'))
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('API token access disabled!', result['error'])
Setting.set('api_token_access', true)
get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => customer_credentials)
assert_equal('*', @response.header['Access-Control-Allow-Origin'])
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert(result)
get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => customer_credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert(result)
name = "some org name #{rand(999_999_999)}"
post '/api/v1/organizations', params: { name: name }.to_json, headers: @headers.merge('Authorization' => customer_credentials)
assert_response(401)
end
test 'token auth - invalid user - admin' do
admin_token = Token.create(
action: 'api',
persistent: true,
user_id: @admin.id,
)
admin_credentials = "Token token=#{admin_token.name}"
@admin.active = false
@admin.save!
Setting.set('api_token_access', false)
get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
assert_response(401)
assert_not(@response.header.key?('Access-Control-Allow-Origin'))
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('API token access disabled!', result['error'])
Setting.set('api_token_access', true)
get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
assert_response(401)
assert_not(@response.header.key?('Access-Control-Allow-Origin'))
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('User is inactive!', result['error'])
end
test 'token auth - expired' do
Setting.set('api_token_access', true)
admin_token = Token.create(
action: 'api',
persistent: true,
user_id: @admin.id,
expires_at: Time.zone.today
)
admin_credentials = "Token token=#{admin_token.name}"
get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
assert_response(401)
assert_not(@response.header.key?('Access-Control-Allow-Origin'))
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('Not authorized (token expired)!', result['error'])
admin_token.reload
assert_in_delta(admin_token.last_used_at, Time.zone.now, 1.second)
end
test 'token auth - not expired' do
Setting.set('api_token_access', true)
admin_token = Token.create(
action: 'api',
persistent: true,
user_id: @admin.id,
expires_at: Time.zone.tomorrow
)
admin_credentials = "Token token=#{admin_token.name}"
get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
assert_response(200)
assert_equal('*', @response.header['Access-Control-Allow-Origin'])
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert(result)
admin_token.reload
assert_in_delta(admin_token.last_used_at, Time.zone.now, 1.second)
end
test 'session auth - admin' do
post '/api/v1/signin', params: { username: 'api-admin@example.com', password: 'adminpw', fingerprint: '123456789' }
assert_not(@response.header.key?('Access-Control-Allow-Origin'))
assert_response(201)
get '/api/v1/sessions', params: {}
assert_response(200)
assert_not(@response.header.key?('Access-Control-Allow-Origin'))
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
end
end

231
test/controllers/api_auth_on_behalf_of_controller_test.rb
View file

@ -1,231 +0,0 @@
require 'test_helper'
class ApiAuthControllerTest < ActionDispatch::IntegrationTest
setup do
# set accept header
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
# create agent
roles = Role.where(name: %w[Admin Agent])
groups = Group.all
UserInfo.current_user_id = 1
@admin = User.create!(
login: 'api-admin-auth-behalf',
firstname: 'API',
lastname: 'Admin',
email: 'api-admin-auth-behalf@example.com',
password: 'adminpw',
active: true,
roles: roles,
groups: groups,
)
# create customer without org
roles = Role.where(name: 'Customer')
@customer = User.create!(
login: 'api-customer1-auth-behalf@example.com',
firstname: 'API',
lastname: 'Customer1',
email: 'api-customer1-auth-behalf@example.com',
password: 'customer1pw',
active: true,
roles: roles,
)
end
test 'X-On-Behalf-Of auth - ticket create admin for customer by id' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-admin-auth-behalf@example.com', 'adminpw')
ticket_create_headers = @headers.merge(
'Authorization' => credentials,
'X-On-Behalf-Of' => @customer.id,
)
params = {
title: 'a new ticket #3',
group: 'Users',
priority: '2 normal',
state: 'new',
customer_id: @customer.id,
article: {
body: 'some test 123',
},
}
post '/api/v1/tickets', params: params.to_json, headers: ticket_create_headers
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(result['created_by_id'], @customer.id)
end
test 'X-On-Behalf-Of auth - ticket create admin for customer by login' do
ActivityStream.cleanup(1.year)
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-admin-auth-behalf@example.com', 'adminpw')
ticket_create_headers = @headers.merge(
'Authorization' => credentials,
'X-On-Behalf-Of' => @customer.login,
)
admin_headers = @headers.merge(
'Authorization' => credentials,
)
params = {
title: 'a new ticket #3',
group: 'Users',
priority: '2 normal',
state: 'new',
customer_id: @customer.id,
article: {
body: 'some test 123',
},
}
post '/api/v1/tickets', params: params.to_json, headers: ticket_create_headers
assert_response(201)
result_ticket_create = JSON.parse(@response.body)
assert_equal(Hash, result_ticket_create.class)
assert_equal(result_ticket_create['created_by_id'], @customer.id)
get '/api/v1/activity_stream?full=true', params: {}, headers: admin_headers
assert_response(200)
result_activity_stream = JSON.parse(@response.body)
assert_equal(Hash, result_activity_stream.class)
ticket_created = nil
result_activity_stream['record_ids'].each do |record_id|
activity_stream = ActivityStream.find(record_id)
next if activity_stream.object.name != 'Ticket'
next if activity_stream.o_id != result_ticket_create['id']
ticket_created = activity_stream
end
assert(ticket_created)
assert_equal(ticket_created.created_by_id, @customer.id)
get '/api/v1/activity_stream', params: {}, headers: admin_headers
assert_response(200)
result_activity_stream = JSON.parse(@response.body)
assert_equal(Array, result_activity_stream.class)
ticket_created = nil
result_activity_stream.each do |record|
activity_stream = ActivityStream.find(record['id'])
next if activity_stream.object.name != 'Ticket'
next if activity_stream.o_id != result_ticket_create['id']
ticket_created = activity_stream
end
assert(ticket_created)
assert_equal(ticket_created.created_by_id, @customer.id)
end
test 'X-On-Behalf-Of auth - ticket create admin for customer by email' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-admin-auth-behalf@example.com', 'adminpw')
ticket_create_headers = @headers.merge(
'Authorization' => credentials,
'X-On-Behalf-Of' => @customer.email,
)
params = {
title: 'a new ticket #3',
group: 'Users',
priority: '2 normal',
state: 'new',
customer_id: @customer.id,
article: {
body: 'some test 123',
},
}
post '/api/v1/tickets', params: params.to_json, headers: ticket_create_headers
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(result['created_by_id'], @customer.id)
end
test 'X-On-Behalf-Of auth - ticket create admin for unknown' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-admin-auth-behalf@example.com', 'adminpw')
ticket_create_headers = @headers.merge(
'Authorization' => credentials,
'X-On-Behalf-Of' => 99_449_494_949,
)
params = {
title: 'a new ticket #3',
group: 'Users',
priority: '2 normal',
state: 'new',
customer_id: @customer.id,
article: {
body: 'some test 123',
},
}
post '/api/v1/tickets', params: params.to_json, headers: ticket_create_headers
assert_response(401)
assert_not(@response.header.key?('Access-Control-Allow-Origin'))
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal("No such user '99449494949'", result['error'])
end
test 'X-On-Behalf-Of auth - ticket create customer for admin' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-customer1-auth-behalf@example.com', 'customer1pw')
ticket_create_headers = @headers.merge(
'Authorization' => credentials,
'X-On-Behalf-Of' => @admin.email,
)
params = {
title: 'a new ticket #3',
group: 'Users',
priority: '2 normal',
state: 'new',
customer_id: @customer.id,
article: {
body: 'some test 123',
},
}
post '/api/v1/tickets', params: params.to_json, headers: ticket_create_headers
assert_response(401)
assert_not(@response.header.key?('Access-Control-Allow-Origin'))
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal("Current user has no permission to use 'X-On-Behalf-Of'!", result['error'])
end
test 'X-On-Behalf-Of auth - ticket create admin for customer by email but no permitted action' do
group_secret = Group.new(name: 'secret1234')
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-admin-auth-behalf@example.com', 'adminpw')
ticket_create_headers = @headers.merge(
'Authorization' => credentials,
'X-On-Behalf-Of' => @customer.email,
)
params = {
title: 'a new ticket #3',
group: group_secret.name,
priority: '2 normal',
state: 'new',
customer_id: @customer.id,
article: {
body: 'some test 123',
},
}
post '/api/v1/tickets', params: params.to_json, headers: ticket_create_headers
assert_response(422)
assert_not(@response.header.key?('Access-Control-Allow-Origin'))
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('No lookup value found for \'group\': "secret1234"', result['error'])
end
end

121
test/controllers/basic_controller_test.rb
View file

@ -1,121 +0,0 @@
require 'test_helper'
class BasicControllerTest < ActionDispatch::IntegrationTest
test 'json requests' do
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
# 404
get '/not_existing_url', params: {}, headers: @headers
assert_response(404)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert(result['error'], 'No route matches [GET] /not_existing_url')
# 401
get '/api/v1/organizations', params: {}, headers: @headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert(result['error'], 'authentication failed')
# 422
get '/tests/unprocessable_entity', params: {}, headers: @headers
assert_response(422)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert(result['error'], 'some error message')
# 401
get '/tests/not_authorized', params: {}, headers: @headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert(result['error'], 'some error message')
# 401
get '/tests/ar_not_found', params: {}, headers: @headers
assert_response(404)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert(result['error'], 'some error message')
# 500
get '/tests/standard_error', params: {}, headers: @headers
assert_response(500)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert(result['error'], 'some error message')
# 422
get '/tests/argument_error', params: {}, headers: @headers
assert_response(422)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert(result['error'], 'some error message')
end
test 'html requests' do
# 404
get '/not_existing_url', params: {}, headers: @headers
assert_response(404)
assert_match(/<html/, @response.body)
assert_match(%r{<title>404: Not Found</title>}, @response.body)
assert_match(%r{<h1>404: Requested Ressource was not found.</h1>}, @response.body)
assert_match(%r{No route matches \[GET\] /not_existing_url}, @response.body)
# 401
get '/api/v1/organizations', params: {}, headers: @headers
assert_response(401)
assert_match(/<html/, @response.body)
assert_match(%r{<title>401: Unauthorized</title>}, @response.body)
assert_match(%r{<h1>401: Unauthorized</h1>}, @response.body)
assert_match(/authentication failed/, @response.body)
# 422
get '/tests/unprocessable_entity', params: {}, headers: @headers
assert_response(422)
assert_match(/<html/, @response.body)
assert_match(%r{<title>422: Unprocessable Entity</title>}, @response.body)
assert_match(%r{<h1>422: The change you wanted was rejected.</h1>}, @response.body)
assert_match(/some error message/, @response.body)
# 401
get '/tests/not_authorized', params: {}, headers: @headers
assert_response(401)
assert_match(/<html/, @response.body)
assert_match(%r{<title>401: Unauthorized</title>}, @response.body)
assert_match(%r{<h1>401: Unauthorized</h1>}, @response.body)
assert_match(/some error message/, @response.body)
# 401
get '/tests/ar_not_found', params: {}, headers: @headers
assert_response(404)
assert_match(/<html/, @response.body)
assert_match(%r{<title>404: Not Found</title>}, @response.body)
assert_match(%r{<h1>404: Requested Ressource was not found.</h1>}, @response.body)
assert_match(/some error message/, @response.body)
# 500
get '/tests/standard_error', params: {}, headers: @headers
assert_response(500)
assert_match(/<html/, @response.body)
assert_match(%r{<title>500: Something went wrong</title>}, @response.body)
assert_match(%r{<h1>500: We're sorry, but something went wrong.</h1>}, @response.body)
assert_match(/some error message/, @response.body)
# 422
get '/tests/argument_error', params: {}, headers: @headers
assert_response(422)
assert_match(/<html/, @response.body)
assert_match(%r{<title>422: Unprocessable Entity</title>}, @response.body)
assert_match(%r{<h1>422: The change you wanted was rejected.</h1>}, @response.body)
assert_match(/some error message/, @response.body)
end
end

90
test/controllers/calendar_controller_test.rb
View file

@ -1,90 +0,0 @@
require 'test_helper'
class CalendarControllerTest < ActionDispatch::IntegrationTest
setup do
# set accept header
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
# create agent
roles = Role.where(name: %w[Admin Agent])
groups = Group.all
UserInfo.current_user_id = 1
@admin = User.create!(
login: 'calendar-admin',
firstname: 'Packages',
lastname: 'Admin',
email: 'calendar-admin@example.com',
password: 'adminpw',
active: true,
roles: roles,
groups: groups,
)
end
test '01 calendar index with nobody' do
get '/api/v1/calendars', params: {}, headers: @headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('authentication failed', result['error'])
get '/api/v1/calendars_init', params: {}, headers: @headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('authentication failed', result['error'])
end
test '02 calendar index with admin' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('calendar-admin@example.com', 'adminpw')
# index
get '/api/v1/calendars', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert(result)
assert_equal(1, result.count)
get '/api/v1/calendars?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert(result)
assert_equal(1, result.count)
get '/api/v1/calendars?full=true', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
assert(result['record_ids'])
assert_equal(1, result['record_ids'].count)
assert(result['assets'])
assert(result['assets'].present?)
# index
get '/api/v1/calendars_init', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result['record_ids'])
assert(result['ical_feeds'])
assert_equal('Denmark', result['ical_feeds']['http://www.google.com/calendar/ical/da.danish%23holiday%40group.v.calendar.google.com/public/basic.ics'])
assert_equal('Austria', result['ical_feeds']['http://www.google.com/calendar/ical/de.austrian%23holiday%40group.v.calendar.google.com/public/basic.ics'])
assert(result['timezones'])
assert_equal(2, result['timezones']['Africa/Johannesburg'])
assert_equal(-8, result['timezones']['America/Sitka'])
assert(result['assets'])
end
end

90
test/controllers/calendars_controller_test.rb
View file

@ -1,90 +0,0 @@
require 'test_helper'
class CalendarsControllerTest < ActionDispatch::IntegrationTest
setup do
# set accept header
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
# create agent
roles = Role.where(name: %w[Admin Agent])
groups = Group.all
UserInfo.current_user_id = 1
@admin = User.create!(
login: 'calendar-admin',
firstname: 'Packages',
lastname: 'Admin',
email: 'calendar-admin@example.com',
password: 'adminpw',
active: true,
roles: roles,
groups: groups,
)
end
test '01 calendar index with nobody' do
get '/api/v1/calendars', params: {}, headers: @headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('authentication failed', result['error'])
get '/api/v1/calendars_init', params: {}, headers: @headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('authentication failed', result['error'])
end
test '02 calendar index with admin' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('calendar-admin@example.com', 'adminpw')
# index
get '/api/v1/calendars', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert(result)
assert_equal(1, result.count)
get '/api/v1/calendars?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert(result)
assert_equal(1, result.count)
get '/api/v1/calendars?full=true', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
assert(result['record_ids'])
assert_equal(1, result['record_ids'].count)
assert(result['assets'])
assert(result['assets'].present?)
# index
get '/api/v1/calendars_init', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result['record_ids'])
assert(result['ical_feeds'])
assert_equal('Denmark', result['ical_feeds']['http://www.google.com/calendar/ical/da.danish%23holiday%40group.v.calendar.google.com/public/basic.ics'])
assert_equal('Austria', result['ical_feeds']['http://www.google.com/calendar/ical/de.austrian%23holiday%40group.v.calendar.google.com/public/basic.ics'])
assert(result['timezones'])
assert_equal(2, result['timezones']['Africa/Johannesburg'])
assert_equal(-8, result['timezones']['America/Sitka'])
assert(result['assets'])
end
end

244
test/controllers/form_controller_test.rb
View file

@ -1,244 +0,0 @@
require 'test_helper'
class FormControllerTest < ActionDispatch::IntegrationTest
include SearchindexHelper
setup do
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json', 'REMOTE_ADDR' => '1.2.3.4' }
configure_elasticsearch
Ticket.destroy_all
rebuild_searchindex
end
test '01 - get config call' do
post '/api/v1/form_config', params: {}.to_json, headers: @headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_equal(result['error'], 'Not authorized')
end
test '02 - get config call' do
Setting.set('form_ticket_create', true)
post '/api/v1/form_config', params: {}.to_json, headers: @headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_equal(result['error'], 'Not authorized')
end
test '03 - get config call & do submit' do
Setting.set('form_ticket_create', true)
fingerprint = SecureRandom.hex(40)
post '/api/v1/form_config', params: { fingerprint: fingerprint }.to_json, headers: @headers
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_equal(result['enabled'], true)
assert_equal(result['endpoint'], 'http://zammad.example.com/api/v1/form_submit')
assert(result['token'])
token = result['token']
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: 'invalid' }.to_json, headers: @headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_equal(result['error'], 'Not authorized')
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token }.to_json, headers: @headers
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert(result['errors'])
assert_equal(result['errors']['name'], 'required')
assert_equal(result['errors']['email'], 'required')
assert_equal(result['errors']['title'], 'required')
assert_equal(result['errors']['body'], 'required')
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, email: 'some' }.to_json, headers: @headers
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert(result['errors'])
assert_equal(result['errors']['name'], 'required')
assert_equal(result['errors']['email'], 'invalid')
assert_equal(result['errors']['title'], 'required')
assert_equal(result['errors']['body'], 'required')
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }.to_json, headers: @headers
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_not(result['errors'])
assert(result['ticket'])
assert(result['ticket']['id'])
assert(result['ticket']['number'])
travel 5.hours
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }.to_json, headers: @headers
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_not(result['errors'])
assert(result['ticket'])
assert(result['ticket']['id'])
assert(result['ticket']['number'])
travel 20.hours
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }.to_json, headers: @headers
assert_response(401)
end
test '04 - get config call & do submit' do
Setting.set('form_ticket_create', true)
fingerprint = SecureRandom.hex(40)
post '/api/v1/form_config', params: { fingerprint: fingerprint }.to_json, headers: @headers
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_equal(result['enabled'], true)
assert_equal(result['endpoint'], 'http://zammad.example.com/api/v1/form_submit')
assert(result['token'])
token = result['token']
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: 'invalid' }.to_json, headers: @headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_equal(result['error'], 'Not authorized')
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token }.to_json, headers: @headers
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert(result['errors'])
assert_equal(result['errors']['name'], 'required')
assert_equal(result['errors']['email'], 'required')
assert_equal(result['errors']['title'], 'required')
assert_equal(result['errors']['body'], 'required')
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, email: 'some' }.to_json, headers: @headers
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert(result['errors'])
assert_equal(result['errors']['name'], 'required')
assert_equal(result['errors']['email'], 'invalid')
assert_equal(result['errors']['title'], 'required')
assert_equal(result['errors']['body'], 'required')
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'somebody@example.com', title: 'test', body: 'hello' }.to_json, headers: @headers
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert(result['errors'])
assert_equal(result['errors']['email'], 'invalid')
end
test '05 - limits' do
return if !SearchIndexBackend.enabled?
Setting.set('form_ticket_create', true)
fingerprint = SecureRandom.hex(40)
post '/api/v1/form_config', params: { fingerprint: fingerprint }.to_json, headers: @headers
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_equal(result['enabled'], true)
assert_equal(result['endpoint'], 'http://zammad.example.com/api/v1/form_submit')
assert(result['token'])
token = result['token']
(1..20).each do |count|
travel 10.seconds
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: "test#{count}", body: 'hello' }.to_json, headers: @headers
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_not(result['errors'])
assert(result['ticket'])
assert(result['ticket']['id'])
assert(result['ticket']['number'])
Scheduler.worker(true)
sleep 1 # wait until elasticsearch is index
end
sleep 10 # wait until elasticsearch is index
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test-last', body: 'hello' }.to_json, headers: @headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert(result['error'])
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json', 'REMOTE_ADDR' => '1.2.3.5' }
(1..20).each do |count|
travel 10.seconds
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: "test-2-#{count}", body: 'hello' }.to_json, headers: @headers
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_not(result['errors'])
assert(result['ticket'])
assert(result['ticket']['id'])
assert(result['ticket']['number'])
Scheduler.worker(true)
sleep 1 # wait until elasticsearch is index
end
sleep 10 # wait until elasticsearch is index
post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test-2-last', body: 'hello' }.to_json, headers: @headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert(result['error'])
end
test '06 - customer_ticket_create false disables form' do
Setting.set('form_ticket_create', false)
Setting.set('customer_ticket_create', true)
fingerprint = SecureRandom.hex(40)
post '/api/v1/form_config', params: { fingerprint: fingerprint }.to_json, headers: @headers
result = JSON.parse(@response.body)
token = result['token']
params = {
fingerprint: fingerprint,
token: token,
name: 'Bob Smith',
email: 'discard@znuny.com',
title: 'test',
body: 'hello'
}
post '/api/v1/form_submit', params: params.to_json, headers: @headers
assert_response(401)
end
end

270
test/controllers/integration_check_mk_controller_test.rb
View file

@ -1,270 +0,0 @@
require 'test_helper'
class IntegationCheckMkControllerTest < ActionDispatch::IntegrationTest
setup do
token = SecureRandom.urlsafe_base64(16)
Setting.set('check_mk_token', token)
Setting.set('check_mk_integration', true)
end
test '01 without token' do
post '/api/v1/integration/check_mk/', params: {}
assert_response(404)
end
test '01 invalid token & enabled feature' do
post '/api/v1/integration/check_mk/invalid_token', params: {}
assert_response(422)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('Invalid token!', result['error'])
end
test '01 invalid token & disabled feature' do
Setting.set('check_mk_integration', false)
post '/api/v1/integration/check_mk/invalid_token', params: {}
assert_response(422)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('Feature is disable, please contact your admin to enable it!', result['error'])
end
test '02 ticket create & close' do
params = {
event_id: '123',
state: 'down',
host: 'some host',
service: 'some service',
}
post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result['result'])
assert(result['ticket_id'])
assert(result['ticket_number'])
ticket = Ticket.find(result['ticket_id'])
assert_equal('new', ticket.state.name)
assert_equal(1, ticket.articles.count)
params = {
event_id: '123',
state: 'up',
host: 'some host',
service: 'some service',
}
post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result['result'])
assert(result['ticket_ids'].include?(ticket.id))
ticket.reload
assert_equal('closed', ticket.state.name)
assert_equal(2, ticket.articles.count)
end
test '02 ticket create & create & auto close' do
params = {
event_id: '123',
state: 'down',
host: 'some host',
service: 'some service',
}
post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result['result'])
assert(result['ticket_id'])
assert(result['ticket_number'])
ticket = Ticket.find(result['ticket_id'])
assert_equal('new', ticket.state.name)
assert_equal(1, ticket.articles.count)
params = {
event_id: '123',
state: 'down',
host: 'some host',
service: 'some service',
}
post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('ticket already open, added note', result['result'])
assert(result['ticket_ids'].include?(ticket.id))
ticket.reload
assert_equal('new', ticket.state.name)
assert_equal(2, ticket.articles.count)
params = {
event_id: '123',
state: 'up',
host: 'some host',
service: 'some service',
}
post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result['result'])
assert(result['ticket_ids'].include?(ticket.id))
ticket.reload
assert_equal('closed', ticket.state.name)
assert_equal(3, ticket.articles.count)
end
test '02 ticket close' do
params = {
event_id: '123',
state: 'up',
host: 'some host',
service: 'some service',
}
post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('no open tickets found, ignore action', result['result'])
end
test '02 ticket create & create & no auto close' do
Setting.set('check_mk_auto_close', false)
params = {
event_id: '123',
state: 'down',
host: 'some host',
service: 'some service',
}
post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result['result'])
assert(result['ticket_id'])
assert(result['ticket_number'])
ticket = Ticket.find(result['ticket_id'])
assert_equal('new', ticket.state.name)
assert_equal(1, ticket.articles.count)
params = {
event_id: '123',
state: 'down',
host: 'some host',
service: 'some service',
}
post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('ticket already open, added note', result['result'])
assert(result['ticket_ids'].include?(ticket.id))
ticket.reload
assert_equal('new', ticket.state.name)
assert_equal(2, ticket.articles.count)
params = {
event_id: '123',
state: 'up',
host: 'some host',
service: 'some service',
}
post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('ticket already open, added note', result['result'])
assert(result['ticket_ids'].include?(ticket.id))
ticket.reload
assert_equal('new', ticket.state.name)
assert_equal(3, ticket.articles.count)
end
test '02 ticket create & create & auto close - host only' do
params = {
event_id: '123',
state: 'down',
host: 'some host',
}
post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result['result'])
assert(result['ticket_id'])
assert(result['ticket_number'])
ticket = Ticket.find(result['ticket_id'])
assert_equal('new', ticket.state.name)
assert_equal(1, ticket.articles.count)
params = {
event_id: '123',
state: 'down',
host: 'some host',
}
post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('ticket already open, added note', result['result'])
assert(result['ticket_ids'].include?(ticket.id))
ticket.reload
assert_equal('new', ticket.state.name)
assert_equal(2, ticket.articles.count)
params = {
event_id: '123',
state: 'up',
host: 'some host',
}
post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result['result'])
assert(result['ticket_ids'].include?(ticket.id))
ticket.reload
assert_equal('closed', ticket.state.name)
assert_equal(3, ticket.articles.count)
end
end

508
test/controllers/integration_cti_controller_test.rb
View file

@ -1,508 +0,0 @@
require 'test_helper'
require 'rexml/document'
class IntegrationCtiControllerTest < ActionDispatch::IntegrationTest
setup do
Cti::Log.destroy_all
Setting.set('cti_integration', true)
Setting.set('cti_config', {
outbound: {
routing_table: [
{
dest: '41*',
caller_id: '41715880339000',
},
{
dest: '491714000000',
caller_id: '41715880339000',
},
],
default_caller_id: '4930777000000',
},
inbound: {
block_caller_ids: [
{
caller_id: '491715000000',
note: 'some note',
}
],
notify_user_ids: {
2 => true,
4 => false,
},
}
},)
groups = Group.where(name: 'Users')
roles = Role.where(name: %w[Agent])
agent = User.create_or_update(
login: 'cti-agent@example.com',
firstname: 'E',
lastname: 'S',
email: 'cti-agent@example.com',
password: 'agentpw',
active: true,
roles: roles,
groups: groups,
updated_by_id: 1,
created_by_id: 1,
)
customer1 = User.create_or_update(
login: 'ticket-caller_id_cti-customer1@example.com',
firstname: 'CallerId',
lastname: 'Customer1',
email: 'ticket-caller_id_cti-customer1@example.com',
password: 'customerpw',
active: true,
phone: '+49 99999 222222',
fax: '+49 99999 222223',
mobile: '+4912347114711',
note: 'Phone at home: +49 99999 222224',
updated_by_id: 1,
created_by_id: 1,
)
customer2 = User.create_or_update(
login: 'ticket-caller_id_cti-customer2@example.com',
firstname: 'CallerId',
lastname: 'Customer2',
email: 'ticket-caller_id_cti-customer2@example.com',
password: 'customerpw',
active: true,
phone: '+49 99999 222222 2',
updated_by_id: 1,
created_by_id: 1,
)
customer3 = User.create_or_update(
login: 'ticket-caller_id_cti-customer3@example.com',
firstname: 'CallerId',
lastname: 'Customer3',
email: 'ticket-caller_id_cti-customer3@example.com',
password: 'customerpw',
active: true,
phone: '+49 99999 222222 2',
updated_by_id: 1,
created_by_id: 1,
)
Cti::CallerId.rebuild
end
test 'token check' do
params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&call_id=4991155921769858278-1&user%5B%5D=user+1&user%5B%5D=user+2'
post '/api/v1/cti/not_existing_token', params: params
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('Invalid token, please contact your admin!', result['error'])
end
test 'basic call' do
token = Setting.get('cti_token')
# inbound - I
params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&call_id=4991155921769858278-1&user%5B%5D=user+1&user%5B%5D=user+2'
post "/api/v1/cti/#{token}", params: params
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result.blank?)
# inbound - II - block caller
params = 'event=newCall&direction=in&from=491715000000&to=4930600000000&call_id=4991155921769858278-2&user%5B%5D=user+1&user%5B%5D=user+2'
post "/api/v1/cti/#{token}", params: params
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('reject', result['action'])
assert_equal('busy', result['reason'])
# outbound - I - set default_caller_id
params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&call_id=8621106404543334274-3&user%5B%5D=user+1'
post "/api/v1/cti/#{token}", params: params
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('dial', result['action'])
assert_equal('4912347114711', result['number'])
assert_equal('4930777000000', result['caller_id'])
# outbound - II - set caller_id based on routing_table by explicite number
params = 'event=newCall&direction=out&from=4930600000000&to=491714000000&call_id=8621106404543334274-4&user%5B%5D=user+1'
post "/api/v1/cti/#{token}", params: params
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('dial', result['action'])
assert_equal('491714000000', result['number'])
assert_equal('41715880339000', result['caller_id'])
# outbound - III - set caller_id based on routing_table by 41*
params = 'event=newCall&direction=out&from=4930600000000&to=4147110000000&call_id=8621106404543334274-5&user%5B%5D=user+1'
post "/api/v1/cti/#{token}", params: params
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('dial', result['action'])
assert_equal('4147110000000', result['number'])
assert_equal('41715880339000', result['caller_id'])
# no config
Setting.set('cti_config', {})
params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&call_id=4991155921769858278-6&user%5B%5D=user+1&user%5B%5D=user+2'
post "/api/v1/cti/#{token}", params: params
assert_response(422)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('Feature not configured, please contact your admin!', result['error'])
end
test 'log call' do
token = Setting.get('cti_token')
# outbound - I - new call
params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&call_id=1234567890-1&user%5B%5D=user+1'
post "/api/v1/cti/#{token}", params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-1')
assert(log)
assert_equal('4930777000000', log.from)
assert_equal('4912347114711', log.to)
assert_equal('out', log.direction)
assert_equal('user 1', log.from_comment)
assert_equal('CallerId Customer1', log.to_comment)
assert_nil(log.comment)
assert_equal('newCall', log.state)
assert_equal(true, log.done)
assert(log.initialized_at)
assert_nil(log.start_at)
assert_nil(log.end_at)
assert_nil(log.duration_waiting_time)
assert_nil(log.duration_talking_time)
# outbound - I - hangup by agent
params = 'event=hangup&direction=out&call_id=1234567890-1&cause=cancel'
post "/api/v1/cti/#{token}", params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-1')
assert(log)
assert_equal('4930777000000', log.from)
assert_equal('4912347114711', log.to)
assert_equal('out', log.direction)
assert_equal('user 1', log.from_comment)
assert_equal('CallerId Customer1', log.to_comment)
assert_equal('cancel', log.comment)
assert_equal('hangup', log.state)
assert_equal(true, log.done)
assert(log.initialized_at)
assert_nil(log.start_at)
assert(log.end_at)
assert(log.duration_waiting_time)
assert_nil(log.duration_talking_time)
# outbound - II - new call
params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&call_id=1234567890-2&user%5B%5D=user+1'
post "/api/v1/cti/#{token}", params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-2')
assert(log)
assert_equal('4930777000000', log.from)
assert_equal('4912347114711', log.to)
assert_equal('out', log.direction)
assert_equal('user 1', log.from_comment)
assert_equal('CallerId Customer1', log.to_comment)
assert_nil(log.comment)
assert_equal('newCall', log.state)
assert_equal(true, log.done)
assert(log.initialized_at)
assert_nil(log.start_at)
assert_nil(log.end_at)
assert_nil(log.duration_waiting_time)
assert_nil(log.duration_talking_time)
# outbound - II - answer by customer
params = 'event=answer&direction=out&call_id=1234567890-2&from=4930600000000&to=4912347114711'
post "/api/v1/cti/#{token}", params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-2')
assert(log)
assert_equal('4930777000000', log.from)
assert_equal('4912347114711', log.to)
assert_equal('out', log.direction)
assert_equal('user 1', log.from_comment)
assert_equal('CallerId Customer1', log.to_comment)
assert_nil(log.comment)
assert_equal('answer', log.state)
assert_equal(true, log.done)
assert(log.initialized_at)
assert(log.start_at)
assert_nil(log.end_at)
assert(log.duration_waiting_time)
assert_nil(log.duration_talking_time)
# outbound - II - hangup by customer
params = 'event=hangup&direction=out&call_id=1234567890-2&cause=normalClearing&from=4930600000000&to=4912347114711'
post "/api/v1/cti/#{token}", params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-2')
assert(log)
assert_equal('4930777000000', log.from)
assert_equal('4912347114711', log.to)
assert_equal('out', log.direction)
assert_equal('user 1', log.from_comment)
assert_equal('CallerId Customer1', log.to_comment)
assert_equal('normalClearing', log.comment)
assert_equal('hangup', log.state)
assert_equal(true, log.done)
assert(log.initialized_at)
assert(log.start_at)
assert(log.end_at)
assert(log.duration_waiting_time)
assert(log.duration_talking_time)
# inbound - I - new call
params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&call_id=1234567890-3&user%5B%5D=user+1'
post "/api/v1/cti/#{token}", params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-3')
assert(log)
assert_equal('4930600000000', log.to)
assert_equal('4912347114711', log.from)
assert_equal('in', log.direction)
assert_equal('user 1', log.to_comment)
assert_equal('CallerId Customer1', log.from_comment)
assert_nil(log.comment)
assert_equal('newCall', log.state)
assert_equal(false, log.done)
assert(log.initialized_at)
assert_nil(log.start_at)
assert_nil(log.end_at)
assert_nil(log.duration_waiting_time)
assert_nil(log.duration_talking_time)
# inbound - I - answer by customer
params = 'event=answer&direction=in&call_id=1234567890-3&to=4930600000000&from=4912347114711'
post "/api/v1/cti/#{token}", params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-3')
assert(log)
assert_equal('4930600000000', log.to)
assert_equal('4912347114711', log.from)
assert_equal('in', log.direction)
assert_equal('user 1', log.to_comment)
assert_equal('CallerId Customer1', log.from_comment)
assert_nil(log.comment)
assert_equal('answer', log.state)
assert_equal(true, log.done)
assert(log.initialized_at)
assert(log.start_at)
assert_nil(log.end_at)
assert(log.duration_waiting_time)
assert_nil(log.duration_talking_time)
# inbound - I - hangup by customer
params = 'event=hangup&direction=in&call_id=1234567890-3&cause=normalClearing&to=4930600000000&from=4912347114711'
post "/api/v1/cti/#{token}", params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-3')
assert(log)
assert_equal('4930600000000', log.to)
assert_equal('4912347114711', log.from)
assert_equal('in', log.direction)
assert_equal('user 1', log.to_comment)
assert_equal('CallerId Customer1', log.from_comment)
assert_equal('normalClearing', log.comment)
assert_equal('hangup', log.state)
assert_equal(true, log.done)
assert(log.initialized_at)
assert(log.start_at)
assert(log.end_at)
assert(log.duration_waiting_time)
assert(log.duration_talking_time)
# inbound - II - new call
params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&call_id=1234567890-4&user%5B%5D=user+1,user+2'
post "/api/v1/cti/#{token}", params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-4')
assert(log)
assert_equal('4930600000000', log.to)
assert_equal('4912347114711', log.from)
assert_equal('in', log.direction)
assert_equal('user 1,user 2', log.to_comment)
assert_equal('CallerId Customer1', log.from_comment)
assert_nil(log.comment)
assert_equal('newCall', log.state)
assert_equal(false, log.done)
assert(log.initialized_at)
assert_nil(log.start_at)
assert_nil(log.end_at)
assert_nil(log.duration_waiting_time)
assert_nil(log.duration_talking_time)
# inbound - II - answer by voicemail
params = 'event=answer&direction=in&call_id=1234567890-4&to=4930600000000&from=4912347114711&user=voicemail'
post "/api/v1/cti/#{token}", params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-4')
assert(log)
assert_equal('4930600000000', log.to)
assert_equal('4912347114711', log.from)
assert_equal('in', log.direction)
assert_equal('voicemail', log.to_comment)
assert_equal('CallerId Customer1', log.from_comment)
assert_nil(log.comment)
assert_equal('answer', log.state)
assert_equal(true, log.done)
assert(log.initialized_at)
assert(log.start_at)
assert_nil(log.end_at)
assert(log.duration_waiting_time)
assert_nil(log.duration_talking_time)
# inbound - II - hangup by customer
params = 'event=hangup&direction=in&call_id=1234567890-4&cause=normalClearing&to=4930600000000&from=4912347114711'
post "/api/v1/cti/#{token}", params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-4')
assert(log)
assert_equal('4930600000000', log.to)
assert_equal('4912347114711', log.from)
assert_equal('in', log.direction)
assert_equal('voicemail', log.to_comment)
assert_equal('CallerId Customer1', log.from_comment)
assert_equal('normalClearing', log.comment)
assert_equal('hangup', log.state)
assert_equal(false, log.done)
assert(log.initialized_at)
assert(log.start_at)
assert(log.end_at)
assert(log.duration_waiting_time)
assert(log.duration_talking_time)
# inbound - III - new call
params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&call_id=1234567890-5&user%5B%5D=user+1,user+2'
post "/api/v1/cti/#{token}", params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-5')
assert(log)
assert_equal('4930600000000', log.to)
assert_equal('4912347114711', log.from)
assert_equal('in', log.direction)
assert_equal('user 1,user 2', log.to_comment)
assert_equal('CallerId Customer1', log.from_comment)
assert_nil(log.comment)
assert_equal('newCall', log.state)
assert_equal(false, log.done)
assert(log.initialized_at)
assert_nil(log.start_at)
assert_nil(log.end_at)
assert_nil(log.duration_waiting_time)
assert_nil(log.duration_talking_time)
# inbound - III - hangup by customer
params = 'event=hangup&direction=in&call_id=1234567890-5&cause=normalClearing&to=4930600000000&from=4912347114711'
post "/api/v1/cti/#{token}", params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-5')
assert(log)
assert_equal('4930600000000', log.to)
assert_equal('4912347114711', log.from)
assert_equal('in', log.direction)
assert_equal('user 1,user 2', log.to_comment)
assert_equal('CallerId Customer1', log.from_comment)
assert_equal('normalClearing', log.comment)
assert_equal('hangup', log.state)
assert_equal(false, log.done)
assert(log.initialized_at)
assert_nil(log.start_at)
assert(log.end_at)
assert(log.duration_waiting_time)
assert_nil(log.duration_talking_time)
# inbound - IV - new call
params = 'event=newCall&direction=in&to=4930600000000&from=49999992222222&call_id=1234567890-6&user%5B%5D=user+1,user+2'
post "/api/v1/cti/#{token}", params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-6')
assert(log)
assert_equal('4930600000000', log.to)
assert_equal('49999992222222', log.from)
assert_equal('in', log.direction)
assert_equal('user 1,user 2', log.to_comment)
assert_equal('CallerId Customer3,CallerId Customer2', log.from_comment)
assert_not(log.preferences['to'])
assert(log.preferences['from'])
assert_nil(log.comment)
assert_equal('newCall', log.state)
assert_equal(false, log.done)
assert(log.initialized_at)
assert_nil(log.start_at)
assert_nil(log.end_at)
assert_nil(log.duration_waiting_time)
assert_nil(log.duration_talking_time)
# inbound - IV - new call
params = 'event=newCall&direction=in&to=4930600000000&from=anonymous&call_id=1234567890-7&user%5B%5D=user+1,user+2'
post "/api/v1/cti/#{token}", params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-7')
assert(log)
assert_equal('4930600000000', log.to)
assert_equal('anonymous', log.from)
assert_equal('in', log.direction)
assert_equal('user 1,user 2', log.to_comment)
assert_nil(log.from_comment)
assert_not(log.preferences['to'])
assert_not(log.preferences['from'])
assert_nil(log.comment)
assert_equal('newCall', log.state)
assert_equal(false, log.done)
assert(log.initialized_at)
assert_nil(log.start_at)
assert_nil(log.end_at)
assert_nil(log.duration_waiting_time)
assert_nil(log.duration_talking_time)
# get caller list
get '/api/v1/cti/log'
assert_response(401)
customer2 = User.lookup(login: 'ticket-caller_id_cti-customer2@example.com')
customer3 = User.lookup(login: 'ticket-caller_id_cti-customer3@example.com')
headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('cti-agent@example.com', 'agentpw')
get '/api/v1/cti/log', headers: headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result['list'].class, Array)
assert_equal(7, result['list'].count)
assert(result['assets'])
assert(result['assets']['User'])
assert(result['assets']['User'][customer2.id.to_s])
assert(result['assets']['User'][customer3.id.to_s])
assert_equal('1234567890-7', result['list'][0]['call_id'])
assert_equal('1234567890-6', result['list'][1]['call_id'])
assert_equal('1234567890-5', result['list'][2]['call_id'])
assert_equal('1234567890-4', result['list'][3]['call_id'])
assert_equal('1234567890-3', result['list'][4]['call_id'])
assert_equal('1234567890-2', result['list'][5]['call_id'])
assert_equal('hangup', result['list'][5]['state'])
assert_equal('4930777000000', result['list'][5]['from'])
assert_equal('user 1', result['list'][5]['from_comment'])
assert_equal('4912347114711', result['list'][5]['to'])
assert_equal('CallerId Customer1', result['list'][5]['to_comment'])
assert_equal('normalClearing', result['list'][5]['comment'])
assert_equal('hangup', result['list'][5]['state'])
assert_equal('1234567890-1', result['list'][6]['call_id'])
end
end

469
test/controllers/integration_sipgate_controller_test.rb
View file

@ -1,469 +0,0 @@
require 'test_helper'
require 'rexml/document'
class IntegrationSipgateControllerTest < ActionDispatch::IntegrationTest
setup do
Cti::Log.destroy_all
Setting.set('sipgate_integration', true)
Setting.set('sipgate_config', {
outbound: {
routing_table: [
{
dest: '41*',
caller_id: '41715880339000',
},
{
dest: '491714000000',
caller_id: '41715880339000',
},
],
default_caller_id: '4930777000000',
},
inbound: {
block_caller_ids: [
{
caller_id: '491715000000',
note: 'some note',
}
],
notify_user_ids: {
2 => true,
4 => false,
},
}
},)
groups = Group.where(name: 'Users')
roles = Role.where(name: %w[Agent])
agent = User.create_or_update(
login: 'cti-agent@example.com',
firstname: 'E',
lastname: 'S',
email: 'cti-agent@example.com',
password: 'agentpw',
active: true,
roles: roles,
groups: groups,
updated_by_id: 1,
created_by_id: 1,
)
customer1 = User.create_or_update(
login: 'ticket-caller_id_sipgate-customer1@example.com',
firstname: 'CallerId',
lastname: 'Customer1',
email: 'ticket-caller_id_sipgate-customer1@example.com',
password: 'customerpw',
active: true,
phone: '+49 99999 222222',
fax: '+49 99999 222223',
mobile: '+4912347114711',
note: 'Phone at home: +49 99999 222224',
updated_by_id: 1,
created_by_id: 1,
)
customer2 = User.create_or_update(
login: 'ticket-caller_id_sipgate-customer2@example.com',
firstname: 'CallerId',
lastname: 'Customer2',
email: 'ticket-caller_id_sipgate-customer2@example.com',
password: 'customerpw',
active: true,
phone: '+49 99999 222222 2',
updated_by_id: 1,
created_by_id: 1,
)
customer3 = User.create_or_update(
login: 'ticket-caller_id_sipgate-customer3@example.com',
firstname: 'CallerId',
lastname: 'Customer3',
email: 'ticket-caller_id_sipgate-customer3@example.com',
password: 'customerpw',
active: true,
phone: '+49 99999 222222 2',
updated_by_id: 1,
created_by_id: 1,
)
Cti::CallerId.rebuild
end
test 'basic call' do
# inbound - I
params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&callId=4991155921769858278-1&user%5B%5D=user+1&user%5B%5D=user+2'
post '/api/v1/sipgate/in', params: params
assert_response(200)
on_hangup = nil
on_answer = nil
content = @response.body
response = REXML::Document.new(content)
response.elements.each('Response') do |element|
on_hangup = element.attributes['onHangup']
on_answer = element.attributes['onAnswer']
end
assert_equal('http://zammad.example.com/api/v1/sipgate/in', on_hangup)
assert_equal('http://zammad.example.com/api/v1/sipgate/in', on_answer)
# inbound - II - block caller
params = 'event=newCall&direction=in&from=491715000000&to=4930600000000&callId=4991155921769858278-2&user%5B%5D=user+1&user%5B%5D=user+2'
post '/api/v1/sipgate/in', params: params
assert_response(200)
on_hangup = nil
on_answer = nil
content = @response.body
response = REXML::Document.new(content)
response.elements.each('Response') do |element|
on_hangup = element.attributes['onHangup']
on_answer = element.attributes['onAnswer']
end
assert_equal('http://zammad.example.com/api/v1/sipgate/in', on_hangup)
assert_equal('http://zammad.example.com/api/v1/sipgate/in', on_answer)
reason = nil
response.elements.each('Response/Reject') do |element|
reason = element.attributes['reason']
end
assert_equal('busy', reason)
# outbound - I - set default_caller_id
params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&callId=8621106404543334274-3&user%5B%5D=user+1'
post '/api/v1/sipgate/out', params: params
assert_response(200)
on_hangup = nil
on_answer = nil
caller_id = nil
number_to_dail = nil
content = @response.body
response = REXML::Document.new(content)
response.elements.each('Response') do |element|
on_hangup = element.attributes['onHangup']
on_answer = element.attributes['onAnswer']
end
response.elements.each('Response/Dial') do |element|
caller_id = element.attributes['callerId']
end
response.elements.each('Response/Dial/Number') do |element|
number_to_dail = element.text
end
assert_equal('4930777000000', caller_id)
assert_equal('4912347114711', number_to_dail)
assert_equal('http://zammad.example.com/api/v1/sipgate/out', on_hangup)
assert_equal('http://zammad.example.com/api/v1/sipgate/out', on_answer)
# outbound - II - set caller_id based on routing_table by explicite number
params = 'event=newCall&direction=out&from=4930600000000&to=491714000000&callId=8621106404543334274-4&user%5B%5D=user+1'
post '/api/v1/sipgate/out', params: params
assert_response(200)
on_hangup = nil
on_answer = nil
caller_id = nil
number_to_dail = nil
content = @response.body
response = REXML::Document.new(content)
response.elements.each('Response') do |element|
on_hangup = element.attributes['onHangup']
on_answer = element.attributes['onAnswer']
end
response.elements.each('Response/Dial') do |element|
caller_id = element.attributes['callerId']
end
response.elements.each('Response/Dial/Number') do |element|
number_to_dail = element.text
end
assert_equal('41715880339000', caller_id)
assert_equal('491714000000', number_to_dail)
assert_equal('http://zammad.example.com/api/v1/sipgate/out', on_hangup)
assert_equal('http://zammad.example.com/api/v1/sipgate/out', on_answer)
# outbound - III - set caller_id based on routing_table by 41*
params = 'event=newCall&direction=out&from=4930600000000&to=4147110000000&callId=8621106404543334274-5&user%5B%5D=user+1'
post '/api/v1/sipgate/out', params: params
assert_response(200)
on_hangup = nil
on_answer = nil
caller_id = nil
number_to_dail = nil
content = @response.body
response = REXML::Document.new(content)
response.elements.each('Response') do |element|
on_hangup = element.attributes['onHangup']
on_answer = element.attributes['onAnswer']
end
response.elements.each('Response/Dial') do |element|
caller_id = element.attributes['callerId']
end
response.elements.each('Response/Dial/Number') do |element|
number_to_dail = element.text
end
assert_equal('41715880339000', caller_id)
assert_equal('4147110000000', number_to_dail)
assert_equal('http://zammad.example.com/api/v1/sipgate/out', on_hangup)
assert_equal('http://zammad.example.com/api/v1/sipgate/out', on_answer)
# no config
Setting.set('sipgate_config', {})
params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&callId=4991155921769858278-6&user%5B%5D=user+1&user%5B%5D=user+2'
post '/api/v1/sipgate/in', params: params
assert_response(422)
error = nil
content = @response.body
response = REXML::Document.new(content)
response.elements.each('Response/Error') do |element|
error = element.text
end
assert_equal('Feature not configured, please contact your admin!', error)
end
test 'log call' do
# outbound - I - new call
params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&callId=1234567890-1&user%5B%5D=user+1'
post '/api/v1/sipgate/out', params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-1')
assert(log)
assert_equal('4930777000000', log.from)
assert_equal('4912347114711', log.to)
assert_equal('out', log.direction)
assert_equal('user 1', log.from_comment)
assert_equal('CallerId Customer1', log.to_comment)
assert_nil(log.comment)
assert_equal('newCall', log.state)
assert_equal(true, log.done)
# outbound - I - hangup by agent
params = 'event=hangup&direction=out&callId=1234567890-1&cause=cancel'
post '/api/v1/sipgate/out', params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-1')
assert(log)
assert_equal('4930777000000', log.from)
assert_equal('4912347114711', log.to)
assert_equal('out', log.direction)
assert_equal('user 1', log.from_comment)
assert_equal('CallerId Customer1', log.to_comment)
assert_equal('cancel', log.comment)
assert_equal('hangup', log.state)
assert_equal(true, log.done)
# outbound - II - new call
params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&callId=1234567890-2&user%5B%5D=user+1'
post '/api/v1/sipgate/out', params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-2')
assert(log)
assert_equal('4930777000000', log.from)
assert_equal('4912347114711', log.to)
assert_equal('out', log.direction)
assert_equal('user 1', log.from_comment)
assert_equal('CallerId Customer1', log.to_comment)
assert_nil(log.comment)
assert_equal('newCall', log.state)
assert_equal(true, log.done)
# outbound - II - answer by customer
params = 'event=answer&direction=out&callId=1234567890-2&from=4930600000000&to=4912347114711'
post '/api/v1/sipgate/out', params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-2')
assert(log)
assert_equal('4930777000000', log.from)
assert_equal('4912347114711', log.to)
assert_equal('out', log.direction)
assert_equal('user 1', log.from_comment)
assert_equal('CallerId Customer1', log.to_comment)
assert_nil(log.comment)
assert_equal('answer', log.state)
assert_equal(true, log.done)
# outbound - II - hangup by customer
params = 'event=hangup&direction=out&callId=1234567890-2&cause=normalClearing&from=4930600000000&to=4912347114711'
post '/api/v1/sipgate/out', params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-2')
assert(log)
assert_equal('4930777000000', log.from)
assert_equal('4912347114711', log.to)
assert_equal('out', log.direction)
assert_equal('user 1', log.from_comment)
assert_equal('CallerId Customer1', log.to_comment)
assert_equal('normalClearing', log.comment)
assert_equal('hangup', log.state)
assert_equal(true, log.done)
# inbound - I - new call
params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&callId=1234567890-3&user%5B%5D=user+1'
post '/api/v1/sipgate/in', params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-3')
assert(log)
assert_equal('4930600000000', log.to)
assert_equal('4912347114711', log.from)
assert_equal('in', log.direction)
assert_equal('user 1', log.to_comment)
assert_equal('CallerId Customer1', log.from_comment)
assert_nil(log.comment)
assert_equal('newCall', log.state)
assert_equal(false, log.done)
# inbound - I - answer by customer
params = 'event=answer&direction=in&callId=1234567890-3&to=4930600000000&from=4912347114711'
post '/api/v1/sipgate/in', params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-3')
assert(log)
assert_equal('4930600000000', log.to)
assert_equal('4912347114711', log.from)
assert_equal('in', log.direction)
assert_equal('user 1', log.to_comment)
assert_equal('CallerId Customer1', log.from_comment)
assert_nil(log.comment)
assert_equal('answer', log.state)
assert_equal(true, log.done)
# inbound - I - hangup by customer
params = 'event=hangup&direction=in&callId=1234567890-3&cause=normalClearing&to=4930600000000&from=4912347114711'
post '/api/v1/sipgate/in', params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-3')
assert(log)
assert_equal('4930600000000', log.to)
assert_equal('4912347114711', log.from)
assert_equal('in', log.direction)
assert_equal('user 1', log.to_comment)
assert_equal('CallerId Customer1', log.from_comment)
assert_equal('normalClearing', log.comment)
assert_equal('hangup', log.state)
assert_equal(true, log.done)
# inbound - II - new call
params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&callId=1234567890-4&user%5B%5D=user+1,user+2'
post '/api/v1/sipgate/in', params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-4')
assert(log)
assert_equal('4930600000000', log.to)
assert_equal('4912347114711', log.from)
assert_equal('in', log.direction)
assert_equal('user 1,user 2', log.to_comment)
assert_equal('CallerId Customer1', log.from_comment)
assert_nil(log.comment)
assert_equal('newCall', log.state)
assert_equal(false, log.done)
# inbound - II - answer by voicemail
params = 'event=answer&direction=in&callId=1234567890-4&to=4930600000000&from=4912347114711&user=voicemail'
post '/api/v1/sipgate/in', params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-4')
assert(log)
assert_equal('4930600000000', log.to)
assert_equal('4912347114711', log.from)
assert_equal('in', log.direction)
assert_equal('voicemail', log.to_comment)
assert_equal('CallerId Customer1', log.from_comment)
assert_nil(log.comment)
assert_equal('answer', log.state)
assert_equal(true, log.done)
# inbound - II - hangup by customer
params = 'event=hangup&direction=in&callId=1234567890-4&cause=normalClearing&to=4930600000000&from=4912347114711'
post '/api/v1/sipgate/in', params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-4')
assert(log)
assert_equal('4930600000000', log.to)
assert_equal('4912347114711', log.from)
assert_equal('in', log.direction)
assert_equal('voicemail', log.to_comment)
assert_equal('CallerId Customer1', log.from_comment)
assert_equal('normalClearing', log.comment)
assert_equal('hangup', log.state)
assert_equal(false, log.done)
# inbound - III - new call
params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&callId=1234567890-5&user%5B%5D=user+1,user+2'
post '/api/v1/sipgate/in', params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-5')
assert(log)
assert_equal('4930600000000', log.to)
assert_equal('4912347114711', log.from)
assert_equal('in', log.direction)
assert_equal('user 1,user 2', log.to_comment)
assert_equal('CallerId Customer1', log.from_comment)
assert_nil(log.comment)
assert_equal('newCall', log.state)
assert_equal(false, log.done)
# inbound - III - hangup by customer
params = 'event=hangup&direction=in&callId=1234567890-5&cause=normalClearing&to=4930600000000&from=4912347114711'
post '/api/v1/sipgate/in', params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-5')
assert(log)
assert_equal('4930600000000', log.to)
assert_equal('4912347114711', log.from)
assert_equal('in', log.direction)
assert_equal('user 1,user 2', log.to_comment)
assert_equal('CallerId Customer1', log.from_comment)
assert_equal('normalClearing', log.comment)
assert_equal('hangup', log.state)
assert_equal(false, log.done)
# inbound - IV - new call
params = 'event=newCall&direction=in&to=4930600000000&from=49999992222222&callId=1234567890-6&user%5B%5D=user+1,user+2'
post '/api/v1/sipgate/in', params: params
assert_response(200)
log = Cti::Log.find_by(call_id: '1234567890-6')
assert(log)
assert_equal('4930600000000', log.to)
assert_equal('49999992222222', log.from)
assert_equal('in', log.direction)
assert_equal('user 1,user 2', log.to_comment)
assert_equal('CallerId Customer3,CallerId Customer2', log.from_comment)
assert_not(log.preferences['to'])
assert(log.preferences['from'])
assert_nil(log.comment)
assert_equal('newCall', log.state)
assert_equal(false, log.done)
# get caller list
get '/api/v1/cti/log'
assert_response(401)
customer2 = User.lookup(login: 'ticket-caller_id_sipgate-customer2@example.com')
customer3 = User.lookup(login: 'ticket-caller_id_sipgate-customer3@example.com')
headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('cti-agent@example.com', 'agentpw')
get '/api/v1/cti/log', headers: headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result['list'].class, Array)
assert_equal(6, result['list'].count)
assert(result['assets'])
assert(result['assets']['User'])
assert(result['assets']['User'][customer2.id.to_s])
assert(result['assets']['User'][customer3.id.to_s])
assert_equal('1234567890-6', result['list'][0]['call_id'])
assert_equal('1234567890-5', result['list'][1]['call_id'])
assert_equal('1234567890-4', result['list'][2]['call_id'])
assert_equal('1234567890-3', result['list'][3]['call_id'])
assert_equal('1234567890-2', result['list'][4]['call_id'])
assert_equal('hangup', result['list'][4]['state'])
assert_equal('4930777000000', result['list'][4]['from'])
assert_equal('user 1', result['list'][4]['from_comment'])
assert_equal('4912347114711', result['list'][4]['to'])
assert_equal('CallerId Customer1', result['list'][4]['to_comment'])
assert_equal('normalClearing', result['list'][4]['comment'])
assert_equal('hangup', result['list'][4]['state'])
assert_equal('1234567890-1', result['list'][5]['call_id'])
end
end

29
test/controllers/o_auth_controller_test.rb
View file

@ -1,29 +0,0 @@
require 'test_helper'
class OAuthControllerTest < ActionDispatch::IntegrationTest
test 'o365 - start' do
get '/auth/microsoft_office365', params: {}
assert_response(302)
assert_match('https://login.microsoftonline.com/common/oauth2/v2.0/authorize', @response.body)
assert_match('redirect_uri=http%3A%2F%2Fzammad.example.com%2Fauth%2Fmicrosoft_office365%2Fcallback', @response.body)
assert_match('scope=openid+email+profile', @response.body)
assert_match('response_type=code', @response.body)
end
test 'o365 - callback' do
get '/auth/microsoft_office365/callback?code=1234&state=1234', params: {}
assert_response(302)
assert_match('302 Moved', @response.body)
end
test 'auth failure' do
get '/auth/failure?message=123&strategy=some_provider', params: {}
assert_response(422)
assert_match('<title>422: Unprocessable Entity</title>', @response.body)
assert_match('<h1>422: The change you wanted was rejected.</h1>', @response.body)
assert_match('<div>Message from some_provider: 123</div>', @response.body)
end
end

590
test/controllers/organization_controller_test.rb
View file

@ -1,590 +0,0 @@
require 'test_helper'
class OrganizationControllerTest < ActionDispatch::IntegrationTest
include SearchindexHelper
setup do
# set accept header
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
# create agent
roles = Role.where(name: %w[Admin Agent])
groups = Group.all
UserInfo.current_user_id = 1
@admin = User.create!(
login: 'rest-admin',
firstname: 'Rest',
lastname: 'Agent',
email: 'rest-admin@example.com',
password: 'adminpw',
active: true,
roles: roles,
groups: groups,
)
# create agent
roles = Role.where(name: 'Agent')
@agent = User.create!(
login: 'rest-agent@example.com',
firstname: 'Rest',
lastname: 'Agent',
email: 'rest-agent@example.com',
password: 'agentpw',
active: true,
roles: roles,
groups: groups,
)
# create customer without org
roles = Role.where(name: 'Customer')
@customer_without_org = User.create!(
login: 'rest-customer1@example.com',
firstname: 'Rest',
lastname: 'Customer1',
email: 'rest-customer1@example.com',
password: 'customer1pw',
active: true,
roles: roles,
)
# create orgs
@organization = Organization.create!(
name: 'Rest Org',
)
@organization2 = Organization.create!(
name: 'Rest Org #2',
)
@organization3 = Organization.create!(
name: 'Rest Org #3',
)
# create customer with org
@customer_with_org = User.create!(
login: 'rest-customer2@example.com',
firstname: 'Rest',
lastname: 'Customer2',
email: 'rest-customer2@example.com',
password: 'customer2pw',
active: true,
roles: roles,
organization_id: @organization.id,
)
configure_elasticsearch do
travel 1.minute
rebuild_searchindex
# execute background jobs
Scheduler.worker(true)
sleep 6
end
UserInfo.current_user_id = nil
end
test 'organization index with agent' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')
# index
get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Array)
assert_equal(result[0]['member_ids'].class, Array)
assert(result.length >= 3)
get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
organizations = Organization.order(:id).limit(2)
assert_equal(organizations[0].id, result[0]['id'])
assert_equal(organizations[0].member_ids, result[0]['member_ids'])
assert_equal(organizations[1].id, result[1]['id'])
assert_equal(organizations[1].member_ids, result[1]['member_ids'])
assert_equal(2, result.count)
get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
organizations = Organization.order(:id).limit(4)
assert_equal(organizations[2].id, result[0]['id'])
assert_equal(organizations[2].member_ids, result[0]['member_ids'])
assert_equal(organizations[3].id, result[1]['id'])
assert_equal(organizations[3].member_ids, result[1]['member_ids'])
assert_equal(2, result.count)
# show/:id
get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_equal(result['member_ids'].class, Array)
assert_not(result['members'])
assert_equal(result['name'], 'Rest Org')
get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_equal(result['member_ids'].class, Array)
assert_not(result['members'])
assert_equal(result['name'], 'Rest Org #2')
# search as agent
Scheduler.worker(true)
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal('Zammad Foundation', result[0]['name'])
assert(result[0]['member_ids'])
assert_not(result[0]['members'])
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal('Zammad Foundation', result[0]['name'])
assert(result[0]['member_ids'])
assert(result[0]['members'])
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal('Zammad Foundation', result[0]['label'])
assert_equal('Zammad Foundation', result[0]['value'])
assert_not(result[0]['member_ids'])
assert_not(result[0]['members'])
end
test 'organization index with customer1' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
# index
get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Array)
assert_equal(result.length, 0)
# show/:id
get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_nil(result['name'])
get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_nil(result['name'])
# search
Scheduler.worker(true)
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
end
test 'organization index with customer2' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')
# index
get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Array)
assert_equal(result.length, 1)
# show/:id
get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_equal(result['name'], 'Rest Org')
get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_nil(result['name'])
# search
Scheduler.worker(true)
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
end
test '04.01 organization show and response format' do
organization = Organization.create!(
name: 'Rest Org NEW',
members: [@customer_without_org],
updated_by_id: @admin.id,
created_by_id: @admin.id,
)
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
get "/api/v1/organizations/#{organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(organization.id, result['id'])
assert_equal(organization.name, result['name'])
assert_not(result['members'])
assert_equal([@customer_without_org.id], result['member_ids'])
assert_equal(@admin.id, result['updated_by_id'])
assert_equal(@admin.id, result['created_by_id'])
get "/api/v1/organizations/#{organization.id}?expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(organization.id, result['id'])
assert_equal(organization.name, result['name'])
assert(result['members'])
assert_equal([@customer_without_org.id], result['member_ids'])
assert_equal(@admin.id, result['updated_by_id'])
assert_equal(@admin.id, result['created_by_id'])
get "/api/v1/organizations/#{organization.id}?expand=false", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(organization.id, result['id'])
assert_equal(organization.name, result['name'])
assert_not(result['members'])
assert_equal([@customer_without_org.id], result['member_ids'])
assert_equal(@admin.id, result['updated_by_id'])
assert_equal(@admin.id, result['created_by_id'])
get "/api/v1/organizations/#{organization.id}?full=true", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(organization.id, result['id'])
assert(result['assets'])
assert(result['assets']['Organization'])
assert(result['assets']['Organization'][organization.id.to_s])
assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name'])
assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
get "/api/v1/organizations/#{organization.id}?full=false", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(organization.id, result['id'])
assert_equal(organization.name, result['name'])
assert_not(result['members'])
assert_equal([@customer_without_org.id], result['member_ids'])
assert_equal(@admin.id, result['updated_by_id'])
assert_equal(@admin.id, result['created_by_id'])
end
test '04.02 organization index and response format' do
organization = Organization.create!(
name: 'Rest Org NEW',
members: [@customer_without_org],
updated_by_id: @admin.id,
created_by_id: @admin.id,
)
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal(Hash, result[0].class)
assert_equal(organization.id, result.last['id'])
assert_equal(organization.name, result.last['name'])
assert_not(result.last['members'])
assert_equal(organization.member_ids, result.last['member_ids'])
assert_equal(@admin.id, result.last['updated_by_id'])
assert_equal(@admin.id, result.last['created_by_id'])
get '/api/v1/organizations?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal(Hash, result[0].class)
assert_equal(organization.id, result.last['id'])
assert_equal(organization.name, result.last['name'])
assert_equal(organization.member_ids, result.last['member_ids'])
assert_equal(organization.members.pluck(:login), [@customer_without_org.login])
assert_equal(@admin.id, result.last['updated_by_id'])
assert_equal(@admin.id, result.last['created_by_id'])
get '/api/v1/organizations?expand=false', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal(Hash, result[0].class)
assert_equal(organization.id, result.last['id'])
assert_equal(organization.name, result.last['name'])
assert_not(result.last['members'])
assert_equal(organization.member_ids, result.last['member_ids'])
assert_equal(@admin.id, result.last['updated_by_id'])
assert_equal(@admin.id, result.last['created_by_id'])
get '/api/v1/organizations?full=true', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(Array, result['record_ids'].class)
assert_equal(1, result['record_ids'][0])
assert_equal(organization.id, result['record_ids'].last)
assert(result['assets'])
assert(result['assets']['Organization'])
assert(result['assets']['Organization'][organization.id.to_s])
assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name'])
assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
get '/api/v1/organizations?full=false', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal(Hash, result[0].class)
assert_equal(organization.id, result.last['id'])
assert_equal(organization.name, result.last['name'])
assert_not(result.last['members'])
assert_equal(organization.member_ids, result.last['member_ids'])
assert_equal(@admin.id, result.last['updated_by_id'])
assert_equal(@admin.id, result.last['created_by_id'])
end
test '04.03 ticket create and response format' do
params = {
name: 'Rest Org NEW',
members: [@customer_without_org.login],
}
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
post '/api/v1/organizations', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
organization = Organization.find(result['id'])
assert_equal(organization.name, result['name'])
assert_equal(organization.member_ids, result['member_ids'])
assert_not(result['members'])
assert_equal(@admin.id, result['updated_by_id'])
assert_equal(@admin.id, result['created_by_id'])
params[:name] = 'Rest Org NEW #2'
post '/api/v1/organizations?expand=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
organization = Organization.find(result['id'])
assert_equal(organization.name, result['name'])
assert_equal(organization.member_ids, result['member_ids'])
assert_equal(organization.members.pluck(:login), result['members'])
assert_equal(@admin.id, result['updated_by_id'])
assert_equal(@admin.id, result['created_by_id'])
params[:name] = 'Rest Org NEW #3'
post '/api/v1/organizations?full=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
organization = Organization.find(result['id'])
assert(result['assets'])
assert(result['assets']['Organization'])
assert(result['assets']['Organization'][organization.id.to_s])
assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name'])
assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
end
test '04.04 ticket update and response formats' do
organization = Organization.create!(
name: 'Rest Org NEW',
members: [@customer_without_org],
updated_by_id: @admin.id,
created_by_id: @admin.id,
)
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
params = {
name: 'a update name #1',
}
put "/api/v1/organizations/#{organization.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
organization = Organization.find(result['id'])
assert_equal(params[:name], result['name'])
assert_equal(organization.member_ids, result['member_ids'])
assert_not(result['members'])
assert_equal(@admin.id, result['updated_by_id'])
assert_equal(@admin.id, result['created_by_id'])
params = {
name: 'a update name #2',
}
put "/api/v1/organizations/#{organization.id}?expand=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
organization = Organization.find(result['id'])
assert_equal(params[:name], result['name'])
assert_equal(organization.member_ids, result['member_ids'])
assert_equal(organization.members.pluck(:login), [@customer_without_org.login])
assert_equal(@admin.id, result['updated_by_id'])
assert_equal(@admin.id, result['created_by_id'])
params = {
name: 'a update name #3',
}
put "/api/v1/organizations/#{organization.id}?full=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
organization = Organization.find(result['id'])
assert(result['assets'])
assert(result['assets']['Organization'])
assert(result['assets']['Organization'][organization.id.to_s])
assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
assert_equal(params[:name], result['assets']['Organization'][organization.id.to_s]['name'])
assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
end
test '05.01 csv example - customer no access' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
get '/api/v1/organizations/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal('Not authorized (user)!', result['error'])
end
test '05.02 csv example - admin access' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
get '/api/v1/organizations/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
rows = CSV.parse(@response.body)
header = rows.shift
assert_equal('id', header[0])
assert_equal('name', header[1])
assert_equal('shared', header[2])
assert_equal('domain', header[3])
assert_equal('domain_assignment', header[4])
assert_equal('active', header[5])
assert_equal('note', header[6])
assert(header.include?('members'))
end
test '05.03 csv import - admin access' do
UserInfo.current_user_id = 1
customer1 = User.create!(
login: 'customer1-members@example.com',
firstname: 'Member',
lastname: 'Customer',
email: 'customer1-members@example.com',
password: 'customerpw',
active: true,
)
customer2 = User.create!(
login: 'customer2-members@example.com',
firstname: 'Member',
lastname: 'Customer',
email: 'customer2-members@example.com',
password: 'customerpw',
active: true,
)
UserInfo.current_user_id = nil
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
# invalid file
csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple_col_not_existing.csv')
csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(true, result['try'])
assert_equal(2, result['records'].count)
assert_equal('failed', result['result'])
assert_equal(2, result['errors'].count)
assert_equal("Line 1: unknown attribute 'name2' for Organization.", result['errors'][0])
assert_equal("Line 2: unknown attribute 'name2' for Organization.", result['errors'][1])
# valid file try
csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv')
csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(true, result['try'])
assert_equal(2, result['records'].count)
assert_equal('success', result['result'])
assert_nil(Organization.find_by(name: 'organization-member-import1'))
assert_nil(Organization.find_by(name: 'organization-member-import2'))
# valid file
csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv')
csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
post '/api/v1/organizations/import', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(false, result['try'])
assert_equal(2, result['records'].count)
assert_equal('success', result['result'])
organization1 = Organization.find_by(name: 'organization-member-import1')
assert(organization1)
assert_equal(organization1.name, 'organization-member-import1')
assert_equal(organization1.members.count, 1)
assert_equal(organization1.members.first.login, customer1.login)
assert_equal(organization1.active, true)
organization2 = Organization.find_by(name: 'organization-member-import2')
assert(organization2)
assert_equal(organization2.name, 'organization-member-import2')
assert_equal(organization2.members.count, 1)
assert_equal(organization2.members.first.login, customer2.login)
assert_equal(organization2.active, false)
end
end

638
test/controllers/organizations_controller_test.rb
View file

@ -1,638 +0,0 @@
require 'test_helper'
class OrganizationsControllerTest < ActionDispatch::IntegrationTest
include SearchindexHelper
setup do
# set accept header
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
# create agent
roles = Role.where(name: %w[Admin Agent])
groups = Group.all
UserInfo.current_user_id = 1
@admin = User.create!(
login: 'rest-admin',
firstname: 'Rest',
lastname: 'Agent',
email: 'rest-admin@example.com',
password: 'adminpw',
active: true,
roles: roles,
groups: groups,
)
# create agent
roles = Role.where(name: 'Agent')
@agent = User.create!(
login: 'rest-agent@example.com',
firstname: 'Rest',
lastname: 'Agent',
email: 'rest-agent@example.com',
password: 'agentpw',
active: true,
roles: roles,
groups: groups,
)
# create customer without org
roles = Role.where(name: 'Customer')
@customer_without_org = User.create!(
login: 'rest-customer1@example.com',
firstname: 'Rest',
lastname: 'Customer1',
email: 'rest-customer1@example.com',
password: 'customer1pw',
active: true,
roles: roles,
)
# create orgs
@organization = Organization.create!(
name: 'Rest Org #1',
note: 'Rest Org A',
created_at: '2018-02-05 17:42:00',
updated_at: '2018-02-05 20:42:00',
)
@organization2 = Organization.create!(
name: 'Rest Org #2',
note: 'Rest Org B',
created_at: '2018-02-05 18:42:00',
updated_at: '2018-02-05 18:42:00',
)
@organization3 = Organization.create!(
name: 'Rest Org #3',
note: 'Rest Org C',
created_at: '2018-02-05 19:42:00',
updated_at: '2018-02-05 19:42:00',
)
# create customer with org
@customer_with_org = User.create!(
login: 'rest-customer2@example.com',
firstname: 'Rest',
lastname: 'Customer2',
email: 'rest-customer2@example.com',
password: 'customer2pw',
active: true,
roles: roles,
organization_id: @organization.id,
)
configure_elasticsearch do
travel 1.minute
rebuild_searchindex
# execute background jobs
Scheduler.worker(true)
sleep 6
end
UserInfo.current_user_id = nil
end
test 'organization index with agent' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')
# index
get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Array)
assert_equal(result[0]['member_ids'].class, Array)
assert(result.length >= 3)
get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
organizations = Organization.order(:id).limit(2)
assert_equal(organizations[0].id, result[0]['id'])
assert_equal(organizations[0].member_ids, result[0]['member_ids'])
assert_equal(organizations[1].id, result[1]['id'])
assert_equal(organizations[1].member_ids, result[1]['member_ids'])
assert_equal(2, result.count)
get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
organizations = Organization.order(:id).limit(4)
assert_equal(organizations[2].id, result[0]['id'])
assert_equal(organizations[2].member_ids, result[0]['member_ids'])
assert_equal(organizations[3].id, result[1]['id'])
assert_equal(organizations[3].member_ids, result[1]['member_ids'])
assert_equal(2, result.count)
# show/:id
get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_equal(result['member_ids'].class, Array)
assert_not(result['members'])
assert_equal(result['name'], 'Rest Org #1')
get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_equal(result['member_ids'].class, Array)
assert_not(result['members'])
assert_equal(result['name'], 'Rest Org #2')
# search as agent
Scheduler.worker(true)
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal('Zammad Foundation', result[0]['name'])
assert(result[0]['member_ids'])
assert_not(result[0]['members'])
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal('Zammad Foundation', result[0]['name'])
assert(result[0]['member_ids'])
assert(result[0]['members'])
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal('Zammad Foundation', result[0]['label'])
assert_equal('Zammad Foundation', result[0]['value'])
assert_not(result[0]['member_ids'])
assert_not(result[0]['members'])
end
test 'organization index with customer1' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
# index
get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Array)
assert_equal(result.length, 0)
# show/:id
get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_nil(result['name'])
get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_nil(result['name'])
# search
Scheduler.worker(true)
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
end
test 'organization index with customer2' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')
# index
get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Array)
assert_equal(result.length, 1)
# show/:id
get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_equal(result['name'], 'Rest Org #1')
get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_nil(result['name'])
# search
Scheduler.worker(true)
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
end
test 'organization search sortable' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'adminpw')
get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
result.collect! { |v| v['id'] }
assert_equal(Array, result.class)
assert_equal([ @organization.id, @organization3.id, @organization2.id ], result)
get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'created_at', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
result.collect! { |v| v['id'] }
assert_equal(Array, result.class)
assert_equal([ @organization.id, @organization2.id, @organization3.id ], result)
get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'note', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
result.collect! { |v| v['id'] }
assert_equal(Array, result.class)
assert_equal([ @organization.id, @organization2.id, @organization3.id ], result)
get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'note', order_by: 'desc' }, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
result.collect! { |v| v['id'] }
assert_equal(Array, result.class)
assert_equal([ @organization3.id, @organization2.id, @organization.id ], result)
get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: %w[note created_at], order_by: %w[desc asc] }, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
result.collect! { |v| v['id'] }
assert_equal(Array, result.class)
assert_equal([ @organization3.id, @organization2.id, @organization.id ], result)
end
test '04.01 organization show and response format' do
organization = Organization.create!(
name: 'Rest Org NEW',
members: [@customer_without_org],
updated_by_id: @admin.id,
created_by_id: @admin.id,
)
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
get "/api/v1/organizations/#{organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(organization.id, result['id'])
assert_equal(organization.name, result['name'])
assert_not(result['members'])
assert_equal([@customer_without_org.id], result['member_ids'])
assert_equal(@admin.id, result['updated_by_id'])
assert_equal(@admin.id, result['created_by_id'])
get "/api/v1/organizations/#{organization.id}?expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(organization.id, result['id'])
assert_equal(organization.name, result['name'])
assert(result['members'])
assert_equal([@customer_without_org.id], result['member_ids'])
assert_equal(@admin.id, result['updated_by_id'])
assert_equal(@admin.id, result['created_by_id'])
get "/api/v1/organizations/#{organization.id}?expand=false", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(organization.id, result['id'])
assert_equal(organization.name, result['name'])
assert_not(result['members'])
assert_equal([@customer_without_org.id], result['member_ids'])
assert_equal(@admin.id, result['updated_by_id'])
assert_equal(@admin.id, result['created_by_id'])
get "/api/v1/organizations/#{organization.id}?full=true", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(organization.id, result['id'])
assert(result['assets'])
assert(result['assets']['Organization'])
assert(result['assets']['Organization'][organization.id.to_s])
assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name'])
assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
get "/api/v1/organizations/#{organization.id}?full=false", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(organization.id, result['id'])
assert_equal(organization.name, result['name'])
assert_not(result['members'])
assert_equal([@customer_without_org.id], result['member_ids'])
assert_equal(@admin.id, result['updated_by_id'])
assert_equal(@admin.id, result['created_by_id'])
end
test '04.02 organization index and response format' do
organization = Organization.create!(
name: 'Rest Org NEW',
members: [@customer_without_org],
updated_by_id: @admin.id,
created_by_id: @admin.id,
)
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal(Hash, result[0].class)
assert_equal(organization.id, result.last['id'])
assert_equal(organization.name, result.last['name'])
assert_not(result.last['members'])
assert_equal(organization.member_ids, result.last['member_ids'])
assert_equal(@admin.id, result.last['updated_by_id'])
assert_equal(@admin.id, result.last['created_by_id'])
get '/api/v1/organizations?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal(Hash, result[0].class)
assert_equal(organization.id, result.last['id'])
assert_equal(organization.name, result.last['name'])
assert_equal(organization.member_ids, result.last['member_ids'])
assert_equal(organization.members.pluck(:login), [@customer_without_org.login])
assert_equal(@admin.id, result.last['updated_by_id'])
assert_equal(@admin.id, result.last['created_by_id'])
get '/api/v1/organizations?expand=false', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal(Hash, result[0].class)
assert_equal(organization.id, result.last['id'])
assert_equal(organization.name, result.last['name'])
assert_not(result.last['members'])
assert_equal(organization.member_ids, result.last['member_ids'])
assert_equal(@admin.id, result.last['updated_by_id'])
assert_equal(@admin.id, result.last['created_by_id'])
get '/api/v1/organizations?full=true', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(Array, result['record_ids'].class)
assert_equal(1, result['record_ids'][0])
assert_equal(organization.id, result['record_ids'].last)
assert(result['assets'])
assert(result['assets']['Organization'])
assert(result['assets']['Organization'][organization.id.to_s])
assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name'])
assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
get '/api/v1/organizations?full=false', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal(Hash, result[0].class)
assert_equal(organization.id, result.last['id'])
assert_equal(organization.name, result.last['name'])
assert_not(result.last['members'])
assert_equal(organization.member_ids, result.last['member_ids'])
assert_equal(@admin.id, result.last['updated_by_id'])
assert_equal(@admin.id, result.last['created_by_id'])
end
test '04.03 ticket create and response format' do
params = {
name: 'Rest Org NEW',
members: [@customer_without_org.login],
}
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
post '/api/v1/organizations', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
organization = Organization.find(result['id'])
assert_equal(organization.name, result['name'])
assert_equal(organization.member_ids, result['member_ids'])
assert_not(result['members'])
assert_equal(@admin.id, result['updated_by_id'])
assert_equal(@admin.id, result['created_by_id'])
params[:name] = 'Rest Org NEW #2'
post '/api/v1/organizations?expand=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
organization = Organization.find(result['id'])
assert_equal(organization.name, result['name'])
assert_equal(organization.member_ids, result['member_ids'])
assert_equal(organization.members.pluck(:login), result['members'])
assert_equal(@admin.id, result['updated_by_id'])
assert_equal(@admin.id, result['created_by_id'])
params[:name] = 'Rest Org NEW #3'
post '/api/v1/organizations?full=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
organization = Organization.find(result['id'])
assert(result['assets'])
assert(result['assets']['Organization'])
assert(result['assets']['Organization'][organization.id.to_s])
assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name'])
assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
end
test '04.04 ticket update and response formats' do
organization = Organization.create!(
name: 'Rest Org NEW',
members: [@customer_without_org],
updated_by_id: @admin.id,
created_by_id: @admin.id,
)
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
params = {
name: 'a update name #1',
}
put "/api/v1/organizations/#{organization.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
organization = Organization.find(result['id'])
assert_equal(params[:name], result['name'])
assert_equal(organization.member_ids, result['member_ids'])
assert_not(result['members'])
assert_equal(@admin.id, result['updated_by_id'])
assert_equal(@admin.id, result['created_by_id'])
params = {
name: 'a update name #2',
}
put "/api/v1/organizations/#{organization.id}?expand=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
organization = Organization.find(result['id'])
assert_equal(params[:name], result['name'])
assert_equal(organization.member_ids, result['member_ids'])
assert_equal(organization.members.pluck(:login), [@customer_without_org.login])
assert_equal(@admin.id, result['updated_by_id'])
assert_equal(@admin.id, result['created_by_id'])
params = {
name: 'a update name #3',
}
put "/api/v1/organizations/#{organization.id}?full=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
organization = Organization.find(result['id'])
assert(result['assets'])
assert(result['assets']['Organization'])
assert(result['assets']['Organization'][organization.id.to_s])
assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
assert_equal(params[:name], result['assets']['Organization'][organization.id.to_s]['name'])
assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
end
test '05.01 csv example - customer no access' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
get '/api/v1/organizations/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal('Not authorized (user)!', result['error'])
end
test '05.02 csv example - admin access' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
get '/api/v1/organizations/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
rows = CSV.parse(@response.body)
header = rows.shift
assert_equal('id', header[0])
assert_equal('name', header[1])
assert_equal('shared', header[2])
assert_equal('domain', header[3])
assert_equal('domain_assignment', header[4])
assert_equal('active', header[5])
assert_equal('note', header[6])
assert(header.include?('members'))
end
test '05.03 csv import - admin access' do
UserInfo.current_user_id = 1
customer1 = User.create!(
login: 'customer1-members@example.com',
firstname: 'Member',
lastname: 'Customer',
email: 'customer1-members@example.com',
password: 'customerpw',
active: true,
)
customer2 = User.create!(
login: 'customer2-members@example.com',
firstname: 'Member',
lastname: 'Customer',
email: 'customer2-members@example.com',
password: 'customerpw',
active: true,
)
UserInfo.current_user_id = nil
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
# invalid file
csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple_col_not_existing.csv')
csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(true, result['try'])
assert_equal(2, result['records'].count)
assert_equal('failed', result['result'])
assert_equal(2, result['errors'].count)
assert_equal("Line 1: unknown attribute 'name2' for Organization.", result['errors'][0])
assert_equal("Line 2: unknown attribute 'name2' for Organization.", result['errors'][1])
# valid file try
csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv')
csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(true, result['try'])
assert_equal(2, result['records'].count)
assert_equal('success', result['result'])
assert_nil(Organization.find_by(name: 'organization-member-import1'))
assert_nil(Organization.find_by(name: 'organization-member-import2'))
# valid file
csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv')
csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
post '/api/v1/organizations/import', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(false, result['try'])
assert_equal(2, result['records'].count)
assert_equal('success', result['result'])
organization1 = Organization.find_by(name: 'organization-member-import1')
assert(organization1)
assert_equal(organization1.name, 'organization-member-import1')
assert_equal(organization1.members.count, 1)
assert_equal(organization1.members.first.login, customer1.login)
assert_equal(organization1.active, true)
organization2 = Organization.find_by(name: 'organization-member-import2')
assert(organization2)
assert_equal(organization2.name, 'organization-member-import2')
assert_equal(organization2.members.count, 1)
assert_equal(organization2.members.first.login, customer2.login)
assert_equal(organization2.active, false)
end
end

221
test/controllers/overviews_controller_test.rb
View file

@ -1,221 +0,0 @@
require 'test_helper'
class OverviewsControllerTest < ActionDispatch::IntegrationTest
setup do
# set accept header
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
# create agent
roles = Role.where(name: %w[Admin Agent])
groups = Group.all
UserInfo.current_user_id = 1
@admin = User.create!(
login: 'tickets-admin',
firstname: 'Tickets',
lastname: 'Admin',
email: 'tickets-admin@example.com',
password: 'adminpw',
active: true,
roles: roles,
groups: groups,
)
# create agent
roles = Role.where(name: 'Agent')
@agent = User.create!(
login: 'tickets-agent@example.com',
firstname: 'Tickets',
lastname: 'Agent',
email: 'tickets-agent@example.com',
password: 'agentpw',
active: true,
roles: roles,
groups: Group.all,
)
end
test 'no permissions' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent', 'agentpw')
params = {
name: 'Overview2',
link: 'my_overview',
roles: Role.where(name: 'Agent').pluck(:name),
condition: {
'ticket.state_id' => {
operator: 'is',
value: [1, 2, 3],
},
},
order: {
by: 'created_at',
direction: 'DESC',
},
view: {
d: %w[title customer state created_at],
s: %w[number title customer state created_at],
m: %w[number title customer state created_at],
view_mode_default: 's',
},
}
post '/api/v1/overviews', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('authentication failed', result['error'])
end
test 'create overviews' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw')
params = {
name: 'Overview2',
link: 'my_overview',
roles: Role.where(name: 'Agent').pluck(:name),
condition: {
'ticket.state_id' => {
operator: 'is',
value: [1, 2, 3],
},
},
order: {
by: 'created_at',
direction: 'DESC',
},
view: {
d: %w[title customer state created_at],
s: %w[number title customer state created_at],
m: %w[number title customer state created_at],
view_mode_default: 's',
},
}
post '/api/v1/overviews', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('Overview2', result['name'])
assert_equal('my_overview', result['link'])
post '/api/v1/overviews', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('Overview2', result['name'])
assert_equal('my_overview_1', result['link'])
end
test 'set mass prio' do
roles = Role.where(name: 'Agent')
overview1 = Overview.create!(
name: 'Overview1',
link: 'my_overview',
roles: roles,
condition: {
'ticket.state_id' => {
operator: 'is',
value: [1, 2, 3],
},
},
order: {
by: 'created_at',
direction: 'DESC',
},
view: {
d: %w[title customer state created_at],
s: %w[number title customer state created_at],
m: %w[number title customer state created_at],
view_mode_default: 's',
},
prio: 1,
updated_by_id: 1,
created_by_id: 1,
)
overview2 = Overview.create!(
name: 'Overview2',
link: 'my_overview',
roles: roles,
condition: {
'ticket.state_id' => {
operator: 'is',
value: [1, 2, 3],
},
},
order: {
by: 'created_at',
direction: 'DESC',
},
view: {
d: %w[title customer state created_at],
s: %w[number title customer state created_at],
m: %w[number title customer state created_at],
view_mode_default: 's',
},
prio: 2,
updated_by_id: 1,
created_by_id: 1,
)
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw')
params = {
prios: [
[overview2.id, 1],
[overview1.id, 2],
]
}
post '/api/v1/overviews_prio', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(true, result['success'])
overview1.reload
overview2.reload
assert_equal(2, overview1.prio)
assert_equal(1, overview2.prio)
end
test 'create an overview with group_by direction' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw')
params = {
name: 'Overview2',
link: 'my_overview',
roles: Role.where(name: 'Agent').pluck(:name),
condition: {
'ticket.state_id' => {
operator: 'is',
value: [1, 2, 3],
},
},
order: {
by: 'created_at',
direction: 'DESC',
},
group_by: 'priority',
group_direction: 'ASC',
view: {
d: %w[title customer state created_at],
s: %w[number title customer state created_at],
m: %w[number title customer state created_at],
view_mode_default: 's',
},
}
post '/api/v1/overviews', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('Overview2', result['name'])
assert_equal('my_overview', result['link'])
assert_equal('priority', result['group_by'])
assert_equal('ASC', result['group_direction'])
end
end

131
test/controllers/packages_controller_test.rb
View file

@ -1,131 +0,0 @@
require 'test_helper'
class PackagesControllerTest < ActionDispatch::IntegrationTest
setup do
# set accept header
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
# create agent
roles = Role.where(name: %w[Admin Agent])
groups = Group.all
UserInfo.current_user_id = 1
@admin = User.create!(
login: 'packages-admin',
firstname: 'Packages',
lastname: 'Admin',
email: 'packages-admin@example.com',
password: 'adminpw',
active: true,
roles: roles,
groups: groups,
)
# create agent
roles = Role.where(name: 'Agent')
@agent = User.create!(
login: 'packages-agent@example.com',
firstname: 'Rest',
lastname: 'Agent',
email: 'packages-agent@example.com',
password: 'agentpw',
active: true,
roles: roles,
groups: groups,
)
# create customer without org
roles = Role.where(name: 'Customer')
@customer_without_org = User.create!(
login: 'packages-customer1@example.com',
firstname: 'Packages',
lastname: 'Customer1',
email: 'packages-customer1@example.com',
password: 'customer1pw',
active: true,
roles: roles,
)
end
test '01 packages index with nobody' do
# index
get '/api/v1/packages', params: {}, headers: @headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_not(result['packages'])
assert_equal('authentication failed', result['error'])
end
test '02 packages index with admin' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('packages-admin@example.com', 'adminpw')
# index
get '/api/v1/packages', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result['packages'])
end
test '03 packages index with admin and wrong pw' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('packages-admin@example.com', 'wrongadminpw')
# index
get '/api/v1/packages', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('authentication failed', result['error'])
end
test '04 packages index with inactive admin' do
@admin.active = false
@admin.save!
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('packages-admin@example.com', 'adminpw')
# index
get '/api/v1/packages', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('authentication failed', result['error'])
end
test '05 packages index with agent' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('packages-agent@example.com', 'agentpw')
# index
get '/api/v1/packages', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_not(result['packages'])
assert_equal('Not authorized (user)!', result['error'])
end
test '06 packages index with customer' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('packages-customer1@example.com', 'customer1pw')
# index
get '/api/v1/packages', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_not(result['packages'])
assert_equal('Not authorized (user)!', result['error'])
end
end

98
test/controllers/reports_controller_test.rb
View file

@ -1,98 +0,0 @@
require 'test_helper'
class ReportsControllerTest < ActionDispatch::IntegrationTest
include SearchindexHelper
setup do
# set accept header
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
@year = DateTime.now.utc.year
@month = DateTime.now.utc.month
@week = DateTime.now.utc.strftime('%U').to_i
@day = DateTime.now.utc.day
roles = Role.where(name: 'Admin')
groups = Group.all
UserInfo.current_user_id = 1
@admin = User.create!(
login: 'rest-admin',
firstname: 'Rest',
lastname: 'Agent',
email: 'rest-admin@example.com',
password: 'adminpw',
active: true,
roles: roles,
groups: groups,
updated_by_id: 1,
created_by_id: 1
)
roles = Role.where(name: 'Customer')
@customer_without_org = User.create!(
login: 'rest-customer1@example.com',
firstname: 'Rest',
lastname: 'Customer1',
email: 'rest-customer1@example.com',
password: 'customer1pw',
active: true,
roles: roles,
updated_by_id: 1,
created_by_id: 1
)
@group1 = Group.create!(
name: "GroupWithoutPermission-#{rand(9_999_999_999)}",
active: true,
updated_by_id: 1,
created_by_id: 1,
)
@ticket1 = Ticket.create!(
title: 'ticket for report',
group_id: @group1.id,
customer_id: @customer_without_org.id,
state: Ticket::State.lookup(name: 'open'),
priority: Ticket::Priority.lookup(name: '2 normal'),
updated_by_id: 1,
created_by_id: 1,
)
Ticket::Article.create!(
type: Ticket::Article::Type.lookup(name: 'note'),
sender: Ticket::Article::Sender.lookup(name: 'Customer'),
from: 'sender',
subject: 'subject',
body: 'some body',
ticket_id: @ticket1.id,
updated_by_id: 1,
created_by_id: 1,
)
configure_elasticsearch do
travel 1.minute
rebuild_searchindex
# execute background jobs
Scheduler.worker(true)
sleep 6
end
end
test '01.01 report example - admin access' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
get "/api/v1/reports/sets?sheet=true;metric=count;year=#{@year};month=#{@month};week=#{@week};day=#{@day};timeRange=year;profile_id=1;downloadBackendSelected=count::created", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
assert(@response['Content-Disposition'])
assert_equal('attachment; filename="tickets--all--Created.xls"', @response['Content-Disposition'])
assert_equal('application/vnd.ms-excel', @response['Content-Type'])
end
end

448
test/controllers/search_controller_test.rb
View file

@ -1,448 +0,0 @@
require 'test_helper'
class SearchControllerTest < ActionDispatch::IntegrationTest
include SearchindexHelper
setup do
# set current user
UserInfo.current_user_id = 1
# set accept header
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
# create agent
roles = Role.where(name: %w[Admin Agent])
groups = Group.all
@admin = User.create!(
login: 'search-admin',
firstname: 'Search',
lastname: 'Admin',
email: 'search-admin@example.com',
password: 'adminpw',
active: true,
roles: roles,
groups: groups,
)
# create agent
roles = Role.where(name: 'Agent')
@agent = User.create!(
login: 'search-agent@example.com',
firstname: 'Search 1234',
lastname: 'Agent',
email: 'search-agent@example.com',
password: 'agentpw',
active: true,
roles: roles,
groups: groups,
)
# create customer without org
roles = Role.where(name: 'Customer')
@customer_without_org = User.create!(
login: 'search-customer1@example.com',
firstname: 'Search',
lastname: 'Customer1',
email: 'search-customer1@example.com',
password: 'customer1pw',
active: true,
roles: roles,
)
# create orgs
@organization = Organization.create!(
name: 'Rest Org',
)
@organization2 = Organization.create!(
name: 'Rest Org #2',
)
@organization3 = Organization.create!(
name: 'Rest Org #3',
)
@organization4 = Organization.create!(
name: 'Tes.t. Org',
)
@organization5 = Organization.create!(
name: 'ABC_D Org',
)
# create customer with org
@customer_with_org2 = User.create!(
login: 'search-customer2@example.com',
firstname: 'Search',
lastname: 'Customer2',
email: 'search-customer2@example.com',
password: 'customer2pw',
active: true,
roles: roles,
organization_id: @organization.id,
)
@customer_with_org3 = User.create!(
login: 'search-customer3@example.com',
firstname: 'Search',
lastname: 'Customer3',
email: 'search-customer3@example.com',
password: 'customer3pw',
active: true,
roles: roles,
organization_id: @organization.id,
)
@ticket1 = Ticket.create!(
title: 'test 1234-1',
group: Group.lookup(name: 'Users'),
customer_id: @customer_without_org.id,
state: Ticket::State.lookup(name: 'new'),
priority: Ticket::Priority.lookup(name: '2 normal'),
)
@article1 = Ticket::Article.create!(
ticket_id: @ticket1.id,
from: 'some_sender1@example.com',
to: 'some_recipient1@example.com',
subject: 'some subject1',
message_id: 'some@id',
body: 'some message1',
internal: false,
sender: Ticket::Article::Sender.where(name: 'Customer').first,
type: Ticket::Article::Type.where(name: 'email').first,
)
travel 1.second
@ticket2 = Ticket.create!(
title: 'test 1234-2',
group: Group.lookup(name: 'Users'),
customer_id: @customer_with_org2.id,
state: Ticket::State.lookup(name: 'new'),
priority: Ticket::Priority.lookup(name: '2 normal'),
)
@article2 = Ticket::Article.create!(
ticket_id: @ticket2.id,
from: 'some_sender2@example.com',
to: 'some_recipient2@example.com',
subject: 'some subject2',
message_id: 'some@id',
body: 'some message2',
internal: false,
sender: Ticket::Article::Sender.where(name: 'Customer').first,
type: Ticket::Article::Type.where(name: 'email').first,
)
travel 1.second
@ticket3 = Ticket.create!(
title: 'test 1234-2',
group: Group.lookup(name: 'Users'),
customer_id: @customer_with_org3.id,
state: Ticket::State.lookup(name: 'new'),
priority: Ticket::Priority.lookup(name: '2 normal'),
)
@article3 = Ticket::Article.create!(
ticket_id: @ticket3.id,
from: 'some_sender3@example.com',
to: 'some_recipient3@example.com',
subject: 'some subject3',
message_id: 'some@id',
body: 'some message3',
internal: false,
sender: Ticket::Article::Sender.where(name: 'Customer').first,
type: Ticket::Article::Type.where(name: 'email').first,
)
configure_elasticsearch do
travel 1.minute
rebuild_searchindex
# execute background jobs
Scheduler.worker(true)
sleep 6
end
end
test 'settings index with nobody' do
params = {
query: 'test 1234',
limit: 2,
}
post '/api/v1/search/ticket', params: params.to_json, headers: @headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_not(result.blank?)
assert_equal('authentication failed', result['error'])
post '/api/v1/search/user', params: params.to_json, headers: @headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_not(result.blank?)
assert_equal('authentication failed', result['error'])
post '/api/v1/search', params: params.to_json, headers: @headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_not(result.blank?)
assert_equal('authentication failed', result['error'])
end
test 'settings index with admin' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-admin@example.com', 'adminpw')
params = {
query: '1234*',
limit: 1,
}
post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
assert_equal('Ticket', result['result'][0]['type'])
assert_equal(@ticket3.id, result['result'][0]['id'])
assert_equal('User', result['result'][1]['type'])
assert_equal(@agent.id, result['result'][1]['id'])
assert_not(result['result'][2])
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
assert_equal('Ticket', result['result'][0]['type'])
assert_equal(@ticket3.id, result['result'][0]['id'])
assert_equal('Ticket', result['result'][1]['type'])
assert_equal(@ticket2.id, result['result'][1]['id'])
assert_equal('Ticket', result['result'][2]['type'])
assert_equal(@ticket1.id, result['result'][2]['id'])
assert_equal('User', result['result'][3]['type'])
assert_equal(@agent.id, result['result'][3]['id'])
assert_not(result['result'][4])
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search/ticket', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
assert_equal('Ticket', result['result'][0]['type'])
assert_equal(@ticket3.id, result['result'][0]['id'])
assert_equal('Ticket', result['result'][1]['type'])
assert_equal(@ticket2.id, result['result'][1]['id'])
assert_equal('Ticket', result['result'][2]['type'])
assert_equal(@ticket1.id, result['result'][2]['id'])
assert_not(result['result'][3])
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search/user', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('User', result['result'][0]['type'])
assert_equal(@agent.id, result['result'][0]['id'])
assert_not(result['result'][1])
end
test 'settings index with agent' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-agent@example.com', 'agentpw')
params = {
query: '1234*',
limit: 1,
}
post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
assert_equal('Ticket', result['result'][0]['type'])
assert_equal(@ticket3.id, result['result'][0]['id'])
assert_equal('User', result['result'][1]['type'])
assert_equal(@agent.id, result['result'][1]['id'])
assert_not(result['result'][2])
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
assert_equal('Ticket', result['result'][0]['type'])
assert_equal(@ticket3.id, result['result'][0]['id'])
assert_equal('Ticket', result['result'][1]['type'])
assert_equal(@ticket2.id, result['result'][1]['id'])
assert_equal('Ticket', result['result'][2]['type'])
assert_equal(@ticket1.id, result['result'][2]['id'])
assert_equal('User', result['result'][3]['type'])
assert_equal(@agent.id, result['result'][3]['id'])
assert_not(result['result'][4])
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search/ticket', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
assert_equal('Ticket', result['result'][0]['type'])
assert_equal(@ticket3.id, result['result'][0]['id'])
assert_equal('Ticket', result['result'][1]['type'])
assert_equal(@ticket2.id, result['result'][1]['id'])
assert_equal('Ticket', result['result'][2]['type'])
assert_equal(@ticket1.id, result['result'][2]['id'])
assert_not(result['result'][3])
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search/user', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('User', result['result'][0]['type'])
assert_equal(@agent.id, result['result'][0]['id'])
assert_not(result['result'][1])
end
test 'settings index with customer 1' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-customer1@example.com', 'customer1pw')
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
assert_equal('Ticket', result['result'][0]['type'])
assert_equal(@ticket1.id, result['result'][0]['id'])
assert_not(result['result'][1])
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search/ticket', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
assert_equal('Ticket', result['result'][0]['type'])
assert_equal(@ticket1.id, result['result'][0]['id'])
assert_not(result['result'][1])
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search/user', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_not(result['result'][0])
end
test 'settings index with customer 2' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-customer2@example.com', 'customer2pw')
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
assert_equal('Ticket', result['result'][0]['type'])
assert_equal(@ticket3.id, result['result'][0]['id'])
assert_equal('Ticket', result['result'][1]['type'])
assert_equal(@ticket2.id, result['result'][1]['id'])
assert_not(result['result'][2])
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search/ticket', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
assert_equal('Ticket', result['result'][0]['type'])
assert_equal(@ticket3.id, result['result'][0]['id'])
assert_equal('Ticket', result['result'][1]['type'])
assert_equal(@ticket2.id, result['result'][1]['id'])
assert_not(result['result'][2])
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search/user', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_not(result['result'][0])
end
# Verify fix for Github issue #2058 - Autocomplete hangs on dot in the new user form
test 'searching for organization with a dot in its name' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-agent@example.com', 'agentpw')
get '/api/v1/search/organization?query=tes.', headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(1, result['result'].size)
assert_equal('Organization', result['result'][0]['type'])
target_id = result['result'][0]['id']
assert_equal('Tes.t. Org', result['assets']['Organization'][target_id.to_s]['name'])
end
# Search query H& should correctly match H&M
test 'searching for organization with _ in its name' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-agent@example.com', 'agentpw')
get '/api/v1/search/organization?query=abc_', headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(1, result['result'].size)
assert_equal('Organization', result['result'][0]['type'])
target_id = result['result'][0]['id']
assert_equal('ABC_D Org', result['assets']['Organization'][target_id.to_s]['name'])
end
end

302
test/controllers/settings_controller_test.rb
View file

@ -1,302 +0,0 @@
require 'test_helper'
class SettingsControllerTest < ActionDispatch::IntegrationTest
setup do
# set accept header
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
# create agent
roles = Role.where(name: %w[Admin Agent])
groups = Group.all
UserInfo.current_user_id = 1
@admin_full = User.create!(
login: 'setting-admin',
firstname: 'Setting',
lastname: 'Admin',
email: 'setting-admin@example.com',
password: 'adminpw',
active: true,
roles: roles,
groups: groups,
)
role_api = Role.create!(
name: 'AdminApi',
note: 'To configure your api.',
preferences: {
not: ['Customer'],
},
default_at_signup: false,
updated_by_id: 1,
created_by_id: 1
)
role_api.permission_grant('admin.api')
@admin_api = User.create!(
login: 'setting-admin-api',
firstname: 'Setting',
lastname: 'Admin Api',
email: 'setting-admin-api@example.com',
password: 'adminpw',
active: true,
roles: [role_api],
groups: groups,
)
# create agent
roles = Role.where(name: 'Agent')
@agent = User.create!(
login: 'setting-agent@example.com',
firstname: 'Setting',
lastname: 'Agent',
email: 'setting-agent@example.com',
password: 'agentpw',
active: true,
roles: roles,
groups: groups,
)
# create customer without org
roles = Role.where(name: 'Customer')
@customer_without_org = User.create!(
login: 'setting-customer1@example.com',
firstname: 'Setting',
lastname: 'Customer1',
email: 'setting-customer1@example.com',
password: 'customer1pw',
active: true,
roles: roles,
)
end
test 'settings index with nobody' do
# index
get '/api/v1/settings', params: {}, headers: @headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_not(result['settings'])
# show
setting = Setting.find_by(name: 'product_name')
get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal('authentication failed', result['error'])
end
test 'settings index with admin' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('setting-admin@example.com', 'adminpw')
# index
get '/api/v1/settings', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert(result)
hit_api = false
hit_product_name = false
result.each do |setting|
if setting['name'] == 'api_token_access'
hit_api = true
end
if setting['name'] == 'product_name'
hit_product_name = true
end
end
assert_equal(true, hit_api)
assert_equal(true, hit_product_name)
# show
setting = Setting.find_by(name: 'product_name')
get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('product_name', result['name'])
setting = Setting.find_by(name: 'api_token_access')
get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('api_token_access', result['name'])
# update
setting = Setting.find_by(name: 'product_name')
params = {
id: setting.id,
name: 'some_new_name',
preferences: {
permission: ['admin.branding', 'admin.some_new_permission'],
some_new_key: true,
}
}
put "/api/v1/settings/#{setting.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('product_name', result['name'])
assert_equal(1, result['preferences']['permission'].length)
assert_equal('admin.branding', result['preferences']['permission'][0])
assert_equal(true, result['preferences']['some_new_key'])
# update
setting = Setting.find_by(name: 'api_token_access')
params = {
id: setting.id,
name: 'some_new_name',
preferences: {
permission: ['admin.branding', 'admin.some_new_permission'],
some_new_key: true,
}
}
put "/api/v1/settings/#{setting.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('api_token_access', result['name'])
assert_equal(1, result['preferences']['permission'].length)
assert_equal('admin.api', result['preferences']['permission'][0])
assert_equal(true, result['preferences']['some_new_key'])
# delete
setting = Setting.find_by(name: 'product_name')
delete "/api/v1/settings/#{setting.id}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal('Not authorized (feature not possible)', result['error'])
end
test 'settings index with admin-api' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('setting-admin-api@example.com', 'adminpw')
# index
get '/api/v1/settings', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert(result)
hit_api = false
hit_product_name = false
result.each do |setting|
if setting['name'] == 'api_token_access'
hit_api = true
end
if setting['name'] == 'product_name'
hit_product_name = true
end
end
assert_equal(true, hit_api)
assert_equal(false, hit_product_name)
# show
setting = Setting.find_by(name: 'product_name')
get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal('Not authorized (required ["admin.branding"])', result['error'])
setting = Setting.find_by(name: 'api_token_access')
get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('api_token_access', result['name'])
# update
setting = Setting.find_by(name: 'product_name')
params = {
id: setting.id,
name: 'some_new_name',
preferences: {
permission: ['admin.branding', 'admin.some_new_permission'],
some_new_key: true,
}
}
put "/api/v1/settings/#{setting.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal('Not authorized (required ["admin.branding"])', result['error'])
# update
setting = Setting.find_by(name: 'api_token_access')
params = {
id: setting.id,
name: 'some_new_name',
preferences: {
permission: ['admin.branding', 'admin.some_new_permission'],
some_new_key: true,
}
}
put "/api/v1/settings/#{setting.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('api_token_access', result['name'])
assert_equal(1, result['preferences']['permission'].length)
assert_equal('admin.api', result['preferences']['permission'][0])
assert_equal(true, result['preferences']['some_new_key'])
# delete
setting = Setting.find_by(name: 'product_name')
delete "/api/v1/settings/#{setting.id}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal('Not authorized (feature not possible)', result['error'])
end
test 'settings index with agent' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('setting-agent@example.com', 'agentpw')
# index
get '/api/v1/settings', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_not(result['settings'])
assert_equal('Not authorized (user)!', result['error'])
# show
setting = Setting.find_by(name: 'product_name')
get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal('Not authorized (user)!', result['error'])
end
test 'settings index with customer' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('setting-customer1@example.com', 'customer1pw')
# index
get '/api/v1/settings', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_not(result['settings'])
assert_equal('Not authorized (user)!', result['error'])
# show
setting = Setting.find_by(name: 'product_name')
get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal('Not authorized (user)!', result['error'])
# delete
setting = Setting.find_by(name: 'product_name')
delete "/api/v1/settings/#{setting.id}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal('Not authorized (user)!', result['error'])
end
end

70
test/controllers/sla_controller_test.rb
View file

@ -1,70 +0,0 @@
require 'test_helper'
class SlaControllerTest < ActionDispatch::IntegrationTest
setup do
# set accept header
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
# create agent
roles = Role.where(name: %w[Admin Agent])
groups = Group.all
UserInfo.current_user_id = 1
@admin = User.create!(
login: 'sla-admin',
firstname: 'Packages',
lastname: 'Admin',
email: 'sla-admin@example.com',
password: 'adminpw',
active: true,
roles: roles,
groups: groups,
)
end
test '01 sla index with nobody' do
get '/api/v1/slas', params: {}, headers: @headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('authentication failed', result['error'])
end
test '02 sla index with admin' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('sla-admin@example.com', 'adminpw')
get '/api/v1/slas', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert(result)
assert_equal(0, result.count)
get '/api/v1/slas?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert(result)
assert_equal(0, result.count)
get '/api/v1/slas?full=true', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
assert(result['record_ids'])
assert(result['record_ids'].blank?)
assert(result['assets'])
assert(result['assets']['Calendar'].present?)
assert(result['assets'].present?)
end
end

70
test/controllers/slas_controller_test.rb
View file

@ -1,70 +0,0 @@
require 'test_helper'
class SlasControllerTest < ActionDispatch::IntegrationTest
setup do
# set accept header
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
# create agent
roles = Role.where(name: %w[Admin Agent])
groups = Group.all
UserInfo.current_user_id = 1
@admin = User.create!(
login: 'sla-admin',
firstname: 'Packages',
lastname: 'Admin',
email: 'sla-admin@example.com',
password: 'adminpw',
active: true,
roles: roles,
groups: groups,
)
end
test '01 sla index with nobody' do
get '/api/v1/slas', params: {}, headers: @headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('authentication failed', result['error'])
end
test '02 sla index with admin' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('sla-admin@example.com', 'adminpw')
get '/api/v1/slas', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert(result)
assert_equal(0, result.count)
get '/api/v1/slas?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert(result)
assert_equal(0, result.count)
get '/api/v1/slas?full=true', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
assert(result['record_ids'])
assert(result['record_ids'].blank?)
assert(result['assets'])
assert(result['assets']['Calendar'].present?)
assert(result['assets'].present?)
end
end

112
test/controllers/taskbars_controller_test.rb
View file

@ -1,112 +0,0 @@
require 'test_helper'
class TaskbarsControllerTest < ActionDispatch::IntegrationTest
setup do
# set accept header
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
UserInfo.current_user_id = 1
# create agent
roles = Role.where(name: 'Agent')
groups = Group.all
@agent = User.create!(
login: 'taskbar-agent@example.com',
firstname: 'Taskbar',
lastname: 'Agent',
email: 'taskbar-agent@example.com',
password: 'agentpw',
active: true,
roles: roles,
groups: groups,
)
# create customer without org
roles = Role.where(name: 'Customer')
@customer_without_org = User.create!(
login: 'taskbar-customer1@example.com',
firstname: 'Taskbar',
lastname: 'Customer1',
email: 'taskbar-customer1@example.com',
password: 'customer1pw',
active: true,
roles: roles,
)
end
test 'task ownership' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('taskbar-agent@example.com', 'agentpw')
params = {
user_id: @customer_without_org.id,
client_id: '123',
key: 'Ticket-5',
callback: 'TicketZoom',
state: {
ticket: {
owner_id: @agent.id,
},
article: {},
},
params: {
ticket_id: 5,
shown: true,
},
prio: 3,
notify: false,
active: false,
}
post '/api/v1/taskbar', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('123', result['client_id'])
assert_equal(@agent.id, result['user_id'])
assert_equal(5, result['params']['ticket_id'])
assert_equal(true, result['params']['shown'])
taskbar_id = result['id']
params[:user_id] = @customer_without_org.id
params[:params] = {
ticket_id: 5,
shown: false,
}
put "/api/v1/taskbar/#{taskbar_id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('123', result['client_id'])
assert_equal(@agent.id, result['user_id'])
assert_equal(5, result['params']['ticket_id'])
assert_equal(false, result['params']['shown'])
# try to access with other user
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('taskbar-customer1@example.com', 'customer1pw')
params = {
active: true,
}
put "/api/v1/taskbar/#{taskbar_id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(422)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('Not allowed to access this task.', result['error'])
delete "/api/v1/taskbar/#{taskbar_id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(422)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('Not allowed to access this task.', result['error'])
# delete with correct user
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('taskbar-agent@example.com', 'agentpw')
delete "/api/v1/taskbar/#{taskbar_id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result.blank?)
end
end

160
test/controllers/text_module_controller_test.rb
View file

@ -1,160 +0,0 @@
require 'test_helper'
require 'rake'
class TextModuleControllerTest < ActionDispatch::IntegrationTest
setup do
# set accept header
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
# create agent
roles = Role.where(name: %w[Admin Agent])
groups = Group.all
UserInfo.current_user_id = 1
@admin = User.create!(
login: 'rest-admin',
firstname: 'Rest',
lastname: 'Agent',
email: 'rest-admin@example.com',
password: 'adminpw',
active: true,
roles: roles,
groups: groups,
)
# create agent
roles = Role.where(name: 'Agent')
@agent = User.create!(
login: 'rest-agent@example.com',
firstname: 'Rest',
lastname: 'Agent',
email: 'rest-agent@example.com',
password: 'agentpw',
active: true,
roles: roles,
groups: groups,
)
# create customer without org
roles = Role.where(name: 'Customer')
@customer_without_org = User.create!(
login: 'rest-customer1@example.com',
firstname: 'Rest',
lastname: 'Customer1',
email: 'rest-customer1@example.com',
password: 'customer1pw',
active: true,
roles: roles,
)
# create customer
@customer_with_org = User.create!(
login: 'rest-customer2@example.com',
firstname: 'Rest',
lastname: 'Customer2',
email: 'rest-customer2@example.com',
password: 'customer2pw',
active: true,
roles: roles,
)
UserInfo.current_user_id = nil
end
test '05.01 csv example - customer no access' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
get '/api/v1/text_modules/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal('Not authorized (user)!', result['error'])
end
test '05.02 csv example - admin access' do
TextModule.load('en-en')
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
get '/api/v1/text_modules/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
rows = CSV.parse(@response.body)
header = rows.shift
assert_equal('id', header[0])
assert_equal('name', header[1])
assert_equal('keywords', header[2])
assert_equal('content', header[3])
assert_equal('note', header[4])
assert_equal('active', header[5])
assert_not(header.include?('organization'))
assert_not(header.include?('priority'))
assert_not(header.include?('state'))
assert_not(header.include?('owner'))
assert_not(header.include?('customer'))
end
test '05.03 csv import - admin access' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
# invalid file
csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple_col_not_existing.csv')
csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
post '/api/v1/text_modules/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(true, result['try'])
assert_equal(2, result['records'].count)
assert_equal('failed', result['result'])
assert_equal(2, result['errors'].count)
assert_equal("Line 1: unknown attribute 'keywords2' for TextModule.", result['errors'][0])
assert_equal("Line 2: unknown attribute 'keywords2' for TextModule.", result['errors'][1])
# valid file try
csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple.csv')
csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
post '/api/v1/text_modules/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(true, result['try'])
assert_equal(2, result['records'].count)
assert_equal('success', result['result'])
assert_nil(TextModule.find_by(name: 'some name1'))
assert_nil(TextModule.find_by(name: 'some name2'))
# valid file
csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple.csv')
csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
post '/api/v1/text_modules/import', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(false, result['try'])
assert_equal(2, result['records'].count)
assert_equal('success', result['result'])
text_module1 = TextModule.find_by(name: 'some name1')
assert(text_module1)
assert_equal(text_module1.name, 'some name1')
assert_equal(text_module1.keywords, 'keyword1')
assert_equal(text_module1.content, 'some<br>content1')
assert_equal(text_module1.active, true)
text_module2 = TextModule.find_by(name: 'some name2')
assert(text_module2)
assert_equal(text_module2.name, 'some name2')
assert_equal(text_module2.keywords, 'keyword2')
assert_equal(text_module2.content, 'some content<br>test123')
assert_equal(text_module2.active, true)
end
end

160
test/controllers/text_modules_controller_test.rb
View file

@ -1,160 +0,0 @@
require 'test_helper'
require 'rake'
class TextModulesControllerTest < ActionDispatch::IntegrationTest
setup do
# set accept header
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
# create agent
roles = Role.where(name: %w[Admin Agent])
groups = Group.all
UserInfo.current_user_id = 1
@admin = User.create!(
login: 'rest-admin',
firstname: 'Rest',
lastname: 'Agent',
email: 'rest-admin@example.com',
password: 'adminpw',
active: true,
roles: roles,
groups: groups,
)
# create agent
roles = Role.where(name: 'Agent')
@agent = User.create!(
login: 'rest-agent@example.com',
firstname: 'Rest',
lastname: 'Agent',
email: 'rest-agent@example.com',
password: 'agentpw',
active: true,
roles: roles,
groups: groups,
)
# create customer without org
roles = Role.where(name: 'Customer')
@customer_without_org = User.create!(
login: 'rest-customer1@example.com',
firstname: 'Rest',
lastname: 'Customer1',
email: 'rest-customer1@example.com',
password: 'customer1pw',
active: true,
roles: roles,
)
# create customer
@customer_with_org = User.create!(
login: 'rest-customer2@example.com',
firstname: 'Rest',
lastname: 'Customer2',
email: 'rest-customer2@example.com',
password: 'customer2pw',
active: true,
roles: roles,
)
UserInfo.current_user_id = nil
end
test '05.01 csv example - customer no access' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
get '/api/v1/text_modules/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal('Not authorized (user)!', result['error'])
end
test '05.02 csv example - admin access' do
TextModule.load('en-en')
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
get '/api/v1/text_modules/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
rows = CSV.parse(@response.body)
header = rows.shift
assert_equal('id', header[0])
assert_equal('name', header[1])
assert_equal('keywords', header[2])
assert_equal('content', header[3])
assert_equal('note', header[4])
assert_equal('active', header[5])
assert_not(header.include?('organization'))
assert_not(header.include?('priority'))
assert_not(header.include?('state'))
assert_not(header.include?('owner'))
assert_not(header.include?('customer'))
end
test '05.03 csv import - admin access' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
# invalid file
csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple_col_not_existing.csv')
csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
post '/api/v1/text_modules/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(true, result['try'])
assert_equal(2, result['records'].count)
assert_equal('failed', result['result'])
assert_equal(2, result['errors'].count)
assert_equal("Line 1: unknown attribute 'keywords2' for TextModule.", result['errors'][0])
assert_equal("Line 2: unknown attribute 'keywords2' for TextModule.", result['errors'][1])
# valid file try
csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple.csv')
csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
post '/api/v1/text_modules/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(true, result['try'])
assert_equal(2, result['records'].count)
assert_equal('success', result['result'])
assert_nil(TextModule.find_by(name: 'some name1'))
assert_nil(TextModule.find_by(name: 'some name2'))
# valid file
csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple.csv')
csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
post '/api/v1/text_modules/import', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(false, result['try'])
assert_equal(2, result['records'].count)
assert_equal('success', result['result'])
text_module1 = TextModule.find_by(name: 'some name1')
assert(text_module1)
assert_equal(text_module1.name, 'some name1')
assert_equal(text_module1.keywords, 'keyword1')
assert_equal(text_module1.content, 'some<br>content1')
assert_equal(text_module1.active, true)
text_module2 = TextModule.find_by(name: 'some name2')
assert(text_module2)
assert_equal(text_module2.name, 'some name2')
assert_equal(text_module2.keywords, 'keyword2')
assert_equal(text_module2.content, 'some content<br>test123')
assert_equal(text_module2.active, true)
end
end

200
test/controllers/ticket_article_attachments_controller_test.rb
View file

@ -1,200 +0,0 @@
require 'test_helper'
class TicketArticleAttachmentsControllerTest < ActionDispatch::IntegrationTest
setup do
# create agent
roles = Role.where(name: %w[Admin Agent])
groups = Group.all
UserInfo.current_user_id = 1
@admin = User.create!(
login: 'tickets-admin',
firstname: 'Tickets',
lastname: 'Admin',
email: 'tickets-admin@example.com',
password: 'adminpw',
active: true,
roles: roles,
groups: groups,
)
# create agent
roles = Role.where(name: 'Agent')
@agent = User.create!(
login: 'tickets-agent@example.com',
firstname: 'Tickets',
lastname: 'Agent',
email: 'tickets-agent@example.com',
password: 'agentpw',
active: true,
roles: roles,
groups: groups,
)
# create customer without org
roles = Role.where(name: 'Customer')
@customer_without_org = User.create!(
login: 'tickets-customer1@example.com',
firstname: 'Tickets',
lastname: 'Customer1',
email: 'tickets-customer1@example.com',
password: 'customer1pw',
active: true,
roles: roles,
)
end
test '01.01 test attachment urls' do
ticket1 = Ticket.create(
title: 'attachment test 1',
group: Group.lookup(name: 'Users'),
customer_id: @customer_without_org.id,
state: Ticket::State.lookup(name: 'new'),
priority: Ticket::Priority.lookup(name: '2 normal'),
updated_by_id: 1,
created_by_id: 1,
)
article1 = Ticket::Article.create(
ticket_id: ticket1.id,
from: 'some_customer_com-1@example.com',
to: 'some_zammad_com-1@example.com',
subject: 'attachment test 1-1',
message_id: 'some@id_com_1',
body: 'some message 123',
internal: false,
sender: Ticket::Article::Sender.find_by(name: 'Customer'),
type: Ticket::Article::Type.find_by(name: 'email'),
updated_by_id: 1,
created_by_id: 1,
)
store1 = Store.add(
object: 'Ticket::Article',
o_id: article1.id,
data: 'some content',
filename: 'some_file.txt',
preferences: {
'Content-Type' => 'text/plain',
},
created_by_id: 1,
)
article2 = Ticket::Article.create(
ticket_id: ticket1.id,
from: 'some_customer_com-1@example.com',
to: 'some_zammad_com-1@example.com',
subject: 'attachment test 1-2',
message_id: 'some@id_com_1',
body: 'some message 123',
internal: false,
sender: Ticket::Article::Sender.find_by(name: 'Customer'),
type: Ticket::Article::Type.find_by(name: 'email'),
updated_by_id: 1,
created_by_id: 1,
)
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store1.id}", params: {}, headers: { 'Authorization' => credentials }
assert_response(200)
assert_equal('some content', @response.body)
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
get "/api/v1/ticket_attachment/#{ticket1.id}/#{article2.id}/#{store1.id}", params: {}, headers: { 'Authorization' => credentials }
assert_response(401)
assert_match(/401: Unauthorized/, @response.body)
ticket2 = Ticket.create(
title: 'attachment test 2',
group: Group.lookup(name: 'Users'),
customer_id: @customer_without_org.id,
state: Ticket::State.lookup(name: 'new'),
priority: Ticket::Priority.lookup(name: '2 normal'),
updated_by_id: 1,
created_by_id: 1,
)
ticket1.merge_to(
ticket_id: ticket2.id,
user_id: 1,
)
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
get "/api/v1/ticket_attachment/#{ticket2.id}/#{article1.id}/#{store1.id}", params: {}, headers: { 'Authorization' => credentials }
assert_response(200)
assert_equal('some content', @response.body)
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
get "/api/v1/ticket_attachment/#{ticket2.id}/#{article2.id}/#{store1.id}", params: {}, headers: { 'Authorization' => credentials }
assert_response(401)
assert_match(/401: Unauthorized/, @response.body)
# allow access via merged ticket id also
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store1.id}", params: {}, headers: { 'Authorization' => credentials }
assert_response(200)
assert_equal('some content', @response.body)
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
get "/api/v1/ticket_attachment/#{ticket1.id}/#{article2.id}/#{store1.id}", params: {}, headers: { 'Authorization' => credentials }
assert_response(401)
assert_match(/401: Unauthorized/, @response.body)
end
test '01.02 test attachments for split' do
headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
email_file_path = Rails.root.join('test', 'data', 'mail', 'mail024.box')
email_raw_string = File.read(email_file_path)
ticket_p, article_p, user_p = Channel::EmailParser.new.process({}, email_raw_string)
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
get '/api/v1/ticket_split', params: { form_id: '1234-2', ticket_id: ticket_p.id, article_id: article_p.id }, headers: headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert(result['assets'])
assert_equal(result['attachments'].class, Array)
assert_equal(result['attachments'].count, 1)
assert_equal(result['attachments'][0]['filename'], 'rulesets-report.csv')
end
test '01.03 test attachments for forward' do
headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
email_file_path = Rails.root.join('test', 'data', 'mail', 'mail008.box')
email_raw_string = File.read(email_file_path)
ticket_p, article_p, user_p = Channel::EmailParser.new.process({}, email_raw_string)
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: {}, headers: headers.merge('Authorization' => credentials)
assert_response(422)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert(result['error'], 'Need form_id to attach attachments to new form')
post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-1' }.to_json, headers: headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result['attachments'].class, Array)
assert(result['attachments'].blank?)
email_file_path = Rails.root.join('test', 'data', 'mail', 'mail024.box')
email_raw_string = File.read(email_file_path)
ticket_p, article_p, user_p = Channel::EmailParser.new.process({}, email_raw_string)
post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-2' }.to_json, headers: headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result['attachments'].class, Array)
assert_equal(result['attachments'].count, 1)
assert_equal(result['attachments'][0]['filename'], 'rulesets-report.csv')
post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-2' }.to_json, headers: headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result['attachments'].class, Array)
assert(result['attachments'].blank?)
end
end

559
test/controllers/ticket_articles_controller_test.rb
View file

@ -1,559 +0,0 @@
require 'test_helper'
class TicketArticlesControllerTest < ActionDispatch::IntegrationTest
setup do
# set accept header
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
# create agent
roles = Role.where(name: %w[Admin Agent])
groups = Group.all
UserInfo.current_user_id = 1
@admin = User.create!(
login: 'tickets-admin',
firstname: 'Tickets',
lastname: 'Admin',
email: 'tickets-admin@example.com',
password: 'adminpw',
active: true,
roles: roles,
groups: groups,
)
# create agent
roles = Role.where(name: 'Agent')
@agent = User.create!(
login: 'tickets-agent@example.com',
firstname: 'Tickets',
lastname: 'Agent',
email: 'tickets-agent@example.com',
password: 'agentpw',
active: true,
roles: roles,
groups: groups,
)
# create customer without org
roles = Role.where(name: 'Customer')
@customer_without_org = User.create!(
login: 'tickets-customer1@example.com',
firstname: 'Tickets',
lastname: 'Customer1',
email: 'tickets-customer1@example.com',
password: 'customer1pw',
active: true,
roles: roles,
)
end
test '01.01 ticket create with agent and articles' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
params = {
title: 'a new ticket #1',
group: 'Users',
customer_id: @customer_without_org.id,
article: {
body: 'some body',
}
}
post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
params = {
ticket_id: result['id'],
content_type: 'text/plain', # or text/html
body: 'some body',
type: 'note',
}
post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_nil(result['subject'])
assert_equal('some body', result['body'])
assert_equal('text/plain', result['content_type'])
assert_equal(@agent.id, result['updated_by_id'])
assert_equal(@agent.id, result['created_by_id'])
ticket = Ticket.find(result['ticket_id'])
assert_equal(2, ticket.articles.count)
assert_equal(0, ticket.articles[0].attachments.count)
assert_equal(0, ticket.articles[1].attachments.count)
params = {
ticket_id: result['ticket_id'],
content_type: 'text/html', # or text/html
body: 'some body <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUA
AAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO
9TXL0Y4OHwAAAABJRU5ErkJggg==" alt="Red dot" />',
type: 'note',
}
post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_nil(result['subject'])
assert_no_match(/some body <img src="cid:.+?/, result['body'])
assert_match(%r{some body <img src="/api/v1/ticket_attachment/.+?" alt="Red dot"}, result['body'])
assert_equal('text/html', result['content_type'])
assert_equal(@agent.id, result['updated_by_id'])
assert_equal(@agent.id, result['created_by_id'])
assert_equal(3, ticket.articles.count)
assert_equal(0, ticket.articles[0].attachments.count)
assert_equal(0, ticket.articles[1].attachments.count)
assert_equal(1, ticket.articles[2].attachments.count)
assert(ticket.articles[2].attachments[0]['id'])
assert_equal('image1.png', ticket.articles[2].attachments[0]['filename'])
assert_equal('21', ticket.articles[2].attachments[0]['size'])
assert_equal('image/png', ticket.articles[2].attachments[0]['preferences']['Mime-Type'])
assert_equal('inline', ticket.articles[2].attachments[0]['preferences']['Content-Disposition'])
assert_match(/@zammad.example.com/, ticket.articles[2].attachments[0]['preferences']['Content-ID'])
params = {
ticket_id: result['ticket_id'],
content_type: 'text/html', # or text/html
body: 'some body',
type: 'note',
attachments: [
'filename' => 'some_file.txt',
'data' => 'dGVzdCAxMjM=',
'mime-type' => 'text/plain',
],
}
post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_nil(result['subject'])
assert_equal('some body', result['body'])
assert_equal('text/html', result['content_type'])
assert_equal(@agent.id, result['updated_by_id'])
assert_equal(@agent.id, result['created_by_id'])
assert_equal(4, ticket.articles.count)
assert_equal(0, ticket.articles[0].attachments.count)
assert_equal(0, ticket.articles[1].attachments.count)
assert_equal(1, ticket.articles[2].attachments.count)
assert_equal(1, ticket.articles[3].attachments.count)
get "/api/v1/ticket_articles/#{result['id']}?expand=true", params: {}.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(1, result['attachments'].count)
assert(result['attachments'][0]['id'])
assert_equal('some_file.txt', result['attachments'][0]['filename'])
assert_equal('8', result['attachments'][0]['size'])
assert_equal('text/plain', result['attachments'][0]['preferences']['Mime-Type'])
params = {
ticket_id: result['ticket_id'],
content_type: 'text/plain',
body: 'some body',
type: 'note',
preferences: {
some_key1: 123,
},
}
post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_nil(result['subject'])
assert_equal('some body', result['body'])
assert_equal('text/plain', result['content_type'])
assert_equal(@agent.id, result['updated_by_id'])
assert_equal(@agent.id, result['created_by_id'])
assert_equal(123, result['preferences']['some_key1'])
assert_equal(5, ticket.articles.count)
params = {
body: 'some body 2',
preferences: {
some_key2: 'abc',
},
}
put "/api/v1/ticket_articles/#{result['id']}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_nil(result['subject'])
assert_equal('some body 2', result['body'])
assert_equal('text/plain', result['content_type'])
assert_equal(@agent.id, result['updated_by_id'])
assert_equal(@agent.id, result['created_by_id'])
assert_equal(123, result['preferences']['some_key1'])
assert_equal('abc', result['preferences']['some_key2'])
end
test '02.01 ticket create with customer and articles' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw')
params = {
title: 'a new ticket #2',
group: 'Users',
article: {
body: 'some body',
}
}
post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
params = {
ticket_id: result['id'],
content_type: 'text/plain', # or text/html
body: 'some body',
type: 'note',
}
post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_nil(result['subject'])
assert_equal('some body', result['body'])
assert_equal('text/plain', result['content_type'])
assert_equal(@customer_without_org.id, result['updated_by_id'])
assert_equal(@customer_without_org.id, result['created_by_id'])
ticket = Ticket.find(result['ticket_id'])
assert_equal(2, ticket.articles.count)
assert_equal('Customer', ticket.articles[1].sender.name)
assert_equal(0, ticket.articles[0].attachments.count)
assert_equal(0, ticket.articles[1].attachments.count)
params = {
ticket_id: result['ticket_id'],
content_type: 'text/plain', # or text/html
body: 'some body',
sender: 'Agent',
type: 'note',
}
post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_nil(result['subject'])
assert_equal('some body', result['body'])
assert_equal('text/plain', result['content_type'])
assert_equal(@customer_without_org.id, result['updated_by_id'])
assert_equal(@customer_without_org.id, result['created_by_id'])
ticket = Ticket.find(result['ticket_id'])
assert_equal(3, ticket.articles.count)
assert_equal('Customer', ticket.articles[2].sender.name)
assert_equal(false, ticket.articles[2].internal)
assert_equal(0, ticket.articles[0].attachments.count)
assert_equal(0, ticket.articles[1].attachments.count)
assert_equal(0, ticket.articles[2].attachments.count)
params = {
ticket_id: result['ticket_id'],
content_type: 'text/plain', # or text/html
body: 'some body 2',
sender: 'Agent',
type: 'note',
internal: true,
}
post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_nil(result['subject'])
assert_equal('some body 2', result['body'])
assert_equal('text/plain', result['content_type'])
assert_equal(@customer_without_org.id, result['updated_by_id'])
assert_equal(@customer_without_org.id, result['created_by_id'])
ticket = Ticket.find(result['ticket_id'])
assert_equal(4, ticket.articles.count)
assert_equal('Customer', ticket.articles[3].sender.name)
assert_equal(false, ticket.articles[3].internal)
assert_equal(0, ticket.articles[0].attachments.count)
assert_equal(0, ticket.articles[1].attachments.count)
assert_equal(0, ticket.articles[2].attachments.count)
assert_equal(0, ticket.articles[3].attachments.count)
# add internal article
article = Ticket::Article.create!(
ticket_id: ticket.id,
from: 'some_sender@example.com',
to: 'some_recipient@example.com',
subject: 'some subject',
message_id: 'some@id',
body: 'some message 123',
internal: true,
sender: Ticket::Article::Sender.find_by(name: 'Agent'),
type: Ticket::Article::Type.find_by(name: 'note'),
updated_by_id: 1,
created_by_id: 1,
)
assert_equal(5, ticket.articles.count)
assert_equal('Agent', ticket.articles[4].sender.name)
assert_equal(1, ticket.articles[4].updated_by_id)
assert_equal(1, ticket.articles[4].created_by_id)
assert_equal(0, ticket.articles[0].attachments.count)
assert_equal(0, ticket.articles[1].attachments.count)
assert_equal(0, ticket.articles[2].attachments.count)
assert_equal(0, ticket.articles[3].attachments.count)
assert_equal(0, ticket.articles[4].attachments.count)
get "/api/v1/ticket_articles/#{article.id}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('Not authorized', result['error'])
put "/api/v1/ticket_articles/#{article.id}", params: { internal: false }.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('Not authorized', result['error'])
end
test '03.01 create phone ticket for customer and expected origin_by_id' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
params = {
title: 'a new ticket #1',
group: 'Users',
customer_id: @customer_without_org.id,
article: {
body: 'some body',
sender: 'Customer',
type: 'phone',
}
}
post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('a new ticket #1', result['title'])
article = Ticket::Article.find_by(ticket_id: result['id'])
assert_equal(@customer_without_org.id, article.origin_by_id)
assert_equal('Tickets Customer1 <tickets-customer1@example.com>', article.from)
end
test '03.02 create phone ticket by customer and manipulate origin_by_id' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw')
params = {
title: 'a new ticket #1',
group: 'Users',
customer_id: @customer_without_org.id,
article: {
body: 'some body',
sender: 'Customer',
type: 'phone',
origin_by_id: 1,
}
}
post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
article = Ticket::Article.find_by(ticket_id: result['id'])
assert_equal(@customer_without_org.id, article.origin_by_id)
end
test '04.01 ticket split with html - check attachments' do
ticket = Ticket.create!(
title: 'some title',
group: Group.lookup(name: 'Users'),
customer_id: @customer_without_org.id,
state: Ticket::State.lookup(name: 'new'),
priority: Ticket::Priority.lookup(name: '2 normal'),
updated_by_id: @agent.id,
created_by_id: @agent.id,
)
article = Ticket::Article.create!(
type: Ticket::Article::Type.lookup(name: 'note'),
sender: Ticket::Article::Sender.lookup(name: 'Customer'),
from: 'sender',
subject: 'subject',
body: '<b>test</b> <img src="cid:15.274327094.140938@ZAMMAD.example.com"/> test <img src="cid:15.274327094.140938.3@ZAMMAD.example.com"/>',
content_type: 'text/html',
ticket_id: ticket.id,
updated_by_id: 1,
created_by_id: 1,
)
Store.add(
object: 'Ticket::Article',
o_id: article.id,
data: 'content_file1_normally_should_be_an_image',
filename: 'some_file1.jpg',
preferences: {
'Content-Type' => 'image/jpeg',
'Mime-Type' => 'image/jpeg',
'Content-ID' => '15.274327094.140938@zammad.example.com',
'Content-Disposition' => 'inline',
},
created_by_id: 1,
)
Store.add(
object: 'Ticket::Article',
o_id: article.id,
data: 'content_file2_normally_should_be_an_image',
filename: 'some_file2.jpg',
preferences: {
'Content-Type' => 'image/jpeg',
'Mime-Type' => 'image/jpeg',
'Content-ID' => '15.274327094.140938.2@zammad.example.com',
'Content-Disposition' => 'inline',
},
created_by_id: 1,
)
Store.add(
object: 'Ticket::Article',
o_id: article.id,
data: 'content_file3_normally_should_be_an_image',
filename: 'some_file3.jpg',
preferences: {
'Content-Type' => 'image/jpeg',
'Mime-Type' => 'image/jpeg',
'Content-ID' => '15.274327094.140938.3@zammad.example.com',
},
created_by_id: 1,
)
Store.add(
object: 'Ticket::Article',
o_id: article.id,
data: 'content_file4_normally_should_be_an_image',
filename: 'some_file4.jpg',
preferences: {
'Content-Type' => 'image/jpeg',
'Mime-Type' => 'image/jpeg',
'Content-ID' => '15.274327094.140938.4@zammad.example.com',
},
created_by_id: 1,
)
Store.add(
object: 'Ticket::Article',
o_id: article.id,
data: 'content_file1_normally_should_be_an_pdf',
filename: 'Rechnung_RE-2018-200.pdf',
preferences: {
'Content-Type' => 'application/octet-stream; name="Rechnung_RE-2018-200.pdf"',
'Mime-Type' => 'application/octet-stream',
'Content-ID' => '8AB0BEC88984EE4EBEF643C79C8E0346@zammad.example.com',
'Content-Description' => 'Rechnung_RE-2018-200.pdf',
'Content-Disposition' => 'attachment',
},
created_by_id: 1,
)
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
params = {
form_id: 'new_form_id123',
}
post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result['attachments'])
assert_equal(result['attachments'].count, 3)
post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result['attachments'])
assert_equal(result['attachments'].count, 0)
end
test '04.02 ticket split with plain - check attachments' do
ticket = Ticket.create!(
title: 'some title',
group: Group.lookup(name: 'Users'),
customer_id: @customer_without_org.id,
state: Ticket::State.lookup(name: 'new'),
priority: Ticket::Priority.lookup(name: '2 normal'),
updated_by_id: @agent.id,
created_by_id: @agent.id,
)
article = Ticket::Article.create!(
type: Ticket::Article::Type.lookup(name: 'note'),
sender: Ticket::Article::Sender.lookup(name: 'Customer'),
from: 'sender',
subject: 'subject',
body: '<b>test</b> <img src="cid:15.274327094.140938@zammad.example.com"/>',
content_type: 'text/plain',
ticket_id: ticket.id,
updated_by_id: 1,
created_by_id: 1,
)
Store.add(
object: 'Ticket::Article',
o_id: article.id,
data: 'content_file1_normally_should_be_an_image',
filename: 'some_file1.jpg',
preferences: {
'Content-Type' => 'image/jpeg',
'Mime-Type' => 'image/jpeg',
'Content-ID' => '15.274327094.140938@zammad.example.com',
'Content-Disposition' => 'inline',
},
created_by_id: 1,
)
Store.add(
object: 'Ticket::Article',
o_id: article.id,
data: 'content_file1_normally_should_be_an_image',
filename: 'some_file2.jpg',
preferences: {
'Content-Type' => 'image/jpeg',
'Mime-Type' => 'image/jpeg',
'Content-ID' => '15.274327094.140938.2@zammad.example.com',
'Content-Disposition' => 'inline',
},
created_by_id: 1,
)
Store.add(
object: 'Ticket::Article',
o_id: article.id,
data: 'content_file1_normally_should_be_an_pdf',
filename: 'Rechnung_RE-2018-200.pdf',
preferences: {
'Content-Type' => 'application/octet-stream; name="Rechnung_RE-2018-200.pdf"',
'Mime-Type' => 'application/octet-stream',
'Content-ID' => '8AB0BEC88984EE4EBEF643C79C8E0346@zammad.example.com',
'Content-Description' => 'Rechnung_RE-2018-200.pdf',
'Content-Disposition' => 'attachment',
},
created_by_id: 1,
)
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
params = {
form_id: 'new_form_id123',
}
post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result['attachments'])
assert_equal(result['attachments'].count, 3)
post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result['attachments'])
assert_equal(result['attachments'].count, 0)
end
end

190
test/controllers/tickets_controller_escalation_test.rb
View file

@ -1,190 +0,0 @@
require 'test_helper'
class TicketsControllerEscalationTest < ActionDispatch::IntegrationTest
setup do
# set accept header
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
# create agent
roles = Role.where(name: %w[Admin Agent])
groups = Group.all
UserInfo.current_user_id = 1
@admin = User.create!(
login: 'tickets-admin',
firstname: 'Tickets',
lastname: 'Admin',
email: 'tickets-admin@example.com',
password: 'adminpw',
active: true,
roles: roles,
groups: groups,
)
# create agent
roles = Role.where(name: 'Agent')
@agent = User.create!(
login: 'tickets-agent@example.com',
firstname: 'Tickets',
lastname: 'Agent',
email: 'tickets-agent@example.com',
password: 'agentpw',
active: true,
roles: roles,
groups: groups,
)
# create customer without org
roles = Role.where(name: 'Customer')
@customer_without_org = User.create!(
login: 'tickets-customer1@example.com',
firstname: 'Tickets',
lastname: 'Customer1',
email: 'tickets-customer1@example.com',
password: 'customer1pw',
active: true,
roles: roles,
)
@calendar = Calendar.create!(
name: 'Escalation Test',
timezone: 'Europe/Berlin',
business_hours: {
mon: {
active: true,
timeframes: [ ['00:00', '23:59'] ]
},
tue: {
active: true,
timeframes: [ ['00:00', '23:59'] ]
},
wed: {
active: true,
timeframes: [ ['00:00', '23:59'] ]
},
thu: {
active: true,
timeframes: [ ['00:00', '23:59'] ]
},
fri: {
active: true,
timeframes: [ ['00:00', '23:59'] ]
},
sat: {
active: true,
timeframes: [ ['00:00', '23:59'] ]
},
sun: {
active: true,
timeframes: [ ['00:00', '23:59'] ]
},
},
default: true,
ical_url: nil,
)
@sla = Sla.create!(
name: 'test sla 1',
condition: {
'ticket.title' => {
operator: 'contains',
value: 'some value 123',
},
},
first_response_time: 60,
update_time: 180,
solution_time: 240,
calendar_id: @calendar.id,
)
UserInfo.current_user_id = nil
end
test '01.01 ticket created via web' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw')
params = {
title: 'some value 123',
group: 'Users',
article: {
body: 'some test 123',
},
}
post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
assert_equal('some value 123', result['title'])
assert_equal(@customer_without_org.id, result['updated_by_id'])
assert_equal(@customer_without_org.id, result['created_by_id'])
ticket_p = Ticket.find(result['id'])
assert_equal(ticket_p['escalation_at'].iso8601, result['escalation_at'].sub(/.\d\d\dZ$/, 'Z'))
assert_equal(ticket_p['first_response_escalation_at'].iso8601, result['first_response_escalation_at'].sub(/.\d\d\dZ$/, 'Z'))
assert_equal(ticket_p['update_escalation_at'].iso8601, result['update_escalation_at'].sub(/.\d\d\dZ$/, 'Z'))
assert_equal(ticket_p['close_escalation_at'].iso8601, result['close_escalation_at'].sub(/.\d\d\dZ$/, 'Z'))
assert(ticket_p.escalation_at)
assert_in_delta(ticket_p.first_response_escalation_at.to_i, (ticket_p.created_at + 1.hour).to_i, 90)
assert_in_delta(ticket_p.update_escalation_at.to_i, (ticket_p.created_at + 3.hours).to_i, 90)
assert_in_delta(ticket_p.close_escalation_at.to_i, (ticket_p.created_at + 4.hours).to_i, 90)
assert_in_delta(ticket_p.escalation_at.to_i, (ticket_p.created_at + 1.hour).to_i, 90)
end
test '01.02 ticket got created via email - reply by agent via web' do
email = "From: Bob Smith <customer@example.com>
To: zammad@example.com
Subject: some value 123
Some Text"
ticket_p, article_p, user_p, mail = Channel::EmailParser.new.process({}, email)
ticket_p.reload
assert(ticket_p.escalation_at)
assert_in_delta(ticket_p.first_response_escalation_at.to_i, (ticket_p.created_at + 1.hour).to_i, 90)
assert_in_delta(ticket_p.update_escalation_at.to_i, (ticket_p.created_at + 3.hours).to_i, 90)
assert_in_delta(ticket_p.close_escalation_at.to_i, (ticket_p.created_at + 4.hours).to_i, 90)
assert_in_delta(ticket_p.escalation_at.to_i, (ticket_p.created_at + 1.hour).to_i, 90)
travel 3.hours
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
params = {
title: 'some value 123 - update',
article: {
body: 'some test 123',
type: 'email',
to: 'customer@example.com',
},
}
put "/api/v1/tickets/#{ticket_p.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(Ticket::State.lookup(name: 'open').id, result['state_id'])
assert_equal('some value 123 - update', result['title'])
assert_equal(@agent.id, result['updated_by_id'])
assert_equal(user_p.id, result['created_by_id'])
ticket_p.reload
assert_equal(ticket_p['escalation_at'].iso8601, result['escalation_at'].sub(/.\d\d\dZ$/, 'Z'))
assert_equal(ticket_p['first_response_escalation_at'].iso8601, result['first_response_escalation_at'].sub(/.\d\d\dZ$/, 'Z'))
assert_equal(ticket_p['update_escalation_at'].iso8601, result['update_escalation_at'].sub(/.\d\d\dZ$/, 'Z'))
assert_equal(ticket_p['close_escalation_at'].iso8601, result['close_escalation_at'].sub(/.\d\d\dZ$/, 'Z'))
assert_in_delta(ticket_p.first_response_escalation_at.to_i, (ticket_p.created_at + 1.hour).to_i, 90)
assert_in_delta(ticket_p.update_escalation_at.to_i, (ticket_p.last_contact_agent_at + 3.hours).to_i, 90)
assert_in_delta(ticket_p.close_escalation_at.to_i, (ticket_p.created_at + 4.hours).to_i, 90)
assert_in_delta(ticket_p.escalation_at.to_i, (ticket_p.created_at + 4.hours).to_i, 90)
end
end

2306
test/controllers/tickets_controller_test.rb
View file

File diff suppressed because it is too large Load diff

88
test/controllers/time_accounting_controller_test.rb
View file

@ -1,88 +0,0 @@
require 'test_helper'
require 'rake'
class TimeAccountingControllerTest < ActionDispatch::IntegrationTest
setup do
# set accept header
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
roles = Role.where(name: 'Admin')
groups = Group.all
UserInfo.current_user_id = 1
@year = DateTime.now.utc.year
@month = DateTime.now.utc.month
@admin = User.create!(
login: 'rest-admin',
firstname: 'Rest',
lastname: 'Agent',
email: 'rest-admin@example.com',
password: 'adminpw',
active: true,
roles: roles,
groups: groups,
updated_by_id: 1,
created_by_id: 1
)
roles = Role.where(name: 'Customer')
@customer_without_org = User.create!(
login: 'rest-customer1@example.com',
firstname: 'Rest',
lastname: 'Customer1',
email: 'rest-customer1@example.com',
password: 'customer1pw',
active: true,
roles: roles,
updated_by_id: 1,
created_by_id: 1
)
end
test '01.01 time account report' do
group = Group.create!(
name: "GroupWithoutPermission-#{rand(9_999_999_999)}",
active: true,
updated_by_id: 1,
created_by_id: 1,
)
ticket = Ticket.create!(
title: 'ticket for report',
group_id: group.id,
customer_id: @customer_without_org.id,
state: Ticket::State.lookup(name: 'open'),
priority: Ticket::Priority.lookup(name: '2 normal'),
updated_by_id: 1,
created_by_id: 1,
)
article = Ticket::Article.create!(
type: Ticket::Article::Type.lookup(name: 'note'),
sender: Ticket::Article::Sender.lookup(name: 'Customer'),
from: 'sender',
subject: 'subject',
body: 'some body',
ticket_id: ticket.id,
updated_by_id: 1,
created_by_id: 1,
)
Ticket::TimeAccounting.create!(
ticket_id: ticket.id,
ticket_article_id: article.id,
time_unit: 200,
)
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
get "/api/v1/time_accounting/log/by_ticket/#{@year}/#{@month}?download=true", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
assert(@response['Content-Disposition'])
assert_equal("attachment; filename=\"by_ticket-#{@year}-#{@month}.xls\"", @response['Content-Disposition'])
assert_equal('application/vnd.ms-excel', @response['Content-Type'])
end
end

1137
test/controllers/user_controller_test.rb
View file

File diff suppressed because it is too large Load diff

773
test/controllers/user_organization_controller_test.rb
View file

@ -1,773 +0,0 @@
require 'test_helper'
class UserOrganizationControllerTest < ActionDispatch::IntegrationTest
include SearchindexHelper
setup do
# set accept header
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
# create agent
roles = Role.where(name: %w[Admin Agent])
groups = Group.all
UserInfo.current_user_id = 1
@backup_admin = User.create!(
login: 'backup-admin',
firstname: 'Backup',
lastname: 'Agent',
email: 'backup-admin@example.com',
password: 'adminpw',
active: true,
roles: roles,
groups: groups,
)
@admin = User.create!(
login: 'rest-admin',
firstname: 'Rest',
lastname: 'Agent',
email: 'rest-admin@example.com',
password: 'adminpw',
active: true,
roles: roles,
groups: groups,
)
# create agent
roles = Role.where(name: 'Agent')
@agent = User.create!(
login: 'rest-agent@example.com',
firstname: 'Rest',
lastname: 'Agent',
email: 'rest-agent@example.com',
password: 'agentpw',
active: true,
roles: roles,
groups: groups,
)
# create customer without org
roles = Role.where(name: 'Customer')
@customer_without_org = User.create!(
login: 'rest-customer1@example.com',
firstname: 'Rest',
lastname: 'Customer1',
email: 'rest-customer1@example.com',
password: 'customer1pw',
active: true,
roles: roles,
)
# create orgs
@organization = Organization.create!(
name: 'Rest Org',
note: 'Rest Org A',
)
@organization2 = Organization.create!(
name: 'Rest Org #2',
note: 'Rest Org B',
)
@organization3 = Organization.create!(
name: 'Rest Org #3',
note: 'Rest Org C',
)
# create customer with org
@customer_with_org = User.create!(
login: 'rest-customer2@example.com',
firstname: 'Rest',
lastname: 'Customer2',
email: 'rest-customer2@example.com',
password: 'customer2pw',
active: true,
roles: roles,
organization_id: @organization.id,
)
configure_elasticsearch do
travel 1.minute
rebuild_searchindex
# execute background jobs
Scheduler.worker(true)
sleep 6
end
end
test 'user create tests - no user' do
post '/api/v1/signshow', params: {}, headers: @headers
# create user with disabled feature
Setting.set('user_create_account', false)
token = @response.headers['CSRF-TOKEN']
# token based on form
params = { email: 'some_new_customer@example.com', authenticity_token: token }
post '/api/v1/users', params: params.to_json, headers: @headers
assert_response(422)
result = JSON.parse(@response.body)
assert(result['error'])
assert_equal('Feature not enabled!', result['error'])
# token based on headers
headers = @headers.merge('X-CSRF-Token' => token)
params = { email: 'some_new_customer@example.com' }
post '/api/v1/users', params: params.to_json, headers: headers
assert_response(422)
result = JSON.parse(@response.body)
assert(result['error'])
assert_equal('Feature not enabled!', result['error'])
Setting.set('user_create_account', true)
# no signup param with enabled feature
params = { email: 'some_new_customer@example.com' }
post '/api/v1/users', params: params.to_json, headers: headers
assert_response(422)
result = JSON.parse(@response.body)
assert(result['error'])
assert_equal('Only signup with not authenticate user possible!', result['error'])
# already existing user with enabled feature
params = { email: 'rest-customer1@example.com', signup: true }
post '/api/v1/users', params: params.to_json, headers: headers
assert_response(422)
result = JSON.parse(@response.body)
assert(result['error'])
assert_equal('Email address is already used for other user.', result['error'])
# email missing with enabled feature
params = { firstname: 'some firstname', signup: true }
post '/api/v1/users', params: params.to_json, headers: headers
assert_response(422)
result = JSON.parse(@response.body)
assert(result['error'])
assert_equal('Attribute \'email\' required!', result['error'])
# email missing with enabled feature
params = { firstname: 'some firstname', signup: true }
post '/api/v1/users', params: params.to_json, headers: headers
assert_response(422)
result = JSON.parse(@response.body)
assert(result['error'])
assert_equal('Attribute \'email\' required!', result['error'])
# create user with enabled feature (take customer role)
params = { firstname: 'Me First', lastname: 'Me Last', email: 'new_here@example.com', signup: true }
post '/api/v1/users', params: params.to_json, headers: headers
assert_response(201)
result = JSON.parse(@response.body)
assert(result)
assert_equal('Me First', result['firstname'])
assert_equal('Me Last', result['lastname'])
assert_equal('new_here@example.com', result['login'])
assert_equal('new_here@example.com', result['email'])
user = User.find(result['id'])
assert_not(user.role?('Admin'))
assert_not(user.role?('Agent'))
assert(user.role?('Customer'))
# create user with admin role (not allowed for signup, take customer role)
role = Role.lookup(name: 'Admin')
params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin@example.com', role_ids: [ role.id ], signup: true }
post '/api/v1/users', params: params.to_json, headers: headers
assert_response(201)
result = JSON.parse(@response.body)
assert(result)
user = User.find(result['id'])
assert_not(user.role?('Admin'))
assert_not(user.role?('Agent'))
assert(user.role?('Customer'))
# create user with agent role (not allowed for signup, take customer role)
role = Role.lookup(name: 'Agent')
params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent@example.com', role_ids: [ role.id ], signup: true }
post '/api/v1/users', params: params.to_json, headers: headers
assert_response(201)
result = JSON.parse(@response.body)
assert(result)
user = User.find(result['id'])
assert_not(user.role?('Admin'))
assert_not(user.role?('Agent'))
assert(user.role?('Customer'))
# no user (because of no session)
get '/api/v1/users', params: {}, headers: headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal('authentication failed', result['error'])
# me
get '/api/v1/users/me', params: {}, headers: headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal('authentication failed', result['error'])
end
test 'auth tests - not existing user' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('not_existing@example.com', 'adminpw')
# me
get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal('authentication failed', result['error'])
get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal('authentication failed', result['error'])
end
test 'auth tests - username auth, wrong pw' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'not_existing')
get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal('authentication failed', result['error'])
end
test 'auth tests - email auth, wrong pw' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'not_existing')
get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal('authentication failed', result['error'])
end
test 'auth tests - username auth' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'adminpw')
get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert(result)
end
test 'auth tests - email auth' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert(result)
end
test 'user index and create with admin' do
# email auth
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
# me
get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert(result)
assert_equal(result['email'], 'rest-admin@example.com')
# index
get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert(result)
# index
get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert(result)
assert_equal(result.class, Array)
assert(result.length >= 3)
# show/:id
get "/api/v1/users/#{@agent.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert(result)
assert_equal(result.class, Hash)
assert_equal(result['email'], 'rest-agent@example.com')
get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert(result)
assert_equal(result.class, Hash)
assert_equal(result['email'], 'rest-customer1@example.com')
# create user with admin role
role = Role.lookup(name: 'Admin')
params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_admin@example.com', role_ids: [ role.id ] }
post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert(result)
user = User.find(result['id'])
assert(user.role?('Admin'))
assert_not(user.role?('Agent'))
assert_not(user.role?('Customer'))
assert_equal('new_admin_by_admin@example.com', result['login'])
assert_equal('new_admin_by_admin@example.com', result['email'])
# create user with agent role
role = Role.lookup(name: 'Agent')
params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_admin1@example.com', role_ids: [ role.id ] }
post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert(result)
user = User.find(result['id'])
assert_not(user.role?('Admin'))
assert(user.role?('Agent'))
assert_not(user.role?('Customer'))
assert_equal('new_agent_by_admin1@example.com', result['login'])
assert_equal('new_agent_by_admin1@example.com', result['email'])
role = Role.lookup(name: 'Agent')
params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert(result)
user = User.find(result['id'])
assert_not(user.role?('Admin'))
assert(user.role?('Agent'))
assert_not(user.role?('Customer'))
assert_equal('new_agent_by_admin2@example.com', result['login'])
assert_equal('new_agent_by_admin2@example.com', result['email'])
assert_equal('Agent', result['firstname'])
assert_equal('First', result['lastname'])
role = Role.lookup(name: 'Agent')
params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(422)
result = JSON.parse(@response.body)
assert(result)
assert_equal('Email address is already used for other user.', result['error'])
# missing required attributes
params = { note: 'some note' }
post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(422)
result = JSON.parse(@response.body)
assert(result)
assert_equal('Minimum one identifier (login, firstname, lastname, phone or email) for user is required.', result['error'])
# invalid email
params = { firstname: 'newfirstname123', email: 'some_what', note: 'some note' }
post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(422)
result = JSON.parse(@response.body)
assert(result)
assert_equal('Invalid email', result['error'])
# with valid attributes
params = { firstname: 'newfirstname123', note: 'some note' }
post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert(result)
user = User.find(result['id'])
assert_not(user.role?('Admin'))
assert_not(user.role?('Agent'))
assert(user.role?('Customer'))
assert(result['login'].start_with?('auto-'))
assert_equal('', result['email'])
assert_equal('newfirstname123', result['firstname'])
assert_equal('', result['lastname'])
end
test 'user index and create with agent' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')
# me
get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert(result)
assert_equal(result['email'], 'rest-agent@example.com')
# index
get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert(result)
# index
get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert(result)
assert_equal(result.class, Array)
assert(result.length >= 3)
get '/api/v1/users?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
users = User.order(:id).limit(2)
assert_equal(users[0].id, result[0]['id'])
assert_equal(users[1].id, result[1]['id'])
assert_equal(2, result.count)
get '/api/v1/users?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
users = User.order(:id).limit(4)
assert_equal(users[2].id, result[0]['id'])
assert_equal(users[3].id, result[1]['id'])
assert_equal(2, result.count)
# create user with admin role
firstname = "First test#{rand(999_999_999)}"
role = Role.lookup(name: 'Admin')
params = { firstname: "Admin#{firstname}", lastname: 'Admin Last', email: 'new_admin_by_agent@example.com', role_ids: [ role.id ] }
post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result_user1 = JSON.parse(@response.body)
assert(result_user1)
user = User.find(result_user1['id'])
assert_not(user.role?('Admin'))
assert_not(user.role?('Agent'))
assert(user.role?('Customer'))
assert_equal('new_admin_by_agent@example.com', result_user1['login'])
assert_equal('new_admin_by_agent@example.com', result_user1['email'])
# create user with agent role
role = Role.lookup(name: 'Agent')
params = { firstname: "Agent#{firstname}", lastname: 'Agent Last', email: 'new_agent_by_agent@example.com', role_ids: [ role.id ] }
post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result_user1 = JSON.parse(@response.body)
assert(result_user1)
user = User.find(result_user1['id'])
assert_not(user.role?('Admin'))
assert_not(user.role?('Agent'))
assert(user.role?('Customer'))
assert_equal('new_agent_by_agent@example.com', result_user1['login'])
assert_equal('new_agent_by_agent@example.com', result_user1['email'])
# create user with customer role
role = Role.lookup(name: 'Customer')
params = { firstname: "Customer#{firstname}", lastname: 'Customer Last', email: 'new_customer_by_agent@example.com', role_ids: [ role.id ] }
post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result_user1 = JSON.parse(@response.body)
assert(result_user1)
user = User.find(result_user1['id'])
assert_not(user.role?('Admin'))
assert_not(user.role?('Agent'))
assert(user.role?('Customer'))
assert_equal('new_customer_by_agent@example.com', result_user1['login'])
assert_equal('new_customer_by_agent@example.com', result_user1['email'])
# search as agent
Scheduler.worker(true)
sleep 2 # let es time to come ready
get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal(result_user1['id'], result[0]['id'])
assert_equal("Customer#{firstname}", result[0]['firstname'])
assert_equal('Customer Last', result[0]['lastname'])
assert(result[0]['role_ids'])
assert_not(result[0]['roles'])
get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal(result_user1['id'], result[0]['id'])
assert_equal("Customer#{firstname}", result[0]['firstname'])
assert_equal('Customer Last', result[0]['lastname'])
assert(result[0]['role_ids'])
assert(result[0]['roles'])
get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal(result_user1['id'], result[0]['id'])
assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['label'])
assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['value'])
assert_not(result[0]['role_ids'])
assert_not(result[0]['roles'])
role = Role.find_by(name: 'Agent')
get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal(0, result.count)
role = Role.find_by(name: 'Customer')
get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal(result_user1['id'], result[0]['id'])
assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['label'])
assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['value'])
assert_not(result[0]['role_ids'])
assert_not(result[0]['roles'])
permission = Permission.find_by(name: 'ticket.agent')
get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal(0, result.count)
permission = Permission.find_by(name: 'ticket.customer')
get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal(result_user1['id'], result[0]['id'])
assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['label'])
assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['value'])
assert_not(result[0]['role_ids'])
assert_not(result[0]['roles'])
end
test 'user index and create with customer1' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
# me
get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert(result)
assert_equal(result['email'], 'rest-customer1@example.com')
# index
get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Array)
assert_equal(result.length, 1)
# show/:id
get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_equal(result['email'], 'rest-customer1@example.com')
get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert(result['error'])
# create user with admin role
role = Role.lookup(name: 'Admin')
params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_customer1@example.com', role_ids: [ role.id ] }
post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
# create user with agent role
role = Role.lookup(name: 'Agent')
params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_customer1@example.com', role_ids: [ role.id ] }
post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
# search
Scheduler.worker(true)
get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
end
test 'user index with customer2' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')
# me
get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert(result)
assert_equal(result['email'], 'rest-customer2@example.com')
# index
get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Array)
assert_equal(result.length, 1)
# show/:id
get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_equal(result['email'], 'rest-customer2@example.com')
get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert(result['error'])
# search
Scheduler.worker(true)
get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
end
test 'organization index with agent' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')
# index
get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Array)
assert_equal(result[0]['member_ids'].class, Array)
assert(result.length >= 3)
get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
organizations = Organization.order(:id).limit(2)
assert_equal(organizations[0].id, result[0]['id'])
assert_equal(organizations[0].member_ids, result[0]['member_ids'])
assert_equal(organizations[1].id, result[1]['id'])
assert_equal(organizations[1].member_ids, result[1]['member_ids'])
assert_equal(2, result.count)
get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
organizations = Organization.order(:id).limit(4)
assert_equal(organizations[2].id, result[0]['id'])
assert_equal(organizations[2].member_ids, result[0]['member_ids'])
assert_equal(organizations[3].id, result[1]['id'])
assert_equal(organizations[3].member_ids, result[1]['member_ids'])
assert_equal(2, result.count)
# show/:id
get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_equal(result['member_ids'].class, Array)
assert_not(result['members'])
assert_equal(result['name'], 'Rest Org')
get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_equal(result['member_ids'].class, Array)
assert_not(result['members'])
assert_equal(result['name'], 'Rest Org #2')
# search as agent
Scheduler.worker(true)
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal('Zammad Foundation', result[0]['name'])
assert(result[0]['member_ids'])
assert_not(result[0]['members'])
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal('Zammad Foundation', result[0]['name'])
assert(result[0]['member_ids'])
assert(result[0]['members'])
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal('Zammad Foundation', result[0]['label'])
assert_equal('Zammad Foundation', result[0]['value'])
assert_not(result[0]['member_ids'])
assert_not(result[0]['members'])
end
test 'organization index with customer1' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
# index
get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Array)
assert_equal(result.length, 0)
# show/:id
get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_nil(result['name'])
get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_nil(result['name'])
# search
Scheduler.worker(true)
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
end
test 'organization index with customer2' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')
# index
get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Array)
assert_equal(result.length, 1)
# show/:id
get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_equal(result['name'], 'Rest Org')
get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_nil(result['name'])
# search
Scheduler.worker(true)
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
end
end

1146
test/controllers/users_controller_test.rb
View file

File diff suppressed because it is too large Load diff

773
test/controllers/users_organization_controller_test.rb
View file

@ -1,773 +0,0 @@
require 'test_helper'
class UsersOrganizationControllerTest < ActionDispatch::IntegrationTest
include SearchindexHelper
setup do
# set accept header
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
# create agent
roles = Role.where(name: %w[Admin Agent])
groups = Group.all
UserInfo.current_user_id = 1
@backup_admin = User.create!(
login: 'backup-admin',
firstname: 'Backup',
lastname: 'Agent',
email: 'backup-admin@example.com',
password: 'adminpw',
active: true,
roles: roles,
groups: groups,
)
@admin = User.create!(
login: 'rest-admin',
firstname: 'Rest',
lastname: 'Agent',
email: 'rest-admin@example.com',
password: 'adminpw',
active: true,
roles: roles,
groups: groups,
)
# create agent
roles = Role.where(name: 'Agent')
@agent = User.create!(
login: 'rest-agent@example.com',
firstname: 'Rest',
lastname: 'Agent',
email: 'rest-agent@example.com',
password: 'agentpw',
active: true,
roles: roles,
groups: groups,
)
# create customer without org
roles = Role.where(name: 'Customer')
@customer_without_org = User.create!(
login: 'rest-customer1@example.com',
firstname: 'Rest',
lastname: 'Customer1',
email: 'rest-customer1@example.com',
password: 'customer1pw',
active: true,
roles: roles,
)
# create orgs
@organization = Organization.create!(
name: 'Rest Org',
note: 'Rest Org A',
)
@organization2 = Organization.create!(
name: 'Rest Org #2',
note: 'Rest Org B',
)
@organization3 = Organization.create!(
name: 'Rest Org #3',
note: 'Rest Org C',
)
# create customer with org
@customer_with_org = User.create!(
login: 'rest-customer2@example.com',
firstname: 'Rest',
lastname: 'Customer2',
email: 'rest-customer2@example.com',
password: 'customer2pw',
active: true,
roles: roles,
organization_id: @organization.id,
)
configure_elasticsearch do
travel 1.minute
rebuild_searchindex
# execute background jobs
Scheduler.worker(true)
sleep 6
end
end
test 'user create tests - no user' do
post '/api/v1/signshow', params: {}, headers: @headers
# create user with disabled feature
Setting.set('user_create_account', false)
token = @response.headers['CSRF-TOKEN']
# token based on form
params = { email: 'some_new_customer@example.com', authenticity_token: token }
post '/api/v1/users', params: params.to_json, headers: @headers
assert_response(422)
result = JSON.parse(@response.body)
assert(result['error'])
assert_equal('Feature not enabled!', result['error'])
# token based on headers
headers = @headers.merge('X-CSRF-Token' => token)
params = { email: 'some_new_customer@example.com' }
post '/api/v1/users', params: params.to_json, headers: headers
assert_response(422)
result = JSON.parse(@response.body)
assert(result['error'])
assert_equal('Feature not enabled!', result['error'])
Setting.set('user_create_account', true)
# no signup param with enabled feature
params = { email: 'some_new_customer@example.com' }
post '/api/v1/users', params: params.to_json, headers: headers
assert_response(422)
result = JSON.parse(@response.body)
assert(result['error'])
assert_equal('Only signup with not authenticate user possible!', result['error'])
# already existing user with enabled feature
params = { email: 'rest-customer1@example.com', signup: true }
post '/api/v1/users', params: params.to_json, headers: headers
assert_response(422)
result = JSON.parse(@response.body)
assert(result['error'])
assert_equal('Email address is already used for other user.', result['error'])
# email missing with enabled feature
params = { firstname: 'some firstname', signup: true }
post '/api/v1/users', params: params.to_json, headers: headers
assert_response(422)
result = JSON.parse(@response.body)
assert(result['error'])
assert_equal('Attribute \'email\' required!', result['error'])
# email missing with enabled feature
params = { firstname: 'some firstname', signup: true }
post '/api/v1/users', params: params.to_json, headers: headers
assert_response(422)
result = JSON.parse(@response.body)
assert(result['error'])
assert_equal('Attribute \'email\' required!', result['error'])
# create user with enabled feature (take customer role)
params = { firstname: 'Me First', lastname: 'Me Last', email: 'new_here@example.com', signup: true }
post '/api/v1/users', params: params.to_json, headers: headers
assert_response(201)
result = JSON.parse(@response.body)
assert(result)
assert_equal('Me First', result['firstname'])
assert_equal('Me Last', result['lastname'])
assert_equal('new_here@example.com', result['login'])
assert_equal('new_here@example.com', result['email'])
user = User.find(result['id'])
assert_not(user.role?('Admin'))
assert_not(user.role?('Agent'))
assert(user.role?('Customer'))
# create user with admin role (not allowed for signup, take customer role)
role = Role.lookup(name: 'Admin')
params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin@example.com', role_ids: [ role.id ], signup: true }
post '/api/v1/users', params: params.to_json, headers: headers
assert_response(201)
result = JSON.parse(@response.body)
assert(result)
user = User.find(result['id'])
assert_not(user.role?('Admin'))
assert_not(user.role?('Agent'))
assert(user.role?('Customer'))
# create user with agent role (not allowed for signup, take customer role)
role = Role.lookup(name: 'Agent')
params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent@example.com', role_ids: [ role.id ], signup: true }
post '/api/v1/users', params: params.to_json, headers: headers
assert_response(201)
result = JSON.parse(@response.body)
assert(result)
user = User.find(result['id'])
assert_not(user.role?('Admin'))
assert_not(user.role?('Agent'))
assert(user.role?('Customer'))
# no user (because of no session)
get '/api/v1/users', params: {}, headers: headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal('authentication failed', result['error'])
# me
get '/api/v1/users/me', params: {}, headers: headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal('authentication failed', result['error'])
end
test 'auth tests - not existing user' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('not_existing@example.com', 'adminpw')
# me
get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal('authentication failed', result['error'])
get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal('authentication failed', result['error'])
end
test 'auth tests - username auth, wrong pw' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'not_existing')
get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal('authentication failed', result['error'])
end
test 'auth tests - email auth, wrong pw' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'not_existing')
get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal('authentication failed', result['error'])
end
test 'auth tests - username auth' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'adminpw')
get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert(result)
end
test 'auth tests - email auth' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert(result)
end
test 'user index and create with admin' do
# email auth
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
# me
get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert(result)
assert_equal(result['email'], 'rest-admin@example.com')
# index
get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert(result)
# index
get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert(result)
assert_equal(result.class, Array)
assert(result.length >= 3)
# show/:id
get "/api/v1/users/#{@agent.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert(result)
assert_equal(result.class, Hash)
assert_equal(result['email'], 'rest-agent@example.com')
get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert(result)
assert_equal(result.class, Hash)
assert_equal(result['email'], 'rest-customer1@example.com')
# create user with admin role
role = Role.lookup(name: 'Admin')
params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_admin@example.com', role_ids: [ role.id ] }
post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert(result)
user = User.find(result['id'])
assert(user.role?('Admin'))
assert_not(user.role?('Agent'))
assert_not(user.role?('Customer'))
assert_equal('new_admin_by_admin@example.com', result['login'])
assert_equal('new_admin_by_admin@example.com', result['email'])
# create user with agent role
role = Role.lookup(name: 'Agent')
params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_admin1@example.com', role_ids: [ role.id ] }
post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert(result)
user = User.find(result['id'])
assert_not(user.role?('Admin'))
assert(user.role?('Agent'))
assert_not(user.role?('Customer'))
assert_equal('new_agent_by_admin1@example.com', result['login'])
assert_equal('new_agent_by_admin1@example.com', result['email'])
role = Role.lookup(name: 'Agent')
params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert(result)
user = User.find(result['id'])
assert_not(user.role?('Admin'))
assert(user.role?('Agent'))
assert_not(user.role?('Customer'))
assert_equal('new_agent_by_admin2@example.com', result['login'])
assert_equal('new_agent_by_admin2@example.com', result['email'])
assert_equal('Agent', result['firstname'])
assert_equal('First', result['lastname'])
role = Role.lookup(name: 'Agent')
params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(422)
result = JSON.parse(@response.body)
assert(result)
assert_equal('Email address is already used for other user.', result['error'])
# missing required attributes
params = { note: 'some note' }
post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(422)
result = JSON.parse(@response.body)
assert(result)
assert_equal('Minimum one identifier (login, firstname, lastname, phone or email) for user is required.', result['error'])
# invalid email
params = { firstname: 'newfirstname123', email: 'some_what', note: 'some note' }
post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(422)
result = JSON.parse(@response.body)
assert(result)
assert_equal('Invalid email', result['error'])
# with valid attributes
params = { firstname: 'newfirstname123', note: 'some note' }
post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert(result)
user = User.find(result['id'])
assert_not(user.role?('Admin'))
assert_not(user.role?('Agent'))
assert(user.role?('Customer'))
assert(result['login'].start_with?('auto-'))
assert_equal('', result['email'])
assert_equal('newfirstname123', result['firstname'])
assert_equal('', result['lastname'])
end
test 'user index and create with agent' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')
# me
get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert(result)
assert_equal(result['email'], 'rest-agent@example.com')
# index
get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert(result)
# index
get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert(result)
assert_equal(result.class, Array)
assert(result.length >= 3)
get '/api/v1/users?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
users = User.order(:id).limit(2)
assert_equal(users[0].id, result[0]['id'])
assert_equal(users[1].id, result[1]['id'])
assert_equal(2, result.count)
get '/api/v1/users?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
users = User.order(:id).limit(4)
assert_equal(users[2].id, result[0]['id'])
assert_equal(users[3].id, result[1]['id'])
assert_equal(2, result.count)
# create user with admin role
firstname = "First test#{rand(999_999_999)}"
role = Role.lookup(name: 'Admin')
params = { firstname: "Admin#{firstname}", lastname: 'Admin Last', email: 'new_admin_by_agent@example.com', role_ids: [ role.id ] }
post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result_user1 = JSON.parse(@response.body)
assert(result_user1)
user = User.find(result_user1['id'])
assert_not(user.role?('Admin'))
assert_not(user.role?('Agent'))
assert(user.role?('Customer'))
assert_equal('new_admin_by_agent@example.com', result_user1['login'])
assert_equal('new_admin_by_agent@example.com', result_user1['email'])
# create user with agent role
role = Role.lookup(name: 'Agent')
params = { firstname: "Agent#{firstname}", lastname: 'Agent Last', email: 'new_agent_by_agent@example.com', role_ids: [ role.id ] }
post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result_user1 = JSON.parse(@response.body)
assert(result_user1)
user = User.find(result_user1['id'])
assert_not(user.role?('Admin'))
assert_not(user.role?('Agent'))
assert(user.role?('Customer'))
assert_equal('new_agent_by_agent@example.com', result_user1['login'])
assert_equal('new_agent_by_agent@example.com', result_user1['email'])
# create user with customer role
role = Role.lookup(name: 'Customer')
params = { firstname: "Customer#{firstname}", lastname: 'Customer Last', email: 'new_customer_by_agent@example.com', role_ids: [ role.id ] }
post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result_user1 = JSON.parse(@response.body)
assert(result_user1)
user = User.find(result_user1['id'])
assert_not(user.role?('Admin'))
assert_not(user.role?('Agent'))
assert(user.role?('Customer'))
assert_equal('new_customer_by_agent@example.com', result_user1['login'])
assert_equal('new_customer_by_agent@example.com', result_user1['email'])
# search as agent
Scheduler.worker(true)
sleep 2 # let es time to come ready
get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal(result_user1['id'], result[0]['id'])
assert_equal("Customer#{firstname}", result[0]['firstname'])
assert_equal('Customer Last', result[0]['lastname'])
assert(result[0]['role_ids'])
assert_not(result[0]['roles'])
get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal(result_user1['id'], result[0]['id'])
assert_equal("Customer#{firstname}", result[0]['firstname'])
assert_equal('Customer Last', result[0]['lastname'])
assert(result[0]['role_ids'])
assert(result[0]['roles'])
get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal(result_user1['id'], result[0]['id'])
assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['label'])
assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['value'])
assert_not(result[0]['role_ids'])
assert_not(result[0]['roles'])
role = Role.find_by(name: 'Agent')
get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal(0, result.count)
role = Role.find_by(name: 'Customer')
get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal(result_user1['id'], result[0]['id'])
assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['label'])
assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['value'])
assert_not(result[0]['role_ids'])
assert_not(result[0]['roles'])
permission = Permission.find_by(name: 'ticket.agent')
get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal(0, result.count)
permission = Permission.find_by(name: 'ticket.customer')
get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal(result_user1['id'], result[0]['id'])
assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['label'])
assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['value'])
assert_not(result[0]['role_ids'])
assert_not(result[0]['roles'])
end
test 'user index and create with customer1' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
# me
get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert(result)
assert_equal(result['email'], 'rest-customer1@example.com')
# index
get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Array)
assert_equal(result.length, 1)
# show/:id
get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_equal(result['email'], 'rest-customer1@example.com')
get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert(result['error'])
# create user with admin role
role = Role.lookup(name: 'Admin')
params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_customer1@example.com', role_ids: [ role.id ] }
post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
# create user with agent role
role = Role.lookup(name: 'Agent')
params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_customer1@example.com', role_ids: [ role.id ] }
post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
# search
Scheduler.worker(true)
get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
end
test 'user index with customer2' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')
# me
get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert(result)
assert_equal(result['email'], 'rest-customer2@example.com')
# index
get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Array)
assert_equal(result.length, 1)
# show/:id
get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_equal(result['email'], 'rest-customer2@example.com')
get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert(result['error'])
# search
Scheduler.worker(true)
get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
end
test 'organization index with agent' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')
# index
get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Array)
assert_equal(result[0]['member_ids'].class, Array)
assert(result.length >= 3)
get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
organizations = Organization.order(:id).limit(2)
assert_equal(organizations[0].id, result[0]['id'])
assert_equal(organizations[0].member_ids, result[0]['member_ids'])
assert_equal(organizations[1].id, result[1]['id'])
assert_equal(organizations[1].member_ids, result[1]['member_ids'])
assert_equal(2, result.count)
get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
organizations = Organization.order(:id).limit(4)
assert_equal(organizations[2].id, result[0]['id'])
assert_equal(organizations[2].member_ids, result[0]['member_ids'])
assert_equal(organizations[3].id, result[1]['id'])
assert_equal(organizations[3].member_ids, result[1]['member_ids'])
assert_equal(2, result.count)
# show/:id
get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_equal(result['member_ids'].class, Array)
assert_not(result['members'])
assert_equal(result['name'], 'Rest Org')
get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_equal(result['member_ids'].class, Array)
assert_not(result['members'])
assert_equal(result['name'], 'Rest Org #2')
# search as agent
Scheduler.worker(true)
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal('Zammad Foundation', result[0]['name'])
assert(result[0]['member_ids'])
assert_not(result[0]['members'])
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal('Zammad Foundation', result[0]['name'])
assert(result[0]['member_ids'])
assert(result[0]['members'])
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Array, result.class)
assert_equal('Zammad Foundation', result[0]['label'])
assert_equal('Zammad Foundation', result[0]['value'])
assert_not(result[0]['member_ids'])
assert_not(result[0]['members'])
end
test 'organization index with customer1' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
# index
get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Array)
assert_equal(result.length, 0)
# show/:id
get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_nil(result['name'])
get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_nil(result['name'])
# search
Scheduler.worker(true)
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
end
test 'organization index with customer2' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')
# index
get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Array)
assert_equal(result.length, 1)
# show/:id
get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_equal(result['name'], 'Rest Org')
get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_nil(result['name'])
# search
Scheduler.worker(true)
get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(401)
end
end