diff --git a/test/controllers/packages_controller_test.rb b/test/controllers/packages_controller_test.rb new file mode 100644 index 000000000..12d938b53 --- /dev/null +++ b/test/controllers/packages_controller_test.rb @@ -0,0 +1,92 @@ +# encoding: utf-8 +require 'test_helper' + +class PackagesControllerTest < ActionDispatch::IntegrationTest + setup do + + # set accept header + @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } + + # create agent + roles = Role.where( name: %w(Admin Agent) ) + groups = Group.all + + UserInfo.current_user_id = 1 + @admin = User.create_or_update( + login: 'packages-admin', + firstname: 'Packages', + lastname: 'Admin', + email: 'packages-admin@example.com', + password: 'adminpw', + active: true, + roles: roles, + groups: groups, + ) + + # create agent + roles = Role.where( name: 'Agent' ) + @agent = User.create_or_update( + login: 'packages-agent@example.com', + firstname: 'Rest', + lastname: 'Agent', + email: 'packages-agent@example.com', + password: 'agentpw', + active: true, + roles: roles, + groups: groups, + ) + + # create customer without org + roles = Role.where( name: 'Customer' ) + @customer_without_org = User.create_or_update( + login: 'packages-customer1@example.com', + firstname: 'Packages', + lastname: 'Customer1', + email: 'packages-customer1@example.com', + password: 'customer1pw', + active: true, + roles: roles, + ) + + end + + test 'packages index with admin' do + + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('packages-admin@example.com', 'adminpw') + + # index + get '/api/v1/packages', {}, @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(result.class, Hash) + assert(result['packages']) + + end + + test 'packages index with agent' do + + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('packages-agent@example.com', 'adminpw') + + # index + get '/api/v1/packages', {}, @headers.merge('Authorization' => credentials) + assert_response(401) + result = JSON.parse(@response.body) + assert_equal(result.class, Hash) + assert_not(result['packages']) + + end + + test 'packages index with customer' do + + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('packages-customer1@example.com', 'customer1pw') + + # index + get '/api/v1/packages', {}, @headers.merge('Authorization' => credentials) + assert_response(401) + result = JSON.parse(@response.body) + assert_equal(result.class, Hash) + assert_not(result['packages']) + + end + +end diff --git a/test/controllers/settings_controller_test.rb b/test/controllers/settings_controller_test.rb new file mode 100644 index 000000000..984b18378 --- /dev/null +++ b/test/controllers/settings_controller_test.rb @@ -0,0 +1,92 @@ +# encoding: utf-8 +require 'test_helper' + +class SettingsControllerTest < ActionDispatch::IntegrationTest + setup do + + # set accept header + @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } + + # create agent + roles = Role.where( name: %w(Admin Agent) ) + groups = Group.all + + UserInfo.current_user_id = 1 + @admin = User.create_or_update( + login: 'packages-admin', + firstname: 'Packages', + lastname: 'Admin', + email: 'packages-admin@example.com', + password: 'adminpw', + active: true, + roles: roles, + groups: groups, + ) + + # create agent + roles = Role.where( name: 'Agent' ) + @agent = User.create_or_update( + login: 'packages-agent@example.com', + firstname: 'Rest', + lastname: 'Agent', + email: 'packages-agent@example.com', + password: 'agentpw', + active: true, + roles: roles, + groups: groups, + ) + + # create customer without org + roles = Role.where( name: 'Customer' ) + @customer_without_org = User.create_or_update( + login: 'packages-customer1@example.com', + firstname: 'Packages', + lastname: 'Customer1', + email: 'packages-customer1@example.com', + password: 'customer1pw', + active: true, + roles: roles, + ) + + end + + test 'settings index with admin' do + + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('packages-admin@example.com', 'adminpw') + + # index + get '/api/v1/settings', {}, @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Array, result.class) + assert(result) + + end + + test 'settings index with agent' do + + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('packages-agent@example.com', 'adminpw') + + # index + get '/api/v1/settings', {}, @headers.merge('Authorization' => credentials) + assert_response(401) + result = JSON.parse(@response.body) + assert_equal(result.class, Hash) + assert_not(result['settings']) + + end + + test 'settings index with customer' do + + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('packages-customer1@example.com', 'customer1pw') + + # index + get '/api/v1/settings', {}, @headers.merge('Authorization' => credentials) + assert_response(401) + result = JSON.parse(@response.body) + assert_equal(result.class, Hash) + assert_not(result['settings']) + + end + +end diff --git a/test/controllers/user_organization_controller_test.rb b/test/controllers/user_organization_controller_test.rb new file mode 100644 index 000000000..bce04cc70 --- /dev/null +++ b/test/controllers/user_organization_controller_test.rb @@ -0,0 +1,325 @@ +# encoding: utf-8 +require 'test_helper' + +class UserOrganizationControllerTest < ActionDispatch::IntegrationTest + setup do + + # set accept header + @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } + + # create agent + roles = Role.where( name: %w(Admin Agent) ) + groups = Group.all + + UserInfo.current_user_id = 1 + @admin = User.create_or_update( + login: 'rest-admin', + firstname: 'Rest', + lastname: 'Agent', + email: 'rest-admin@example.com', + password: 'adminpw', + active: true, + roles: roles, + groups: groups, + ) + + # create agent + roles = Role.where( name: 'Agent' ) + @agent = User.create_or_update( + login: 'rest-agent@example.com', + firstname: 'Rest', + lastname: 'Agent', + email: 'rest-agent@example.com', + password: 'agentpw', + active: true, + roles: roles, + groups: groups, + ) + + # create customer without org + roles = Role.where( name: 'Customer' ) + @customer_without_org = User.create_or_update( + login: 'rest-customer1@example.com', + firstname: 'Rest', + lastname: 'Customer1', + email: 'rest-customer1@example.com', + password: 'customer1pw', + active: true, + roles: roles, + ) + + # create orgs + @organization = Organization.create_or_update( + name: 'Rest Org', + ) + @organization2 = Organization.create_or_update( + name: 'Rest Org #2', + ) + @organization3 = Organization.create_or_update( + name: 'Rest Org #3', + ) + + # create customer with org + @customer_with_org = User.create_or_update( + login: 'rest-customer2@example.com', + firstname: 'Rest', + lastname: 'Customer2', + email: 'rest-customer2@example.com', + password: 'customer2pw', + active: true, + roles: roles, + organization_id: @organization.id, + ) + + end + + test 'user create tests - no user' do + + # create user with disabled feature + Setting.set('user_create_account', false) + post '/api/v1/users', {}, @headers + assert_response(422) + result = JSON.parse(@response.body) + assert(result['error']) + assert_equal('Feature not enabled!', result['error']) + + # already existing user with enabled feature + Setting.set('user_create_account', true) + params = { email: 'rest-customer1@example.com' } + post '/api/v1/users', params.to_json, @headers + assert_response(422) + result = JSON.parse(@response.body) + assert(result['error']) + assert_equal('User already exists!', result['error']) + + # create user with enabled feature + params = { firstname: 'Me First', lastname: 'Me Last', email: 'new_here@example.com' } + post '/api/v1/users', params.to_json, @headers + assert_response(201) + result = JSON.parse(@response.body) + assert(result) + + assert_equal('Me First', result['firstname']) + assert_equal('Me Last', result['lastname']) + assert_equal('new_here@example.com', result['login']) + assert_equal('new_here@example.com', result['email']) + + # no user + get '/api/v1/users', {}, @headers + assert_response(401) + result = JSON.parse(@response.body) + assert_equal('authentication failed', result['error']) + end + + test 'auth tests - not existing user' do + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('not_existing@example.com', 'adminpw') + + get '/api/v1/users', {}, @headers.merge('Authorization' => credentials) + assert_response(401) + result = JSON.parse(@response.body) + assert_equal('authentication failed', result['error']) + end + + test 'auth tests - username auth, wrong pw' do + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'not_existing') + + get '/api/v1/users', {}, @headers.merge('Authorization' => credentials) + assert_response(401) + result = JSON.parse(@response.body) + assert_equal('authentication failed', result['error']) + end + + test 'auth tests - email auth, wrong pw' do + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'not_existing') + + get '/api/v1/users', {}, @headers.merge('Authorization' => credentials) + assert_response(401) + result = JSON.parse(@response.body) + assert_equal('authentication failed', result['error']) + end + + test 'auth tests - username auth' do + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'adminpw') + + get '/api/v1/users', {}, @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert(result) + end + + test 'auth tests - email auth' do + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') + + get '/api/v1/users', {}, @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert(result) + end + + test 'user index with admin' do + + # email auth + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') + + # index + get '/api/v1/users', {}, @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert(result) + + # index + get '/api/v1/users', {}, @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert(result) + assert_equal(result.class, Array) + assert(result.length >= 3) + + # show/:id + get "/api/v1/users/#{@agent.id}", {}, @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert(result) + assert_equal(result.class, Hash) + assert_equal(result['email'], 'rest-agent@example.com') + + get "/api/v1/users/#{@customer_without_org.id}", {}, 'Authorization' => credentials + assert_response(200) + result = JSON.parse(@response.body) + assert(result) + assert_equal(result.class, Hash) + assert_equal(result['email'], 'rest-customer1@example.com') + + end + + test 'user index with customer1' do + + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw') + + # index + get '/api/v1/users', {}, @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(result.class, Array) + assert_equal(result.length, 1) + + # show/:id + get "/api/v1/users/#{@customer_without_org.id}", {}, @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(result.class, Hash) + assert_equal(result['email'], 'rest-customer1@example.com') + + get "/api/v1/users/#{@customer_with_org.id}", {}, @headers.merge('Authorization' => credentials) + assert_response(401) + result = JSON.parse(@response.body) + assert_equal(result.class, Hash) + assert(result.empty?) + + end + + test 'user index with customer2' do + + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw') + + # index + get '/api/v1/users', {}, @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(result.class, Array) + assert_equal(result.length, 1) + + # show/:id + get "/api/v1/users/#{@customer_with_org.id}", {}, @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(result.class, Hash) + assert_equal(result['email'], 'rest-customer2@example.com') + + get "/api/v1/users/#{@customer_without_org.id}", {}, @headers.merge('Authorization' => credentials) + assert_response(401) + #puts @response.body + result = JSON.parse(@response.body) + assert_equal(result.class, Hash) + assert(result.empty?) + + end + + test 'organization index with agent' do + + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw') + + # index + get '/api/v1/organizations', {}, @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(result.class, Array) + assert(result.length >= 3) + + # show/:id + get "/api/v1/organizations/#{@organization.id}", {}, @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal( result.class, Hash) + assert_equal( result['name'], 'Rest Org') + + get "/api/v1/organizations/#{@organization2.id}", {}, @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal( result.class, Hash) + assert_equal( result['name'], 'Rest Org #2') + + end + + test 'organization index with customer1' do + + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw') + + # index + get '/api/v1/organizations', {}, @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(result.class, Array) + assert_equal(result.length, 0) + + # show/:id + get "/api/v1/organizations/#{@organization.id}", {}, @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal( result.class, Hash) + assert_equal( result['name'], nil) + + get "/api/v1/organizations/#{@organization2.id}", {}, @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal( result.class, Hash) + assert_equal( result['name'], nil) + + end + + test 'organization index with customer2' do + + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw') + + # index + get '/api/v1/organizations', {}, @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(result.class, Array) + assert_equal(result.length, 1) + + # show/:id + get "/api/v1/organizations/#{@organization.id}", {}, @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal( result.class, Hash) + assert_equal( result['name'], 'Rest Org') + + get "/api/v1/organizations/#{@organization2.id}", {}, @headers.merge('Authorization' => credentials) + assert_response(401) + result = JSON.parse(@response.body) + assert_equal( result.class, Hash) + assert_equal( result['name'], nil) + + end +end diff --git a/test/unit/rest_test.rb b/test/unit/rest_test.rb deleted file mode 100644 index 4bc121fdd..000000000 --- a/test/unit/rest_test.rb +++ /dev/null @@ -1,244 +0,0 @@ -# encoding: utf-8 -require 'test_helper' - -class RestTest < ActiveSupport::TestCase - - test 'users and orgs' do - - if !ENV['BROWSER_URL'] - puts 'NOTICE: Do not execute rest tests, no BROWSER_URL=http://some_host:port is defined! e. g. export BROWSER_URL=http://localhost:3000' - return - end - - # create agent - roles = Role.where( name: %w(Admin Agent) ) - groups = Group.all - - UserInfo.current_user_id = 1 - admin = User.create_or_update( - login: 'rest-admin', - firstname: 'Rest', - lastname: 'Agent', - email: 'rest-admin@example.com', - password: 'adminpw', - active: true, - roles: roles, - groups: groups, - ) - - # create agent - roles = Role.where( name: 'Agent' ) - agent = User.create_or_update( - login: 'rest-agent@example.com', - firstname: 'Rest', - lastname: 'Agent', - email: 'rest-agent@example.com', - password: 'agentpw', - active: true, - roles: roles, - groups: groups, - ) - - # create customer without org - roles = Role.where( name: 'Customer' ) - customer_without_org = User.create_or_update( - login: 'rest-customer1@example.com', - firstname: 'Rest', - lastname: 'Customer1', - email: 'rest-customer1@example.com', - password: 'customer1pw', - active: true, - roles: roles, - ) - - # create orgs - organization = Organization.create_or_update( - name: 'Rest Org', - ) - organization2 = Organization.create_or_update( - name: 'Rest Org #2', - ) - organization3 = Organization.create_or_update( - name: 'Rest Org #3', - ) - - # create customer with org - customer_with_org = User.create_or_update( - login: 'rest-customer2@example.com', - firstname: 'Rest', - lastname: 'Customer2', - email: 'rest-customer2@example.com', - password: 'customer2pw', - active: true, - roles: roles, - organization_id: organization.id, - ) - - # not existing user - request = get( 'not_existing@example.com', 'adminpw', '/api/v1/users') - assert_equal( request[:response].code, '401' ) - assert_equal( request[:data].class, NilClass) - - # username auth, wrong pw - request = get( 'rest-admin', 'not_existing', '/api/v1/users' ) - assert_equal( request[:response].code, '401' ) - assert_equal( request[:data].class, NilClass) - - # email auth, wrong pw - request = get( 'rest-admin@example.com', 'not_existing', '/api/v1/users' ) - assert_equal( request[:response].code, '401' ) - assert_equal( request[:data].class, NilClass) - - # username auth - request = get( 'rest-admin', 'adminpw', '/api/v1/users' ) - assert_equal( request[:response].code, '200' ) - assert_equal( request[:data].class, Array) - - # email auth - request = get( 'rest-admin@example.com', 'adminpw', '/api/v1/users' ) - assert_equal( request[:response].code, '200' ) - assert_equal( request[:data].class, Array) - - # /users - - # index - request = get( 'rest-agent@example.com', 'agentpw', '/api/v1/users') - assert_equal( request[:response].code, '200' ) - assert_equal( request[:data].class, Array) - assert( request[:data].length >= 3 ) - - # show/:id - request = get( 'rest-agent@example.com', 'agentpw', '/api/v1/users/' + agent.id.to_s ) - assert_equal( request[:response].code, '200' ) - assert_equal( request[:data].class, Hash) - assert_equal( request[:data]['email'], 'rest-agent@example.com') - request = get( 'rest-agent@example.com', 'agentpw', '/api/v1/users/' + customer_without_org.id.to_s ) - assert_equal( request[:response].code, '200' ) - assert_equal( request[:data].class, Hash) - assert_equal( request[:data]['email'], 'rest-customer1@example.com') - - # index - request = get( 'rest-customer1@example.com', 'customer1pw', '/api/v1/users') - assert_equal( request[:response].code, '200' ) - assert_equal( request[:data].class, Array) - assert_equal( request[:data].length, 1 ) - - # show/:id - request = get( 'rest-customer1@example.com', 'customer1pw', '/api/v1/users/' + customer_without_org.id.to_s ) - assert_equal( request[:response].code, '200' ) - assert_equal( request[:data].class, Hash) - assert_equal( request[:data]['email'], 'rest-customer1@example.com') - request = get( 'rest-customer1@example.com', 'customer1pw', '/api/v1/users/' + customer_with_org.id.to_s ) - assert_equal( request[:response].code, '401' ) - assert_equal( request[:data].class, NilClass) - - # index - request = get( 'rest-customer2@example.com', 'customer2pw', '/api/v1/users') - assert_equal( request[:response].code, '200' ) - assert_equal( request[:data].class, Array) - assert_equal( request[:data].length, 1 ) - - # show/:id - request = get( 'rest-customer2@example.com', 'customer2pw', '/api/v1/users/' + customer_with_org.id.to_s ) - assert_equal( request[:response].code, '200' ) - assert_equal( request[:data].class, Hash) - assert_equal( request[:data]['email'], 'rest-customer2@example.com') - request = get( 'rest-customer2@example.com', 'customer2pw', '/api/v1/users/' + customer_without_org.id.to_s ) - assert_equal( request[:response].code, '401' ) - assert_equal( request[:data].class, NilClass) - - # /organizations - - # index - request = get( 'rest-agent@example.com', 'agentpw', '/api/v1/organizations') - assert_equal( request[:response].code, '200' ) - assert_equal( request[:data].class, Array) - assert( request[:data].length >= 3 ) - - # show/:id - request = get( 'rest-agent@example.com', 'agentpw', '/api/v1/organizations/' + organization.id.to_s ) - assert_equal( request[:response].code, '200' ) - assert_equal( request[:data].class, Hash) - assert_equal( request[:data]['name'], 'Rest Org') - request = get( 'rest-agent@example.com', 'agentpw', '/api/v1/organizations/' + organization2.id.to_s ) - assert_equal( request[:response].code, '200' ) - assert_equal( request[:data].class, Hash) - assert_equal( request[:data]['name'], 'Rest Org #2') - - # index - request = get( 'rest-customer1@example.com', 'customer1pw', '/api/v1/organizations') - assert_equal( request[:response].code, '200' ) - assert_equal( request[:data].class, Array) - assert_equal( request[:data].length, 0 ) - - # show/:id - request = get( 'rest-customer1@example.com', 'customer1pw', '/api/v1/organizations/' + organization.id.to_s ) - assert_equal( request[:response].code, '200' ) - assert_equal( request[:data].class, Hash) - assert_equal( request[:data]['name'], nil) - request = get( 'rest-customer1@example.com', 'customer1pw', '/api/v1/organizations/' + organization2.id.to_s ) - assert_equal( request[:response].code, '200' ) - assert_equal( request[:data].class, Hash) - assert_equal( request[:data]['name'], nil) - - # index - request = get( 'rest-customer2@example.com', 'customer2pw', '/api/v1/organizations') - assert_equal( request[:response].code, '200' ) - assert_equal( request[:data].class, Array) - assert_equal( request[:data].length, 1 ) - - # show/:id - request = get( 'rest-customer2@example.com', 'customer2pw', '/api/v1/organizations/' + organization.id.to_s ) - assert_equal( request[:response].code, '200' ) - assert_equal( request[:data].class, Hash) - assert_equal( request[:data]['name'], 'Rest Org') - request = get( 'rest-customer2@example.com', 'customer2pw', '/api/v1/organizations/' + organization2.id.to_s ) - assert_equal( request[:response].code, '401' ) - assert_equal( request[:data].class, NilClass) - - # packages - request = get( 'rest-admin@example.com', 'adminpw', '/api/v1/packages' ) - assert_equal( request[:response].code, '200' ) - assert_equal( request[:data].class, Hash) - assert( request[:data]['packages'] ) - - request = get( 'rest-agent@example.com', 'agentpw', '/api/v1/packages' ) - assert_equal( request[:response].code, '401' ) - assert_equal( request[:data].class, NilClass) - - request = get( 'rest-customer1@example.com', 'customer1pw', '/api/v1/packages' ) - assert_equal( request[:response].code, '401' ) - assert_equal( request[:data].class, NilClass) - - # settings - request = get( 'rest-admin@example.com', 'adminpw', '/api/v1/settings' ) - assert_equal( request[:response].code, '200' ) - assert_equal( request[:data].class, Array) - assert( request[:data][0] ) - - request = get( 'rest-agent@example.com', 'agentpw', '/api/v1/settings' ) - assert_equal( request[:response].code, '401' ) - assert_equal( request[:data].class, NilClass) - - request = get( 'rest-customer1@example.com', 'customer1pw', '/api/v1/settings' ) - assert_equal( request[:response].code, '401' ) - assert_equal( request[:data].class, NilClass) - - end - def get(user, pw, url) - - response = UserAgent.get( - "#{ENV['BROWSER_URL']}#{url}", - {}, - { - json: true, - user: user, - password: pw, - } - ) - #puts 'URL: ' + url - #puts response.code.to_s - #puts response.body.to_s - { data: response.data, response: response } - end -end