Refactor External credentials request spec

This commit is contained in:
Ryan Lue 2018-12-12 16:57:30 +08:00 committed by Ryan Lue
parent ad19b532a9
commit 6e3f32825f
5 changed files with 324 additions and 363 deletions

View file

@ -1,5 +1,19 @@
FactoryBot.define do
factory :external_credential do
credentials { { 'application_id' => '1234', 'application_secret' => 'secret' } }
factory :facebook_credential do
name 'facebook'
credentials { { application_id: 123, application_secret: 123 } }
end
factory :twitter_credential do
name 'twitter'
credentials do
{ consumer_key: 123,
consumer_secret: 123,
oauth_token: 123,
oauth_token_secret: 123 }
end
end
end
end

View file

@ -1,228 +0,0 @@
require 'rails_helper'
RSpec.describe 'ExternalCredentials', type: :request do
let(:admin_user) do
create(:admin_user)
end
describe 'request handling' do
it 'does external_credential index with nobody' do
get '/api/v1/external_credentials', as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('authentication failed')
end
it 'does external_credential app_verify with nobody' do
post '/api/v1/external_credentials/facebook/app_verify', as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('authentication failed')
end
it 'does link_account app_verify with nobody' do
get '/api/v1/external_credentials/facebook/link_account', as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('authentication failed')
end
it 'does external_credential callback with nobody' do
get '/api/v1/external_credentials/facebook/callback', as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('authentication failed')
end
it 'does external_credential index with admin' do
authenticated_as(admin_user)
get '/api/v1/external_credentials', as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response).to be_truthy
expect(json_response.count).to eq(0)
get '/api/v1/external_credentials?expand=true', as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response).to be_truthy
expect(json_response.count).to eq(0)
end
it 'does external_credential app_verify with admin - facebook' do
authenticated_as(admin_user)
post '/api/v1/external_credentials/facebook/app_verify', as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('No application_id param!')
VCR.use_cassette('request/external_credentials/facebook/app_verify_invalid_credentials_with_not_created') do
post '/api/v1/external_credentials/facebook/app_verify', params: { application_id: 123, application_secret: 123 }, as: :json
end
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('type: OAuthException, code: 101, message: Error validating application. Cannot get application info due to a system error. [HTTP 400]')
create(:external_credential, { name: 'facebook', credentials: { application_id: 123, application_secret: 123 } })
VCR.use_cassette('request/external_credentials/facebook/app_verify_invalid_credentials_with_created') do
post '/api/v1/external_credentials/facebook/app_verify', as: :json
end
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('type: OAuthException, code: 101, message: Error validating application. Cannot get application info due to a system error. [HTTP 400]')
end
it 'does external_credential app_verify with admin - twitter' do
authenticated_as(admin_user)
post '/api/v1/external_credentials/twitter/app_verify', as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('No consumer_key param!')
VCR.use_cassette('request/external_credentials/twitter/app_verify_invalid_credentials_with_not_created') do
post '/api/v1/external_credentials/twitter/app_verify', params: { consumer_key: 123, consumer_secret: 123, oauth_token: 123, oauth_token_secret: 123 }, as: :json
end
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('401 Authorization Required')
create(:external_credential, { name: 'twitter', credentials: { consumer_key: 123, consumer_secret: 123, oauth_token: 123, oauth_token_secret: 123 } })
VCR.use_cassette('request/external_credentials/twitter/app_verify_invalid_credentials_with_created') do
post '/api/v1/external_credentials/twitter/app_verify', as: :json
end
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('401 Authorization Required')
end
it 'does link_account app_verify with admin - facebook' do
authenticated_as(admin_user)
get '/api/v1/external_credentials/facebook/link_account', as: :json
expect(response).to have_http_status(422)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('No facebook app configured!')
get '/api/v1/external_credentials/facebook/link_account', params: { application_id: 123, application_secret: 123 }, as: :json
expect(response).to have_http_status(422)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('No facebook app configured!')
create(:external_credential, { name: 'facebook', credentials: { application_id: 123, application_secret: 123 } })
VCR.use_cassette('request/external_credentials/facebook/link_account_with_invalid_credential') do
get '/api/v1/external_credentials/facebook/link_account', as: :json
end
expect(response).to have_http_status(500)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('type: OAuthException, code: 101, message: Error validating application. Cannot get application info due to a system error. [HTTP 400]')
end
it 'does link_account app_verify with admin - twitter' do
authenticated_as(admin_user)
get '/api/v1/external_credentials/twitter/link_account', as: :json
expect(response).to have_http_status(422)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('No twitter app configured!')
get '/api/v1/external_credentials/twitter/link_account', params: { consumer_key: 123, consumer_secret: 123, oauth_token: 123, oauth_token_secret: 123 }, as: :json
expect(response).to have_http_status(422)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('No twitter app configured!')
create(:external_credential, { name: 'twitter', credentials: { consumer_key: 123, consumer_secret: 123, oauth_token: 123, oauth_token_secret: 123 } })
VCR.use_cassette('request/external_credentials/twitter/link_account_with_invalid_credential') do
get '/api/v1/external_credentials/twitter/link_account', as: :json
end
expect(response).to have_http_status(500)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('401 Authorization Required')
end
it 'does external_credential callback with admin - facebook' do
authenticated_as(admin_user)
get '/api/v1/external_credentials/facebook/callback', as: :json
expect(response).to have_http_status(422)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('No facebook app configured!')
get '/api/v1/external_credentials/facebook/callback', params: { application_id: 123, application_secret: 123 }, as: :json
expect(response).to have_http_status(422)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('No facebook app configured!')
create(:external_credential, { name: 'facebook', credentials: { application_id: 123, application_secret: 123 } })
VCR.use_cassette('request/external_credentials/facebook/callback_invalid_credentials') do
get '/api/v1/external_credentials/facebook/callback', as: :json
end
expect(response).to have_http_status(500)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('type: OAuthException, code: 101, message: Error validating application. Cannot get application info due to a system error. [HTTP 400]')
end
it 'does external_credential callback with admin - twitter' do
authenticated_as(admin_user)
get '/api/v1/external_credentials/twitter/callback', as: :json
expect(response).to have_http_status(422)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('No twitter app configured!')
get '/api/v1/external_credentials/twitter/callback', params: { consumer_key: 123, consumer_secret: 123 }, as: :json
expect(response).to have_http_status(422)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('No twitter app configured!')
create(:external_credential, { name: 'twitter', credentials: { consumer_key: 123, consumer_secret: 123 } })
get '/api/v1/external_credentials/twitter/callback', as: :json
expect(response).to have_http_status(422)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('No request_token for session found!')
#request.session[:oauth_token] = 'some_token'
#get '/api/v1/external_credentials/twitter/callback', as: :json
#expect(response).to have_http_status(422)
#expect(json_response).to be_a_kind_of(Hash)
#expect(json_response['error']).to eq('Invalid oauth_token given!')
end
it 'does external_credential app_verify with admin and different permissions' do
authenticated_as(admin_user)
create(:external_credential, { name: 'twitter', credentials: { consumer_key: 123, consumer_secret: 123 } })
VCR.use_cassette('request/external_credentials/twitter/app_verify_twitter') do
post '/api/v1/external_credentials/twitter/app_verify', as: :json
end
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('401 Authorization Required')
permission = Permission.find_by(name: 'admin.channel_twitter')
permission.active = false
permission.save!
post '/api/v1/external_credentials/twitter/app_verify', as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('Not authorized (user)!')
create(:external_credential, { name: 'facebook', credentials: { application_id: 123, application_secret: 123 } })
VCR.use_cassette('request/external_credentials/facebook/app_verify_facebook') do
post '/api/v1/external_credentials/facebook/app_verify', as: :json
end
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('type: OAuthException, code: 101, message: Error validating application. Cannot get application info due to a system error. [HTTP 400]')
permission = Permission.find_by(name: 'admin.channel_facebook')
permission.active = false
permission.save!
post '/api/v1/external_credentials/facebook/app_verify', as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('Not authorized (user)!')
end
end
end

View file

@ -0,0 +1,309 @@
require 'rails_helper'
RSpec.describe 'External Credentials', type: :request do
let(:admin_user) { create(:admin_user) }
context 'without authentication' do
describe '#index' do
it 'returns 401 unauthorized' do
get '/api/v1/external_credentials', as: :json
expect(response).to have_http_status(401)
expect(json_response).to include('error' => 'authentication failed')
end
end
describe '#app_verify' do
it 'returns 401 unauthorized' do
post '/api/v1/external_credentials/facebook/app_verify', as: :json
expect(response).to have_http_status(401)
expect(json_response).to include('error' => 'authentication failed')
end
end
describe '#link_account' do
it 'returns 401 unauthorized' do
get '/api/v1/external_credentials/facebook/link_account', as: :json
expect(response).to have_http_status(401)
expect(json_response).to include('error' => 'authentication failed')
end
end
describe '#callback' do
it 'returns 401 unauthorized' do
get '/api/v1/external_credentials/facebook/callback', as: :json
expect(response).to have_http_status(401)
expect(json_response).to include('error' => 'authentication failed')
end
end
end
context 'authenticated as admin' do
before { authenticated_as(admin_user) }
describe '#index' do
it 'responds with an array of ExternalCredential records' do
get '/api/v1/external_credentials', as: :json
expect(response).to have_http_status(200)
expect(json_response).to eq([])
end
context 'with expand=true URL parameters' do
it 'responds with an array of ExternalCredential records and their association data' do
get '/api/v1/external_credentials?expand=true', as: :json
expect(response).to have_http_status(200)
expect(json_response).to eq([])
end
end
end
context 'for Facebook' do
let(:invalid_credentials) do
{ application_id: 123, application_secret: 123 }
end
describe '#app_verify' do
describe 'failure cases' do
context 'when permission for Facebook channel is deactivated' do
before { Permission.find_by(name: 'admin.channel_facebook').update(active: false) }
it 'returns 401 unauthorized with internal (Zammad) error' do
post '/api/v1/external_credentials/facebook/app_verify', as: :json
expect(response).to have_http_status(401)
expect(json_response).to include('error' => 'Not authorized (user)!')
end
end
context 'with no credentials' do
it 'returns 200 with internal (Zammad) error' do
post '/api/v1/external_credentials/facebook/app_verify', as: :json
expect(response).to have_http_status(200)
expect(json_response).to include('error' => 'No application_id param!')
end
end
context 'with invalid credentials, via request params' do
it 'returns 200 with remote (Facebook auth) error' do
VCR.use_cassette('request/external_credentials/facebook/app_verify_invalid_credentials_with_not_created') do
post '/api/v1/external_credentials/facebook/app_verify', params: invalid_credentials, as: :json
end
expect(response).to have_http_status(200)
expect(json_response).to include('error' => 'type: OAuthException, code: 101, message: Error validating application. Cannot get application info due to a system error. [HTTP 400]')
end
end
context 'with invalid credentials, via ExternalCredential record' do
before { create(:facebook_credential, credentials: invalid_credentials) }
it 'returns 200 with remote (Facebook auth) error' do
VCR.use_cassette('request/external_credentials/facebook/app_verify_invalid_credentials_with_created') do
post '/api/v1/external_credentials/facebook/app_verify', as: :json
end
expect(response).to have_http_status(200)
expect(json_response).to include('error' => 'type: OAuthException, code: 101, message: Error validating application. Cannot get application info due to a system error. [HTTP 400]')
end
end
end
end
describe '#link_account' do
describe 'failure cases' do
context 'with no credentials' do
it 'returns 422 unprocessable entity with internal (Zammad) error' do
get '/api/v1/external_credentials/facebook/link_account', as: :json
expect(response).to have_http_status(422)
expect(json_response).to include('error' => 'No facebook app configured!')
end
end
context 'with invalid credentials, via request params' do
it 'returns 422 unprocessable entity with internal (Zammad) error' do
get '/api/v1/external_credentials/facebook/link_account', params: invalid_credentials, as: :json
expect(response).to have_http_status(422)
expect(json_response).to include('error' => 'No facebook app configured!')
end
end
context 'with invalid credentials, via ExternalCredential record' do
before { create(:facebook_credential, credentials: invalid_credentials) }
it 'returns 500 with remote (Facebook auth) error' do
VCR.use_cassette('request/external_credentials/facebook/link_account_with_invalid_credential') do
get '/api/v1/external_credentials/facebook/link_account', as: :json
end
expect(response).to have_http_status(500)
expect(json_response).to include('error' => 'type: OAuthException, code: 101, message: Error validating application. Cannot get application info due to a system error. [HTTP 400]')
end
end
end
end
describe '#callback' do
describe 'failure cases' do
context 'with no credentials' do
it 'returns 422 unprocessable entity with internal (Zammad) error' do
get '/api/v1/external_credentials/facebook/callback', as: :json
expect(response).to have_http_status(422)
expect(json_response).to include('error' => 'No facebook app configured!')
end
end
context 'with invalid credentials, via request params' do
it 'returns 422 unprocessable entity with internal (Zammad) error' do
get '/api/v1/external_credentials/facebook/callback', params: invalid_credentials, as: :json
expect(response).to have_http_status(422)
expect(json_response).to include('error' => 'No facebook app configured!')
end
end
context 'with invalid credentials, via ExternalCredential record' do
before { create(:facebook_credential, credentials: invalid_credentials) }
it 'returns 500 with remote (Facebook auth) error' do
VCR.use_cassette('request/external_credentials/facebook/callback_invalid_credentials') do
get '/api/v1/external_credentials/facebook/callback', as: :json
end
expect(response).to have_http_status(500)
expect(json_response).to include('error' => 'type: OAuthException, code: 101, message: Error validating application. Cannot get application info due to a system error. [HTTP 400]')
end
end
end
end
end
context 'for Twitter' do
let(:invalid_credentials) do
{ consumer_key: 123, consumer_secret: 123, oauth_token: 123, oauth_token_secret: 123 }
end
describe '#app_verify' do
describe 'failure cases' do
context 'when permission for Twitter channel is deactivated' do
before { Permission.find_by(name: 'admin.channel_twitter').update(active: false) }
it 'returns 401 unauthorized with internal (Zammad) error' do
post '/api/v1/external_credentials/twitter/app_verify', as: :json
expect(response).to have_http_status(401)
expect(json_response).to include('error' => 'Not authorized (user)!')
end
end
context 'with no credentials' do
it 'returns 200 with internal (Zammad) error' do
post '/api/v1/external_credentials/twitter/app_verify', as: :json
expect(response).to have_http_status(200)
expect(json_response).to include('error' => 'No consumer_key param!')
end
end
context 'with invalid credentials, via request params' do
it 'returns 200 with remote (Twitter auth) error' do
VCR.use_cassette('request/external_credentials/twitter/app_verify_invalid_credentials_with_not_created') do
post '/api/v1/external_credentials/twitter/app_verify', params: invalid_credentials, as: :json
end
expect(response).to have_http_status(200)
expect(json_response).to include('error' => '401 Authorization Required')
end
end
context 'with invalid credentials, via existing ExternalCredential record' do
before { create(:twitter_credential, credentials: invalid_credentials) }
it 'returns 200 with remote (Twitter auth) error' do
VCR.use_cassette('request/external_credentials/twitter/app_verify_invalid_credentials_with_created') do
post '/api/v1/external_credentials/twitter/app_verify', as: :json
end
expect(response).to have_http_status(200)
expect(json_response).to include('error' => '401 Authorization Required')
end
end
end
end
describe '#link_account' do
describe 'failure cases' do
context 'with no credentials' do
it 'returns 422 unprocessable entity with internal (Zammad) error' do
get '/api/v1/external_credentials/twitter/link_account', as: :json
expect(response).to have_http_status(422)
expect(json_response).to include('error' => 'No twitter app configured!')
end
end
context 'with invalid credentials, via request params' do
it 'returns 422 unprocessable entity with internal (Zammad) error' do
get '/api/v1/external_credentials/twitter/link_account', params: invalid_credentials, as: :json
expect(response).to have_http_status(422)
expect(json_response).to include('error' => 'No twitter app configured!')
end
end
context 'with invalid credentials, via ExternalCredential record' do
before { create(:twitter_credential, credentials: invalid_credentials) }
it 'returns 500 with remote (Twitter auth) error' do
VCR.use_cassette('request/external_credentials/twitter/link_account_with_invalid_credential') do
get '/api/v1/external_credentials/twitter/link_account', as: :json
end
expect(response).to have_http_status(500)
expect(json_response).to include('error' => '401 Authorization Required')
end
end
end
end
describe '#callback' do
describe 'failure cases' do
context 'with no credentials' do
it 'returns 422 unprocessable entity with internal (Zammad) error' do
get '/api/v1/external_credentials/twitter/callback', as: :json
expect(response).to have_http_status(422)
expect(json_response).to include('error' => 'No twitter app configured!')
end
end
context 'with invalid credentials, via request params' do
it 'returns 422 unprocessable entity with internal (Zammad) error' do
get '/api/v1/external_credentials/twitter/callback', params: invalid_credentials, as: :json
expect(response).to have_http_status(422)
expect(json_response).to include('error' => 'No twitter app configured!')
end
end
context 'with invalid credentials, via ExternalCredential record' do
before { create(:twitter_credential, credentials: invalid_credentials) }
it 'returns 422 unprocessable entity with internal (Zammad) error' do
get '/api/v1/external_credentials/twitter/callback', as: :json
expect(response).to have_http_status(422)
expect(json_response).to include('error' => 'No request_token for session found!')
end
end
end
end
end
end
end

View file

@ -1,58 +0,0 @@
---
http_interactions:
- request:
method: post
uri: https://graph.facebook.com/oauth/access_token
body:
encoding: UTF-8
string: client_id=123&client_secret=123&grant_type=client_credentials
headers:
User-Agent:
- Faraday v0.12.2
Content-Type:
- application/x-www-form-urlencoded
Accept-Encoding:
- gzip;q=1.0,deflate;q=0.6,identity;q=0.3
Accept:
- "*/*"
response:
status:
code: 400
message: Bad Request
headers:
Www-Authenticate:
- OAuth "Facebook Platform" "invalid_client" "Error validating application.
Cannot get application info due to a system error."
Content-Type:
- application/json; charset=UTF-8
Facebook-Api-Version:
- v2.8
X-Fb-Rev:
- '4583987'
Access-Control-Allow-Origin:
- "*"
Cache-Control:
- no-store
X-Fb-Trace-Id:
- Gun7Y5LdGdV
Expires:
- Sat, 01 Jan 2000 00:00:00 GMT
Strict-Transport-Security:
- max-age=15552000; preload
Pragma:
- no-cache
X-Fb-Debug:
- 6TUcLsJ9OAIw/Pb2N6TLCham7A35JxDcZGYRF8P/KOsWeJQNr7YiKMmb+PSN2yO11B/55cBLEiTzamU4ejATvQ==
Date:
- Fri, 30 Nov 2018 12:50:49 GMT
Connection:
- keep-alive
Content-Length:
- '166'
body:
encoding: UTF-8
string: '{"error":{"message":"Error validating application. Cannot get application
info due to a system error.","type":"OAuthException","code":101,"fbtrace_id":"Gun7Y5LdGdV"}}'
http_version:
recorded_at: Fri, 30 Nov 2018 12:50:49 GMT
recorded_with: VCR 4.0.0

View file

@ -1,76 +0,0 @@
---
http_interactions:
- request:
method: post
uri: https://api.twitter.com/oauth/request_token
body:
encoding: UTF-8
string: ''
headers:
Accept-Encoding:
- gzip;q=1.0,deflate;q=0.6,identity;q=0.3
Accept:
- "*/*"
User-Agent:
- OAuth gem v0.5.3
Content-Length:
- '0'
Authorization:
- OAuth oauth_callback="http%3A%2F%2Fzammad.example.com%2Fapi%2Fv1%2Fexternal_credentials%2Ftwitter%2Fcallback",
oauth_consumer_key="123", oauth_nonce="MUJuxD5pJylV4EjZdF6Z4aOa4ersvQ7X1Yn79OmI",
oauth_signature="fahmle9Bx8I6xsXd4PdB0QjPaog%3D", oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1543582248", oauth_version="1.0"
response:
status:
code: 401
message: Authorization Required
headers:
Cache-Control:
- no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Content-Disposition:
- attachment; filename=json.json
Content-Length:
- '89'
Content-Type:
- application/json; charset=utf-8
Date:
- Fri, 30 Nov 2018 12:50:49 GMT
Expires:
- Tue, 31 Mar 1981 05:00:00 GMT
Last-Modified:
- Fri, 30 Nov 2018 12:50:49 GMT
Pragma:
- no-cache
Server:
- tsa_o
Set-Cookie:
- guest_id=v1%3A154358224907677984; Max-Age=63072000; Expires=Sun, 29 Nov 2020
12:50:49 GMT; Path=/; Domain=.twitter.com
- personalization_id="v1_HLys+XMhL9WX47EwRLZ9ZQ=="; Max-Age=63072000; Expires=Sun,
29 Nov 2020 12:50:49 GMT; Path=/; Domain=.twitter.com
Status:
- 401 Unauthorized
Strict-Transport-Security:
- max-age=631138519
Www-Authenticate:
- OAuth realm="https://api.twitter.com"
X-Connection-Hash:
- b8e5026ed8e6cef6e85a0e07023a10ad
X-Content-Type-Options:
- nosniff
X-Frame-Options:
- SAMEORIGIN
X-Response-Time:
- '120'
X-Transaction:
- 002723f700aff7dd
X-Twitter-Response-Tags:
- BouncerCompliant
X-Xss-Protection:
- 1; mode=block; report=https://twitter.com/i/xss_report
body:
encoding: ASCII-8BIT
string: '{"errors":[{"code":32,"message":"Could not authenticate you."}]}'
http_version:
recorded_at: Fri, 30 Nov 2018 12:50:49 GMT
recorded_with: VCR 4.0.0