Improved external credential managment via rest controller.

This commit is contained in:
Martin Edenhofer 2018-09-26 11:51:53 +02:00
parent 6c82931245
commit 8e99a010ca
5 changed files with 167 additions and 2 deletions

View file

@ -1,7 +1,7 @@
# Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
class ExternalCredentialsController < ApplicationController
prepend_before_action { authentication_check(permission: ['admin.channel_twitter', 'admin.channel_facebook']) }
prepend_before_action :permission_check
def index
model_index_render(ExternalCredential, params)
@ -54,4 +54,27 @@ class ExternalCredentialsController < ApplicationController
ExternalCredential.app_url(provider, channel_id)
end
def permission_check
if params[:id].present? && ExternalCredential.exists?(params[:id])
external_credential = ExternalCredential.find(params[:id])
raise 'No such ExternalCredential!' if !external_credential
authentication_check(permission: ["admin.channel_#{external_credential.name}"])
return
end
if params[:name].present? || params[:provider].present?
if params[:name].present?
name = params[:name].downcase
elsif params[:provider].present?
name = params[:provider].downcase
else
raise 'Missing name/provider!'
end
authentication_check(permission: ["admin.channel_#{name}"])
return
end
authentication_check(permission: ['admin'])
end
end

View file

@ -7,13 +7,13 @@ class ExternalCredential::Facebook
def self.request_account_to_link(credentials = {})
external_credential = ExternalCredential.find_by(name: 'facebook')
raise Exceptions::UnprocessableEntity, 'No facebook app configured!' if !external_credential
if !credentials[:application_id]
credentials[:application_id] = external_credential.credentials['application_id']
end
if !credentials[:application_secret]
credentials[:application_secret] = external_credential.credentials['application_secret']
end
oauth = Koala::Facebook::OAuth.new(
credentials[:application_id],
credentials[:application_secret],

View file

@ -7,6 +7,7 @@ class ExternalCredential::Twitter
def self.request_account_to_link(credentials = {})
external_credential = ExternalCredential.find_by(name: 'twitter')
raise Exceptions::UnprocessableEntity, 'No twitter app configured!' if !external_credential
if !credentials[:consumer_key]
credentials[:consumer_key] = external_credential.credentials['consumer_key']
end

View file

@ -0,0 +1,5 @@
FactoryBot.define do
factory :external_credential do
credentials { { 'application_id' => '1234', 'application_secret' => 'secret' } }
end
end

View file

@ -0,0 +1,136 @@
require 'rails_helper'
RSpec.describe 'ExternalCredentials', type: :request do
let(:admin_user) do
create(:admin_user)
end
describe 'request handling' do
it 'does external_credential index with nobody' do
get '/api/v1/external_credentials', as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('authentication failed')
end
it 'does external_credential app_verify with nobody' do
post '/api/v1/external_credentials/facebook/app_verify', as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('authentication failed')
end
it 'does link_account app_verify with nobody' do
get '/api/v1/external_credentials/facebook/link_account', as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('authentication failed')
end
it 'does external_credential callback with nobody' do
get '/api/v1/external_credentials/facebook/callback', as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('authentication failed')
end
it 'does external_credential index with admin' do
authenticated_as(admin_user)
get '/api/v1/external_credentials', as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response).to be_truthy
expect(json_response.count).to eq(0)
get '/api/v1/external_credentials?expand=true', as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Array)
expect(json_response).to be_truthy
expect(json_response.count).to eq(0)
end
it 'does external_credential app_verify with admin' do
authenticated_as(admin_user)
post '/api/v1/external_credentials/facebook/app_verify', as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('No facebook app configured!')
create(:external_credential, name: 'facebook')
post '/api/v1/external_credentials/facebook/app_verify', as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('type: OAuthException, code: 101, message: Error validating application. Cannot get application info due to a system error. [HTTP 400]')
end
it 'does link_account app_verify with admin' do
authenticated_as(admin_user)
get '/api/v1/external_credentials/facebook/link_account', as: :json
expect(response).to have_http_status(422)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('No facebook app configured!')
create(:external_credential, name: 'facebook')
get '/api/v1/external_credentials/facebook/link_account', as: :json
expect(response).to have_http_status(500)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('type: OAuthException, code: 101, message: Error validating application. Cannot get application info due to a system error. [HTTP 400]')
end
it 'does external_credential callback with admin' do
authenticated_as(admin_user)
get '/api/v1/external_credentials/facebook/callback', as: :json
expect(response).to have_http_status(500)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('No such account')
create(:external_credential, name: 'facebook')
get '/api/v1/external_credentials/facebook/callback', as: :json
expect(response).to have_http_status(500)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('type: OAuthException, code: 101, message: Error validating application. Cannot get application info due to a system error. [HTTP 400]')
end
it 'does external_credential app_verify with admin and different permissions' do
authenticated_as(admin_user)
create(:external_credential, name: 'twitter')
post '/api/v1/external_credentials/twitter/app_verify', as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('400 Bad Request')
permission = Permission.find_by(name: 'admin.channel_twitter')
permission.active = false
permission.save!
post '/api/v1/external_credentials/twitter/app_verify', as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('Not authorized (user)!')
create(:external_credential, name: 'facebook')
post '/api/v1/external_credentials/facebook/app_verify', as: :json
expect(response).to have_http_status(200)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('type: OAuthException, code: 101, message: Error validating application. Cannot get application info due to a system error. [HTTP 400]')
permission = Permission.find_by(name: 'admin.channel_facebook')
permission.active = false
permission.save!
post '/api/v1/external_credentials/facebook/app_verify', as: :json
expect(response).to have_http_status(401)
expect(json_response).to be_a_kind_of(Hash)
expect(json_response['error']).to eq('Not authorized (user)!')
end
end
end