PageRenderTime 54ms CodeModel.GetById 14ms RepoModel.GetById 1ms app.codeStats 0ms

/spec/requests/api/users_spec.rb

https://gitlab.com/demisxbar/gitlab-ce
Ruby | 892 lines | 827 code | 64 blank | 1 comment | 26 complexity | fe4acca0c8f1b983c6056893e242802b MD5 | raw file
    

  1. require 'spec_helper'
    2. 

  2. 

  3. describe API::API, api: true  do
    4. 

  4.   include ApiHelpers
    5. 

  5. 

  6.   let(:user)  { create(:user) }
    7. 

  7.   let(:admin) { create(:admin) }
    8. 

  8.   let(:key)   { create(:key, user: user) }
    9. 

  9.   let(:email)   { create(:email, user: user) }
    10. 

  10.   let(:omniauth_user) { create(:omniauth_user) }
    11. 

  11.   let(:ldap_user) { create(:omniauth_user, provider: 'ldapmain') }
    12. 

  12.   let(:ldap_blocked_user) { create(:omniauth_user, provider: 'ldapmain', state: 'ldap_blocked') }
    13. 

  13. 

  14.   describe "GET /users" do
    15. 

  15.     context "when unauthenticated" do
    16. 

  16.       it "should return authentication error" do
    17. 

  17.         get api("/users")
    18. 

  18.         expect(response.status).to eq(401)
    19. 

  19.       end
    20. 

  20.     end
    21. 

  21. 

  22.     context "when authenticated" do
    23. 

  23.       #These specs are written just in case API authentication is not required anymore
    24. 

  24.       context "when public level is restricted" do
    25. 

  25.         before do
    26. 

  26.           stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
    27. 

  27.           allow_any_instance_of(API::Helpers).to receive(:authenticate!).and_return(true)
    28. 

  28.         end
    29. 

  29. 

  30.         it "renders 403" do
    31. 

  31.           get api("/users")
    32. 

  32.           expect(response.status).to eq(403)
    33. 

  33.         end
    34. 

  34. 

  35.         it "renders 404" do
    36. 

  36.           get api("/users/#{user.id}")
    37. 

  37.           expect(response.status).to eq(404)
    38. 

  38.         end
    39. 

  39.       end
    40. 

  40. 

  41.       it "should return an array of users" do
    42. 

  42.         get api("/users", user)
    43. 

  43.         expect(response.status).to eq(200)
    44. 

  44.         expect(json_response).to be_an Array
    45. 

  45.         username = user.username
    46. 

  46.         expect(json_response.detect do |user|
    47. 

  47.           user['username'] == username
    48. 

  48.         end['username']).to eq(username)
    49. 

  49.       end
    50. 

  50. 

  51.       it "should return one user" do
    52. 

  52.         get api("/users?username=#{omniauth_user.username}", user)
    53. 

  53.         expect(response.status).to eq(200)
    54. 

  54.         expect(json_response).to be_an Array
    55. 

  55.         expect(json_response.first['username']).to eq(omniauth_user.username)
    56. 

  56.       end
    57. 

  57.     end
    58. 

  58. 

  59.     context "when admin" do
    60. 

  60.       it "should return an array of users" do
    61. 

  61.         get api("/users", admin)
    62. 

  62.         expect(response.status).to eq(200)
    63. 

  63.         expect(json_response).to be_an Array
    64. 

  64.         expect(json_response.first.keys).to include 'email'
    65. 

  65.         expect(json_response.first.keys).to include 'identities'
    66. 

  66.         expect(json_response.first.keys).to include 'can_create_project'
    67. 

  67.         expect(json_response.first.keys).to include 'two_factor_enabled'
    68. 

  68.         expect(json_response.first.keys).to include 'last_sign_in_at'
    69. 

  69.         expect(json_response.first.keys).to include 'confirmed_at'
    70. 

  70.       end
    71. 

  71.     end
    72. 

  72.   end
    73. 

  73. 

  74.   describe "GET /users/:id" do
    75. 

  75.     it "should return a user by id" do
    76. 

  76.       get api("/users/#{user.id}", user)
    77. 

  77.       expect(response.status).to eq(200)
    78. 

  78.       expect(json_response['username']).to eq(user.username)
    79. 

  79.     end
    80. 

  80. 

  81.     it "should return a 401 if unauthenticated" do
    82. 

  82.       get api("/users/9998")
    83. 

  83.       expect(response.status).to eq(401)
    84. 

  84.     end
    85. 

  85. 

  86.     it "should return a 404 error if user id not found" do
    87. 

  87.       get api("/users/9999", user)
    88. 

  88.       expect(response.status).to eq(404)
    89. 

  89.       expect(json_response['message']).to eq('404 Not found')
    90. 

  90.     end
    91. 

  91. 

  92.     it "should return a 404 if invalid ID" do
    93. 

  93.       get api("/users/1ASDF", user)
    94. 

  94.       expect(response.status).to eq(404)
    95. 

  95.     end
    96. 

  96.   end
    97. 

  97. 

  98.   describe "POST /users" do
    99. 

  99.     before{ admin }
    100. 

  100. 

  101.     it "should create user" do
    102. 

  102.       expect do
    103. 

  103.         post api("/users", admin), attributes_for(:user, projects_limit: 3)
    104. 

  104.       end.to change { User.count }.by(1)
    105. 

  105.     end
    106. 

  106. 

  107.     it "should create user with correct attributes" do
    108. 

  108.       post api('/users', admin), attributes_for(:user, admin: true, can_create_group: true)
    109. 

  109.       expect(response.status).to eq(201)
    110. 

  110.       user_id = json_response['id']
    111. 

  111.       new_user = User.find(user_id)
    112. 

  112.       expect(new_user).not_to eq(nil)
    113. 

  113.       expect(new_user.admin).to eq(true)
    114. 

  114.       expect(new_user.can_create_group).to eq(true)
    115. 

  115.     end
    116. 

  116. 

  117.     it "should create non-admin user" do
    118. 

  118.       post api('/users', admin), attributes_for(:user, admin: false, can_create_group: false)
    119. 

  119.       expect(response.status).to eq(201)
    120. 

  120.       user_id = json_response['id']
    121. 

  121.       new_user = User.find(user_id)
    122. 

  122.       expect(new_user).not_to eq(nil)
    123. 

  123.       expect(new_user.admin).to eq(false)
    124. 

  124.       expect(new_user.can_create_group).to eq(false)
    125. 

  125.     end
    126. 

  126. 

  127.     it "should create non-admin users by default" do
    128. 

  128.       post api('/users', admin), attributes_for(:user)
    129. 

  129.       expect(response.status).to eq(201)
    130. 

  130.       user_id = json_response['id']
    131. 

  131.       new_user = User.find(user_id)
    132. 

  132.       expect(new_user).not_to eq(nil)
    133. 

  133.       expect(new_user.admin).to eq(false)
    134. 

  134.     end
    135. 

  135. 

  136.     it "should return 201 Created on success" do
    137. 

  137.       post api("/users", admin), attributes_for(:user, projects_limit: 3)
    138. 

  138.       expect(response.status).to eq(201)
    139. 

  139.     end
    140. 

  140. 

  141.     it 'creates non-external users by default' do
    142. 

  142.       post api("/users", admin), attributes_for(:user)
    143. 

  143.       expect(response.status).to eq(201)
    144. 

  144. 

  145.       user_id = json_response['id']
    146. 

  146.       new_user = User.find(user_id)
    147. 

  147.       expect(new_user).not_to eq nil
    148. 

  148.       expect(new_user.external).to be_falsy
    149. 

  149.     end
    150. 

  150. 

  151.     it 'should allow an external user to be created' do
    152. 

  152.       post api("/users", admin), attributes_for(:user, external: true)
    153. 

  153.       expect(response.status).to eq(201)
    154. 

  154. 

  155.       user_id = json_response['id']
    156. 

  156.       new_user = User.find(user_id)
    157. 

  157.       expect(new_user).not_to eq nil
    158. 

  158.       expect(new_user.external).to be_truthy
    159. 

  159.     end
    160. 

  160. 

  161.     it "should not create user with invalid email" do
    162. 

  162.       post api('/users', admin),
    163. 

  163.         email: 'invalid email',
    164. 

  164.         password: 'password',
    165. 

  165.         name: 'test'
    166. 

  166.       expect(response.status).to eq(400)
    167. 

  167.     end
    168. 

  168. 

  169.     it 'should return 400 error if name not given' do
    170. 

  170.       post api('/users', admin), attributes_for(:user).except(:name)
    171. 

  171.       expect(response.status).to eq(400)
    172. 

  172.     end
    173. 

  173. 

  174.     it 'should return 400 error if password not given' do
    175. 

  175.       post api('/users', admin), attributes_for(:user).except(:password)
    176. 

  176.       expect(response.status).to eq(400)
    177. 

  177.     end
    178. 

  178. 

  179.     it 'should return 400 error if email not given' do
    180. 

  180.       post api('/users', admin), attributes_for(:user).except(:email)
    181. 

  181.       expect(response.status).to eq(400)
    182. 

  182.     end
    183. 

  183. 

  184.     it 'should return 400 error if username not given' do
    185. 

  185.       post api('/users', admin), attributes_for(:user).except(:username)
    186. 

  186.       expect(response.status).to eq(400)
    187. 

  187.     end
    188. 

  188. 

  189.     it 'should return 400 error if user does not validate' do
    190. 

  190.       post api('/users', admin),
    191. 

  191.         password: 'pass',
    192. 

  192.         email: 'test@example.com',
    193. 

  193.         username: 'test!',
    194. 

  194.         name: 'test',
    195. 

  195.         bio: 'g' * 256,
    196. 

  196.         projects_limit: -1
    197. 

  197.       expect(response.status).to eq(400)
    198. 

  198.       expect(json_response['message']['password']).
    199. 

  199.         to eq(['is too short (minimum is 8 characters)'])
    200. 

  200.       expect(json_response['message']['bio']).
    201. 

  201.         to eq(['is too long (maximum is 255 characters)'])
    202. 

  202.       expect(json_response['message']['projects_limit']).
    203. 

  203.         to eq(['must be greater than or equal to 0'])
    204. 

  204.       expect(json_response['message']['username']).
    205. 

  205.         to eq([Gitlab::Regex.namespace_regex_message])
    206. 

  206.     end
    207. 

  207. 

  208.     it "shouldn't available for non admin users" do
    209. 

  209.       post api("/users", user), attributes_for(:user)
    210. 

  210.       expect(response.status).to eq(403)
    211. 

  211.     end
    212. 

  212. 

  213.     context 'with existing user' do
    214. 

  214.       before do
    215. 

  215.         post api('/users', admin),
    216. 

  216.           email: 'test@example.com',
    217. 

  217.           password: 'password',
    218. 

  218.           username: 'test',
    219. 

  219.           name: 'foo'
    220. 

  220.       end
    221. 

  221. 

  222.       it 'should return 409 conflict error if user with same email exists' do
    223. 

  223.         expect do
    224. 

  224.           post api('/users', admin),
    225. 

  225.             name: 'foo',
    226. 

  226.             email: 'test@example.com',
    227. 

  227.             password: 'password',
    228. 

  228.             username: 'foo'
    229. 

  229.         end.to change { User.count }.by(0)
    230. 

  230.         expect(response.status).to eq(409)
    231. 

  231.         expect(json_response['message']).to eq('Email has already been taken')
    232. 

  232.       end
    233. 

  233. 

  234.       it 'should return 409 conflict error if same username exists' do
    235. 

  235.         expect do
    236. 

  236.           post api('/users', admin),
    237. 

  237.             name: 'foo',
    238. 

  238.             email: 'foo@example.com',
    239. 

  239.             password: 'password',
    240. 

  240.             username: 'test'
    241. 

  241.         end.to change { User.count }.by(0)
    242. 

  242.         expect(response.status).to eq(409)
    243. 

  243.         expect(json_response['message']).to eq('Username has already been taken')
    244. 

  244.       end
    245. 

  245.     end
    246. 

  246.   end
    247. 

  247. 

  248.   describe "GET /users/sign_up" do
    249. 

  249. 

  250.     it "should redirect to sign in page" do
    251. 

  251.       get "/users/sign_up"
    252. 

  252.       expect(response.status).to eq(302)
    253. 

  253.       expect(response).to redirect_to(new_user_session_path)
    254. 

  254.     end
    255. 

  255.   end
    256. 

  256. 

  257.   describe "PUT /users/:id" do
    258. 

  258.     let!(:admin_user) { create(:admin) }
    259. 

  259. 

  260.     before { admin }
    261. 

  261. 

  262.     it "should update user with new bio" do
    263. 

  263.       put api("/users/#{user.id}", admin), { bio: 'new test bio' }
    264. 

  264.       expect(response.status).to eq(200)
    265. 

  265.       expect(json_response['bio']).to eq('new test bio')
    266. 

  266.       expect(user.reload.bio).to eq('new test bio')
    267. 

  267.     end
    268. 

  268. 

  269.     it 'should update user with his own email' do
    270. 

  270.       put api("/users/#{user.id}", admin), email: user.email
    271. 

  271.       expect(response.status).to eq(200)
    272. 

  272.       expect(json_response['email']).to eq(user.email)
    273. 

  273.       expect(user.reload.email).to eq(user.email)
    274. 

  274.     end
    275. 

  275. 

  276.     it 'should update user with his own username' do
    277. 

  277.       put api("/users/#{user.id}", admin), username: user.username
    278. 

  278.       expect(response.status).to eq(200)
    279. 

  279.       expect(json_response['username']).to eq(user.username)
    280. 

  280.       expect(user.reload.username).to eq(user.username)
    281. 

  281.     end
    282. 

  282. 

  283.     it "should update user's existing identity" do
    284. 

  284.       put api("/users/#{omniauth_user.id}", admin), provider: 'ldapmain', extern_uid: '654321'
    285. 

  285.       expect(response.status).to eq(200)
    286. 

  286.       expect(omniauth_user.reload.identities.first.extern_uid).to eq('654321')
    287. 

  287.     end
    288. 

  288. 

  289.     it 'should update user with new identity' do
    290. 

  290.       put api("/users/#{user.id}", admin), provider: 'github', extern_uid: '67890'
    291. 

  291.       expect(response.status).to eq(200)
    292. 

  292.       expect(user.reload.identities.first.extern_uid).to eq('67890')
    293. 

  293.       expect(user.reload.identities.first.provider).to eq('github')
    294. 

  294.     end
    295. 

  295. 

  296.     it "should update admin status" do
    297. 

  297.       put api("/users/#{user.id}", admin), { admin: true }
    298. 

  298.       expect(response.status).to eq(200)
    299. 

  299.       expect(json_response['is_admin']).to eq(true)
    300. 

  300.       expect(user.reload.admin).to eq(true)
    301. 

  301.     end
    302. 

  302. 

  303.     it "should update external status" do
    304. 

  304.       put api("/users/#{user.id}", admin), { external: true }
    305. 

  305.       expect(response.status).to eq 200
    306. 

  306.       expect(json_response['external']).to eq(true)
    307. 

  307.       expect(user.reload.external?).to be_truthy
    308. 

  308.     end
    309. 

  309. 

  310.     it "should not update admin status" do
    311. 

  311.       put api("/users/#{admin_user.id}", admin), { can_create_group: false }
    312. 

  312.       expect(response.status).to eq(200)
    313. 

  313.       expect(json_response['is_admin']).to eq(true)
    314. 

  314.       expect(admin_user.reload.admin).to eq(true)
    315. 

  315.       expect(admin_user.can_create_group).to eq(false)
    316. 

  316.     end
    317. 

  317. 

  318.     it "should not allow invalid update" do
    319. 

  319.       put api("/users/#{user.id}", admin), { email: 'invalid email' }
    320. 

  320.       expect(response.status).to eq(400)
    321. 

  321.       expect(user.reload.email).not_to eq('invalid email')
    322. 

  322.     end
    323. 

  323. 

  324.     it "shouldn't available for non admin users" do
    325. 

  325.       put api("/users/#{user.id}", user), attributes_for(:user)
    326. 

  326.       expect(response.status).to eq(403)
    327. 

  327.     end
    328. 

  328. 

  329.     it "should return 404 for non-existing user" do
    330. 

  330.       put api("/users/999999", admin), { bio: 'update should fail' }
    331. 

  331.       expect(response.status).to eq(404)
    332. 

  332.       expect(json_response['message']).to eq('404 Not found')
    333. 

  333.     end
    334. 

  334. 

  335.     it "should raise error for invalid ID" do
    336. 

  336.       expect{put api("/users/ASDF", admin) }.to raise_error(ActionController::RoutingError)
    337. 

  337.     end
    338. 

  338. 

  339.     it 'should return 400 error if user does not validate' do
    340. 

  340.       put api("/users/#{user.id}", admin),
    341. 

  341.         password: 'pass',
    342. 

  342.         email: 'test@example.com',
    343. 

  343.         username: 'test!',
    344. 

  344.         name: 'test',
    345. 

  345.         bio: 'g' * 256,
    346. 

  346.         projects_limit: -1
    347. 

  347.       expect(response.status).to eq(400)
    348. 

  348.       expect(json_response['message']['password']).
    349. 

  349.         to eq(['is too short (minimum is 8 characters)'])
    350. 

  350.       expect(json_response['message']['bio']).
    351. 

  351.         to eq(['is too long (maximum is 255 characters)'])
    352. 

  352.       expect(json_response['message']['projects_limit']).
    353. 

  353.         to eq(['must be greater than or equal to 0'])
    354. 

  354.       expect(json_response['message']['username']).
    355. 

  355.         to eq([Gitlab::Regex.namespace_regex_message])
    356. 

  356.     end
    357. 

  357. 

  358.     context "with existing user" do
    359. 

  359.       before do
    360. 

  360.         post api("/users", admin), { email: 'test@example.com', password: 'password', username: 'test', name: 'test' }
    361. 

  361.         post api("/users", admin), { email: 'foo@bar.com', password: 'password', username: 'john', name: 'john' }
    362. 

  362.         @user = User.all.last
    363. 

  363.       end
    364. 

  364. 

  365.       it 'should return 409 conflict error if email address exists' do
    366. 

  366.         put api("/users/#{@user.id}", admin), email: 'test@example.com'
    367. 

  367.         expect(response.status).to eq(409)
    368. 

  368.         expect(@user.reload.email).to eq(@user.email)
    369. 

  369.       end
    370. 

  370. 

  371.       it 'should return 409 conflict error if username taken' do
    372. 

  372.         @user_id = User.all.last.id
    373. 

  373.         put api("/users/#{@user.id}", admin), username: 'test'
    374. 

  374.         expect(response.status).to eq(409)
    375. 

  375.         expect(@user.reload.username).to eq(@user.username)
    376. 

  376.       end
    377. 

  377.     end
    378. 

  378.   end
    379. 

  379. 

  380.   describe "POST /users/:id/keys" do
    381. 

  381.     before { admin }
    382. 

  382. 

  383.     it "should not create invalid ssh key" do
    384. 

  384.       post api("/users/#{user.id}/keys", admin), { title: "invalid key" }
    385. 

  385.       expect(response.status).to eq(400)
    386. 

  386.       expect(json_response['message']).to eq('400 (Bad request) "key" not given')
    387. 

  387.     end
    388. 

  388. 

  389.     it 'should not create key without title' do
    390. 

  390.       post api("/users/#{user.id}/keys", admin), key: 'some key'
    391. 

  391.       expect(response.status).to eq(400)
    392. 

  392.       expect(json_response['message']).to eq('400 (Bad request) "title" not given')
    393. 

  393.     end
    394. 

  394. 

  395.     it "should create ssh key" do
    396. 

  396.       key_attrs = attributes_for :key
    397. 

  397.       expect do
    398. 

  398.         post api("/users/#{user.id}/keys", admin), key_attrs
    399. 

  399.       end.to change{ user.keys.count }.by(1)
    400. 

  400.     end
    401. 

  401. 

  402.     it "should return 405 for invalid ID" do
    403. 

  403.       post api("/users/ASDF/keys", admin)
    404. 

  404.       expect(response.status).to eq(405)
    405. 

  405.     end
    406. 

  406.   end
    407. 

  407. 

  408.   describe 'GET /user/:uid/keys' do
    409. 

  409.     before { admin }
    410. 

  410. 

  411.     context 'when unauthenticated' do
    412. 

  412.       it 'should return authentication error' do
    413. 

  413.         get api("/users/#{user.id}/keys")
    414. 

  414.         expect(response.status).to eq(401)
    415. 

  415.       end
    416. 

  416.     end
    417. 

  417. 

  418.     context 'when authenticated' do
    419. 

  419.       it 'should return 404 for non-existing user' do
    420. 

  420.         get api('/users/999999/keys', admin)
    421. 

  421.         expect(response.status).to eq(404)
    422. 

  422.         expect(json_response['message']).to eq('404 User Not Found')
    423. 

  423.       end
    424. 

  424. 

  425.       it 'should return array of ssh keys' do
    426. 

  426.         user.keys << key
    427. 

  427.         user.save
    428. 

  428.         get api("/users/#{user.id}/keys", admin)
    429. 

  429.         expect(response.status).to eq(200)
    430. 

  430.         expect(json_response).to be_an Array
    431. 

  431.         expect(json_response.first['title']).to eq(key.title)
    432. 

  432.       end
    433. 

  433. 

  434.       it "should return 405 for invalid ID" do
    435. 

  435.         get api("/users/ASDF/keys", admin)
    436. 

  436.         expect(response.status).to eq(405)
    437. 

  437.       end
    438. 

  438.     end
    439. 

  439.   end
    440. 

  440. 

  441.   describe 'DELETE /user/:uid/keys/:id' do
    442. 

  442.     before { admin }
    443. 

  443. 

  444.     context 'when unauthenticated' do
    445. 

  445.       it 'should return authentication error' do
    446. 

  446.         delete api("/users/#{user.id}/keys/42")
    447. 

  447.         expect(response.status).to eq(401)
    448. 

  448.       end
    449. 

  449.     end
    450. 

  450. 

  451.     context 'when authenticated' do
    452. 

  452.       it 'should delete existing key' do
    453. 

  453.         user.keys << key
    454. 

  454.         user.save
    455. 

  455.         expect do
    456. 

  456.           delete api("/users/#{user.id}/keys/#{key.id}", admin)
    457. 

  457.         end.to change { user.keys.count }.by(-1)
    458. 

  458.         expect(response.status).to eq(200)
    459. 

  459.       end
    460. 

  460. 

  461.       it 'should return 404 error if user not found' do
    462. 

  462.         user.keys << key
    463. 

  463.         user.save
    464. 

  464.         delete api("/users/999999/keys/#{key.id}", admin)
    465. 

  465.         expect(response.status).to eq(404)
    466. 

  466.         expect(json_response['message']).to eq('404 User Not Found')
    467. 

  467.       end
    468. 

  468. 

  469.       it 'should return 404 error if key not foud' do
    470. 

  470.         delete api("/users/#{user.id}/keys/42", admin)
    471. 

  471.         expect(response.status).to eq(404)
    472. 

  472.         expect(json_response['message']).to eq('404 Key Not Found')
    473. 

  473.       end
    474. 

  474.     end
    475. 

  475.   end
    476. 

  476. 

  477.   describe "POST /users/:id/emails" do
    478. 

  478.     before { admin }
    479. 

  479. 

  480.     it "should not create invalid email" do
    481. 

  481.       post api("/users/#{user.id}/emails", admin), {}
    482. 

  482.       expect(response.status).to eq(400)
    483. 

  483.       expect(json_response['message']).to eq('400 (Bad request) "email" not given')
    484. 

  484.     end
    485. 

  485. 

  486.     it "should create email" do
    487. 

  487.       email_attrs = attributes_for :email
    488. 

  488.       expect do
    489. 

  489.         post api("/users/#{user.id}/emails", admin), email_attrs
    490. 

  490.       end.to change{ user.emails.count }.by(1)
    491. 

  491.     end
    492. 

  492. 

  493.     it "should raise error for invalid ID" do
    494. 

  494.       post api("/users/ASDF/emails", admin)
    495. 

  495.       expect(response.status).to eq(405)
    496. 

  496.     end
    497. 

  497.   end
    498. 

  498. 

  499.   describe 'GET /user/:uid/emails' do
    500. 

  500.     before { admin }
    501. 

  501. 

  502.     context 'when unauthenticated' do
    503. 

  503.       it 'should return authentication error' do
    504. 

  504.         get api("/users/#{user.id}/emails")
    505. 

  505.         expect(response.status).to eq(401)
    506. 

  506.       end
    507. 

  507.     end
    508. 

  508. 

  509.     context 'when authenticated' do
    510. 

  510.       it 'should return 404 for non-existing user' do
    511. 

  511.         get api('/users/999999/emails', admin)
    512. 

  512.         expect(response.status).to eq(404)
    513. 

  513.         expect(json_response['message']).to eq('404 User Not Found')
    514. 

  514.       end
    515. 

  515. 

  516.       it 'should return array of emails' do
    517. 

  517.         user.emails << email
    518. 

  518.         user.save
    519. 

  519.         get api("/users/#{user.id}/emails", admin)
    520. 

  520.         expect(response.status).to eq(200)
    521. 

  521.         expect(json_response).to be_an Array
    522. 

  522.         expect(json_response.first['email']).to eq(email.email)
    523. 

  523.       end
    524. 

  524. 

  525.       it "should raise error for invalid ID" do
    526. 

  526.         put api("/users/ASDF/emails", admin)
    527. 

  527.         expect(response.status).to eq(405)
    528. 

  528.       end
    529. 

  529.     end
    530. 

  530.   end
    531. 

  531. 

  532.   describe 'DELETE /user/:uid/emails/:id' do
    533. 

  533.     before { admin }
    534. 

  534. 

  535.     context 'when unauthenticated' do
    536. 

  536.       it 'should return authentication error' do
    537. 

  537.         delete api("/users/#{user.id}/emails/42")
    538. 

  538.         expect(response.status).to eq(401)
    539. 

  539.       end
    540. 

  540.     end
    541. 

  541. 

  542.     context 'when authenticated' do
    543. 

  543.       it 'should delete existing email' do
    544. 

  544.         user.emails << email
    545. 

  545.         user.save
    546. 

  546.         expect do
    547. 

  547.           delete api("/users/#{user.id}/emails/#{email.id}", admin)
    548. 

  548.         end.to change { user.emails.count }.by(-1)
    549. 

  549.         expect(response.status).to eq(200)
    550. 

  550.       end
    551. 

  551. 

  552.       it 'should return 404 error if user not found' do
    553. 

  553.         user.emails << email
    554. 

  554.         user.save
    555. 

  555.         delete api("/users/999999/emails/#{email.id}", admin)
    556. 

  556.         expect(response.status).to eq(404)
    557. 

  557.         expect(json_response['message']).to eq('404 User Not Found')
    558. 

  558.       end
    559. 

  559. 

  560.       it 'should return 404 error if email not foud' do
    561. 

  561.         delete api("/users/#{user.id}/emails/42", admin)
    562. 

  562.         expect(response.status).to eq(404)
    563. 

  563.         expect(json_response['message']).to eq('404 Email Not Found')
    564. 

  564.       end
    565. 

  565. 

  566.       it "should raise error for invalid ID" do
    567. 

  567.         expect{delete api("/users/ASDF/emails/bar", admin) }.to raise_error(ActionController::RoutingError)
    568. 

  568.       end
    569. 

  569.     end
    570. 

  570.   end
    571. 

  571. 

  572.   describe "DELETE /users/:id" do
    573. 

  573.     before { admin }
    574. 

  574. 

  575.     it "should delete user" do
    576. 

  576.       delete api("/users/#{user.id}", admin)
    577. 

  577.       expect(response.status).to eq(200)
    578. 

  578.       expect { User.find(user.id) }.to raise_error ActiveRecord::RecordNotFound
    579. 

  579.       expect(json_response['email']).to eq(user.email)
    580. 

  580.     end
    581. 

  581. 

  582.     it "should not delete for unauthenticated user" do
    583. 

  583.       delete api("/users/#{user.id}")
    584. 

  584.       expect(response.status).to eq(401)
    585. 

  585.     end
    586. 

  586. 

  587.     it "shouldn't available for non admin users" do
    588. 

  588.       delete api("/users/#{user.id}", user)
    589. 

  589.       expect(response.status).to eq(403)
    590. 

  590.     end
    591. 

  591. 

  592.     it "should return 404 for non-existing user" do
    593. 

  593.       delete api("/users/999999", admin)
    594. 

  594.       expect(response.status).to eq(404)
    595. 

  595.       expect(json_response['message']).to eq('404 User Not Found')
    596. 

  596.     end
    597. 

  597. 

  598.     it "should raise error for invalid ID" do
    599. 

  599.       expect{delete api("/users/ASDF", admin) }.to raise_error(ActionController::RoutingError)
    600. 

  600.     end
    601. 

  601.   end
    602. 

  602. 

  603.   describe "GET /user" do
    604. 

  604.     it "should return current user" do
    605. 

  605.       get api("/user", user)
    606. 

  606.       expect(response.status).to eq(200)
    607. 

  607.       expect(json_response['email']).to eq(user.email)
    608. 

  608.       expect(json_response['is_admin']).to eq(user.is_admin?)
    609. 

  609.       expect(json_response['can_create_project']).to eq(user.can_create_project?)
    610. 

  610.       expect(json_response['can_create_group']).to eq(user.can_create_group?)
    611. 

  611.       expect(json_response['projects_limit']).to eq(user.projects_limit)
    612. 

  612.     end
    613. 

  613. 

  614.     it "should return 401 error if user is unauthenticated" do
    615. 

  615.       get api("/user")
    616. 

  616.       expect(response.status).to eq(401)
    617. 

  617.     end
    618. 

  618.   end
    619. 

  619. 

  620.   describe "GET /user/keys" do
    621. 

  621.     context "when unauthenticated" do
    622. 

  622.       it "should return authentication error" do
    623. 

  623.         get api("/user/keys")
    624. 

  624.         expect(response.status).to eq(401)
    625. 

  625.       end
    626. 

  626.     end
    627. 

  627. 

  628.     context "when authenticated" do
    629. 

  629.       it "should return array of ssh keys" do
    630. 

  630.         user.keys << key
    631. 

  631.         user.save
    632. 

  632.         get api("/user/keys", user)
    633. 

  633.         expect(response.status).to eq(200)
    634. 

  634.         expect(json_response).to be_an Array
    635. 

  635.         expect(json_response.first["title"]).to eq(key.title)
    636. 

  636.       end
    637. 

  637.     end
    638. 

  638.   end
    639. 

  639. 

  640.   describe "GET /user/keys/:id" do
    641. 

  641.     it "should return single key" do
    642. 

  642.       user.keys << key
    643. 

  643.       user.save
    644. 

  644.       get api("/user/keys/#{key.id}", user)
    645. 

  645.       expect(response.status).to eq(200)
    646. 

  646.       expect(json_response["title"]).to eq(key.title)
    647. 

  647.     end
    648. 

  648. 

  649.     it "should return 404 Not Found within invalid ID" do
    650. 

  650.       get api("/user/keys/42", user)
    651. 

  651.       expect(response.status).to eq(404)
    652. 

  652.       expect(json_response['message']).to eq('404 Not found')
    653. 

  653.     end
    654. 

  654. 

  655.     it "should return 404 error if admin accesses user's ssh key" do
    656. 

  656.       user.keys << key
    657. 

  657.       user.save
    658. 

  658.       admin
    659. 

  659.       get api("/user/keys/#{key.id}", admin)
    660. 

  660.       expect(response.status).to eq(404)
    661. 

  661.       expect(json_response['message']).to eq('404 Not found')
    662. 

  662.     end
    663. 

  663. 

  664.     it "should return 404 for invalid ID" do
    665. 

  665.       get api("/users/keys/ASDF", admin)
    666. 

  666.       expect(response.status).to eq(404)
    667. 

  667.     end
    668. 

  668.   end
    669. 

  669. 

  670.   describe "POST /user/keys" do
    671. 

  671.     it "should create ssh key" do
    672. 

  672.       key_attrs = attributes_for :key
    673. 

  673.       expect do
    674. 

  674.         post api("/user/keys", user), key_attrs
    675. 

  675.       end.to change{ user.keys.count }.by(1)
    676. 

  676.       expect(response.status).to eq(201)
    677. 

  677.     end
    678. 

  678. 

  679.     it "should return a 401 error if unauthorized" do
    680. 

  680.       post api("/user/keys"), title: 'some title', key: 'some key'
    681. 

  681.       expect(response.status).to eq(401)
    682. 

  682.     end
    683. 

  683. 

  684.     it "should not create ssh key without key" do
    685. 

  685.       post api("/user/keys", user), title: 'title'
    686. 

  686.       expect(response.status).to eq(400)
    687. 

  687.       expect(json_response['message']).to eq('400 (Bad request) "key" not given')
    688. 

  688.     end
    689. 

  689. 

  690.     it 'should not create ssh key without title' do
    691. 

  691.       post api('/user/keys', user), key: 'some key'
    692. 

  692.       expect(response.status).to eq(400)
    693. 

  693.       expect(json_response['message']).to eq('400 (Bad request) "title" not given')
    694. 

  694.     end
    695. 

  695. 

  696.     it "should not create ssh key without title" do
    697. 

  697.       post api("/user/keys", user), key: "somekey"
    698. 

  698.       expect(response.status).to eq(400)
    699. 

  699.     end
    700. 

  700.   end
    701. 

  701. 

  702.   describe "DELETE /user/keys/:id" do
    703. 

  703.     it "should delete existed key" do
    704. 

  704.       user.keys << key
    705. 

  705.       user.save
    706. 

  706.       expect do
    707. 

  707.         delete api("/user/keys/#{key.id}", user)
    708. 

  708.       end.to change{user.keys.count}.by(-1)
    709. 

  709.       expect(response.status).to eq(200)
    710. 

  710.     end
    711. 

  711. 

  712.     it "should return success if key ID not found" do
    713. 

  713.       delete api("/user/keys/42", user)
    714. 

  714.       expect(response.status).to eq(200)
    715. 

  715.     end
    716. 

  716. 

  717.     it "should return 401 error if unauthorized" do
    718. 

  718.       user.keys << key
    719. 

  719.       user.save
    720. 

  720.       delete api("/user/keys/#{key.id}")
    721. 

  721.       expect(response.status).to eq(401)
    722. 

  722.     end
    723. 

  723. 

  724.     it "should raise error for invalid ID" do
    725. 

  725.       expect{delete api("/users/keys/ASDF", admin) }.to raise_error(ActionController::RoutingError)
    726. 

  726.     end
    727. 

  727.   end
    728. 

  728. 

  729.   describe "GET /user/emails" do
    730. 

  730.     context "when unauthenticated" do
    731. 

  731.       it "should return authentication error" do
    732. 

  732.         get api("/user/emails")
    733. 

  733.         expect(response.status).to eq(401)
    734. 

  734.       end
    735. 

  735.     end
    736. 

  736. 

  737.     context "when authenticated" do
    738. 

  738.       it "should return array of emails" do
    739. 

  739.         user.emails << email
    740. 

  740.         user.save
    741. 

  741.         get api("/user/emails", user)
    742. 

  742.         expect(response.status).to eq(200)
    743. 

  743.         expect(json_response).to be_an Array
    744. 

  744.         expect(json_response.first["email"]).to eq(email.email)
    745. 

  745.       end
    746. 

  746.     end
    747. 

  747.   end
    748. 

  748. 

  749.   describe "GET /user/emails/:id" do
    750. 

  750.     it "should return single email" do
    751. 

  751.       user.emails << email
    752. 

  752.       user.save
    753. 

  753.       get api("/user/emails/#{email.id}", user)
    754. 

  754.       expect(response.status).to eq(200)
    755. 

  755.       expect(json_response["email"]).to eq(email.email)
    756. 

  756.     end
    757. 

  757. 

  758.     it "should return 404 Not Found within invalid ID" do
    759. 

  759.       get api("/user/emails/42", user)
    760. 

  760.       expect(response.status).to eq(404)
    761. 

  761.       expect(json_response['message']).to eq('404 Not found')
    762. 

  762.     end
    763. 

  763. 

  764.     it "should return 404 error if admin accesses user's email" do
    765. 

  765.       user.emails << email
    766. 

  766.       user.save
    767. 

  767.       admin
    768. 

  768.       get api("/user/emails/#{email.id}", admin)
    769. 

  769.       expect(response.status).to eq(404)
    770. 

  770.       expect(json_response['message']).to eq('404 Not found')
    771. 

  771.     end
    772. 

  772. 

  773.     it "should return 404 for invalid ID" do
    774. 

  774.       get api("/users/emails/ASDF", admin)
    775. 

  775.       expect(response.status).to eq(404)
    776. 

  776.     end
    777. 

  777.   end
    778. 

  778. 

  779.   describe "POST /user/emails" do
    780. 

  780.     it "should create email" do
    781. 

  781.       email_attrs = attributes_for :email
    782. 

  782.       expect do
    783. 

  783.         post api("/user/emails", user), email_attrs
    784. 

  784.       end.to change{ user.emails.count }.by(1)
    785. 

  785.       expect(response.status).to eq(201)
    786. 

  786.     end
    787. 

  787. 

  788.     it "should return a 401 error if unauthorized" do
    789. 

  789.       post api("/user/emails"), email: 'some email'
    790. 

  790.       expect(response.status).to eq(401)
    791. 

  791.     end
    792. 

  792. 

  793.     it "should not create email with invalid email" do
    794. 

  794.       post api("/user/emails", user), {}
    795. 

  795.       expect(response.status).to eq(400)
    796. 

  796.       expect(json_response['message']).to eq('400 (Bad request) "email" not given')
    797. 

  797.     end
    798. 

  798.   end
    799. 

  799. 

  800.   describe "DELETE /user/emails/:id" do
    801. 

  801.     it "should delete existed email" do
    802. 

  802.       user.emails << email
    803. 

  803.       user.save
    804. 

  804.       expect do
    805. 

  805.         delete api("/user/emails/#{email.id}", user)
    806. 

  806.       end.to change{user.emails.count}.by(-1)
    807. 

  807.       expect(response.status).to eq(200)
    808. 

  808.     end
    809. 

  809. 

  810.     it "should return success if email ID not found" do
    811. 

  811.       delete api("/user/emails/42", user)
    812. 

  812.       expect(response.status).to eq(200)
    813. 

  813.     end
    814. 

  814. 

  815.     it "should return 401 error if unauthorized" do
    816. 

  816.       user.emails << email
    817. 

  817.       user.save
    818. 

  818.       delete api("/user/emails/#{email.id}")
    819. 

  819.       expect(response.status).to eq(401)
    820. 

  820.     end
    821. 

  821. 

  822.     it "should raise error for invalid ID" do
    823. 

  823.       expect{delete api("/users/emails/ASDF", admin) }.to raise_error(ActionController::RoutingError)
    824. 

  824.     end
    825. 

  825.   end
    826. 

  826. 

  827.   describe 'PUT /user/:id/block' do
    828. 

  828.     before { admin }
    829. 

  829.     it 'should block existing user' do
    830. 

  830.       put api("/users/#{user.id}/block", admin)
    831. 

  831.       expect(response.status).to eq(200)
    832. 

  832.       expect(user.reload.state).to eq('blocked')
    833. 

  833.     end
    834. 

  834. 

  835.     it 'should not re-block ldap blocked users' do
    836. 

  836.       put api("/users/#{ldap_blocked_user.id}/block", admin)
    837. 

  837.       expect(response.status).to eq(403)
    838. 

  838.       expect(ldap_blocked_user.reload.state).to eq('ldap_blocked')
    839. 

  839.     end
    840. 

  840. 

  841.     it 'should not be available for non admin users' do
    842. 

  842.       put api("/users/#{user.id}/block", user)
    843. 

  843.       expect(response.status).to eq(403)
    844. 

  844.       expect(user.reload.state).to eq('active')
    845. 

  845.     end
    846. 

  846. 

  847.     it 'should return a 404 error if user id not found' do
    848. 

  848.       put api('/users/9999/block', admin)
    849. 

  849.       expect(response.status).to eq(404)
    850. 

  850.       expect(json_response['message']).to eq('404 User Not Found')
    851. 

  851.     end
    852. 

  852.   end
    853. 

  853. 

  854.   describe 'PUT /user/:id/unblock' do
    855. 

  855.     let(:blocked_user)  { create(:user, state: 'blocked') }
    856. 

  856.     before { admin }
    857. 

  857. 

  858.     it 'should unblock existing user' do
    859. 

  859.       put api("/users/#{user.id}/unblock", admin)
    860. 

  860.       expect(response.status).to eq(200)
    861. 

  861.       expect(user.reload.state).to eq('active')
    862. 

  862.     end
    863. 

  863. 

  864.     it 'should unblock a blocked user' do
    865. 

  865.       put api("/users/#{blocked_user.id}/unblock", admin)
    866. 

  866.       expect(response.status).to eq(200)
    867. 

  867.       expect(blocked_user.reload.state).to eq('active')
    868. 

  868.     end
    869. 

  869. 

  870.     it 'should not unblock ldap blocked users' do
    871. 

  871.       put api("/users/#{ldap_blocked_user.id}/unblock", admin)
    872. 

  872.       expect(response.status).to eq(403)
    873. 

  873.       expect(ldap_blocked_user.reload.state).to eq('ldap_blocked')
    874. 

  874.     end
    875. 

  875. 

  876.     it 'should not be available for non admin users' do
    877. 

  877.       put api("/users/#{user.id}/unblock", user)
    878. 

  878.       expect(response.status).to eq(403)
    879. 

  879.       expect(user.reload.state).to eq('active')
    880. 

  880.     end
    881. 

  881. 

  882.     it 'should return a 404 error if user id not found' do
    883. 

  883.       put api('/users/9999/block', admin)
    884. 

  884.       expect(response.status).to eq(404)
    885. 

  885.       expect(json_response['message']).to eq('404 User Not Found')
    886. 

  886.     end
    887. 

  887. 

  888.     it "should raise error for invalid ID" do
    889. 

  889.       expect{put api("/users/ASDF/block", admin) }.to raise_error(ActionController::RoutingError)
    890. 

  890.     end
    891. 

  891.   end
    892. 

  892. end
    893. 

  893.