mirrors
/
redmine
mirror of https://github.com/redmine/redmine.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 199 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
18177 Commits
33 Branches
Tree: 466a8aa78e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '466a8aa78e'
${ noResults }
redmine/test/integration/api_test/users_test.rb

users_test.rb 18KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549 
  1. # frozen_string_literal: true

  2. 

  3. # Redmine - project management software

  4. # Copyright (C) 2006-  Jean-Philippe Lang

  5. #

  6. # This program is free software; you can redistribute it and/or

  7. # modify it under the terms of the GNU General Public License

  8. # as published by the Free Software Foundation; either version 2

  9. # of the License, or (at your option) any later version.

  10. #

  11. # This program is distributed in the hope that it will be useful,

  12. # but WITHOUT ANY WARRANTY; without even the implied warranty of

  13. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  14. # GNU General Public License for more details.

  15. #

  16. # You should have received a copy of the GNU General Public License

  17. # along with this program; if not, write to the Free Software

  18. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19. 

  20. require_relative '../../test_helper'

  21. 

  22. class Redmine::ApiTest::UsersTest < Redmine::ApiTest::Base

  23.   fixtures :users, :groups_users, :email_addresses, :members, :member_roles, :roles, :projects

  24. 

  25.   test "GET /users.xml should return users" do

  26.     users = User.active.order('login')

  27.     users.last.update(twofa_scheme: 'totp')

  28.     Redmine::Configuration.with 'avatar_server_url' => 'https://gravatar.com' do

  29.       with_settings :gravatar_enabled => '1', :gravatar_default => 'mm' do

  30.         get '/users.xml', :headers => credentials('admin')

  31.       end

  32.     end

  33. 

  34.     assert_response :success

  35.     assert_equal 'application/xml', response.media_type

  36.     assert_select 'users' do

  37.       assert_select 'user', :count => users.size do |nodeset|

  38.         nodeset.zip(users) do |user_element, user|

  39.           assert_select user_element, 'id', :text => user.id.to_s

  40.           assert_select user_element, 'updated_on', :text => user.updated_on.iso8601

  41.           assert_select user_element, 'twofa_scheme', :text => user.twofa_scheme.to_s

  42. 

  43.           # No one has changed password.

  44.           assert_select user_element, 'passwd_changed_on', :text => ''

  45.           assert_select user_element, 'avatar_url', :text => %r|\Ahttps://gravatar.com/avatar/\h{32}\?default=mm|

  46. 

  47.           if user == users.last

  48.             assert_select user_element, 'twofa_scheme', :text => 'totp'

  49.           else

  50.             assert_select user_element, 'twofa_scheme', :text => ''

  51.           end

  52.         end

  53.       end

  54.     end

  55.   end

  56. 

  57.   test "GET /users.json should return users" do

  58.     users = User.active.order('login')

  59.     users.last.update(twofa_scheme: 'totp')

  60.     get '/users.json', :headers => credentials('admin')

  61. 

  62.     assert_response :success

  63.     assert_equal 'application/json', response.media_type

  64.     json = ActiveSupport::JSON.decode(response.body)

  65.     assert json.key?('users')

  66. 

  67.     users = User.active.order('login')

  68.     assert_equal users.size, json['users'].size

  69. 

  70.     json['users'].zip(users) do |user_json, user|

  71.       assert_equal user.id, user_json['id']

  72.       assert_equal user.updated_on.iso8601, user_json['updated_on']

  73.       assert_equal user.status, user_json['status']

  74. 

  75.       # No one has changed password.

  76.       assert_nil user_json['passwd_changed_on']

  77. 

  78.       if user == users.last

  79.         assert_equal 'totp', user_json['twofa_scheme']

  80.       else

  81.         assert_nil user_json['twofa_scheme']

  82.       end

  83.     end

  84.   end

  85. 

  86.   test "GET /users.json with legacy filter params" do

  87.     get '/users.json', headers: credentials('admin'), params: { status: 3 }

  88.     assert_response :success

  89.     json = ActiveSupport::JSON.decode(response.body)

  90.     assert json.key?('users')

  91.     users = User.where(status: 3)

  92.     assert_equal users.size, json['users'].size

  93. 

  94.     get '/users.json', headers: credentials('admin'), params: { status: '*' }

  95.     assert_response :success

  96.     json = ActiveSupport::JSON.decode(response.body)

  97.     assert json.key?('users')

  98.     users = User.logged

  99.     assert_equal users.size, json['users'].size

  100. 

  101.     get '/users.json', headers: credentials('admin'), params: { name: 'jsmith' }

  102.     assert_response :success

  103.     json = ActiveSupport::JSON.decode(response.body)

  104.     assert json.key?('users')

  105.     assert_equal 1, json['users'].size

  106.     assert_equal 2, json['users'][0]['id']

  107. 

  108.     get '/users.json', headers: credentials('admin'), params: { group_id: '10' }

  109.     assert_response :success

  110.     json = ActiveSupport::JSON.decode(response.body)

  111.     assert json.key?('users')

  112.     assert_equal 1, json['users'].size

  113.     assert_equal 8, json['users'][0]['id']

  114. 

  115.     # there should be an implicit filter for status = 1

  116.     User.where(id: [2, 8]).update_all status: 3

  117. 

  118.     get '/users.json', headers: credentials('admin'), params: { name: 'jsmith' }

  119.     assert_response :success

  120.     json = ActiveSupport::JSON.decode(response.body)

  121.     assert json.key?('users')

  122.     assert_equal 0, json['users'].size

  123. 

  124.     get '/users.json', headers: credentials('admin'), params: { group_id: '10' }

  125.     assert_response :success

  126.     json = ActiveSupport::JSON.decode(response.body)

  127.     assert json.key?('users')

  128.     assert_equal 0, json['users'].size

  129.   end

  130. 

  131.   test "GET /users.json with include=auth_source" do

  132.     user = User.find(2)

  133.     user.update(:auth_source_id => 1)

  134.     get '/users.json?include=auth_source', :headers => credentials('admin')

  135. 

  136.     json = ActiveSupport::JSON.decode(response.body)

  137.     assert json.key?('users')

  138. 

  139.     json['users'].each do |user_json|

  140.       if user_json['id'] == user.id

  141.         assert_kind_of Hash, user_json['auth_source']

  142.         assert_equal user.auth_source.id, user_json['auth_source']['id']

  143.         assert_equal user.auth_source.name, user_json['auth_source']['name']

  144.       else

  145.         assert_nil user_json['auth_source']

  146.       end

  147.     end

  148.   end

  149. 

  150.   test "GET /users.json with short filters" do

  151.     get '/users.json', headers: credentials('admin'), params: { status: "1|3" }

  152.     assert_response :success

  153.     json = ActiveSupport::JSON.decode(response.body)

  154.     assert json.key?('users')

  155.     users = User.where(status: [1, 3])

  156.     assert_equal users.size, json['users'].size

  157.   end

  158. 

  159.   test "GET /users/:id.xml should return the user" do

  160.     Redmine::Configuration.with 'avatar_server_url' => 'https://gravatar.com' do

  161.       with_settings :gravatar_enabled => '1', :gravatar_default => 'robohash' do

  162.         get '/users/2.xml'

  163.       end

  164.     end

  165. 

  166.     assert_response :success

  167.     assert_select 'user id', :text => '2'

  168.     assert_select 'user updated_on', :text => Time.zone.parse('2006-07-19T20:42:15Z').iso8601

  169.     assert_select 'user passwd_changed_on', :text => ''

  170.     assert_select 'user avatar_url', :text => %r|\Ahttps://gravatar.com/avatar/\h{32}\?default=robohash|

  171.   end

  172. 

  173.   test "GET /users/:id.xml should not return avatar_url when not set email address" do

  174.     user = User.find(2)

  175.     user.email_addresses.delete_all

  176.     assert_equal 'jsmith', user.login

  177.     assert_nil user.mail

  178. 

  179.     Redmine::Configuration.with 'avatar_server_url' => 'https://gravatar.com' do

  180.       with_settings :gravatar_enabled => '1', :gravatar_default => 'robohash' do

  181.         get '/users/2.xml'

  182.       end

  183.     end

  184. 

  185.     assert_response :success

  186.     assert_select 'user id', :text => '2'

  187.     assert_select 'user login', :text => 'jsmith'

  188.     assert_select 'user avatar_url', :count => 0

  189.   end

  190. 

  191.   test "GET /users/:id.json should return the user" do

  192.     get '/users/2.json'

  193. 

  194.     assert_response :success

  195.     json = ActiveSupport::JSON.decode(response.body)

  196.     assert_kind_of Hash, json

  197.     assert_kind_of Hash, json['user']

  198.     assert_equal 2, json['user']['id']

  199.     assert_equal Time.zone.parse('2006-07-19T20:42:15Z').iso8601, json['user']['updated_on']

  200.     assert_nil json['user']['passwd_changed_on']

  201.     assert_nil json['user']['twofa_scheme']

  202.     assert_nil json['user']['auth_source']

  203.   end

  204. 

  205.   test "GET /users/:id.xml with include=memberships should include memberships" do

  206.     get '/users/2.xml?include=memberships'

  207. 

  208.     assert_response :success

  209.     assert_select 'user memberships', 1

  210.   end

  211. 

  212.   test "GET /users/:id.json with include=memberships should include memberships" do

  213.     get '/users/2.json?include=memberships'

  214. 

  215.     assert_response :success

  216.     json = ActiveSupport::JSON.decode(response.body)

  217.     assert_kind_of Array, json['user']['memberships']

  218.     assert_equal [{

  219.       "id"=>1,

  220.       "project"=>{"name"=>"eCookbook", "id"=>1},

  221.       "roles"=>[{"name"=>"Manager", "id"=>1}]

  222.     }], json['user']['memberships']

  223.   end

  224. 

  225.   test "GET /users/:id.json with include=auth_source should include auth_source for administrators" do

  226.     user = User.find(2)

  227.     user.update(:auth_source_id => 1)

  228.     get '/users/2.json?include=auth_source', :headers => credentials('admin')

  229. 

  230.     assert_response :success

  231.     json = ActiveSupport::JSON.decode(response.body)

  232. 

  233.     assert_equal user.auth_source.id, json['user']['auth_source']['id']

  234.     assert_equal user.auth_source.name, json['user']['auth_source']['name']

  235.   end

  236. 

  237.   test "GET /users/:id.json without include=auth_source should not include auth_source" do

  238.     user = User.find(2)

  239.     user.update(:auth_source_id => 1)

  240.     get '/users/2.json', :headers => credentials('admin')

  241. 

  242.     assert_response :success

  243.     json = ActiveSupport::JSON.decode(response.body)

  244. 

  245.     assert_response :success

  246.     assert_nil json['user']['auth_source']

  247.   end

  248. 

  249.   test "GET /users/:id.json should not include auth_source for standard user" do

  250.     user = User.find(2)

  251.     user.update(:auth_source_id => 1)

  252.     get '/users/2.json?include=auth_source', :headers => credentials('jsmith')

  253. 

  254.     assert_response :success

  255.     json = ActiveSupport::JSON.decode(response.body)

  256. 

  257.     assert_equal user.id, json['user']['id']

  258.     assert_nil json['user']['auth_source']

  259.   end

  260. 

  261.   test "GET /users/current.xml should require authentication" do

  262.     get '/users/current.xml'

  263. 

  264.     assert_response 401

  265.   end

  266. 

  267.   test "GET /users/current.xml should return current user" do

  268.     get '/users/current.xml', :headers => credentials('jsmith')

  269. 

  270.     assert_select 'user id', :text => '2'

  271.   end

  272. 

  273.   test "GET /users/:id should return login for visible user" do

  274.     get '/users/3.xml', :headers => credentials('jsmith')

  275.     assert_response :success

  276.     assert_select 'user login', :text => 'dlopper'

  277.   end

  278. 

  279.   test "GET /users/:id should not return api_key for other user" do

  280.     get '/users/3.xml', :headers => credentials('jsmith')

  281.     assert_response :success

  282.     assert_select 'user api_key', 0

  283.   end

  284. 

  285.   test "GET /users/:id should return api_key for current user" do

  286.     get '/users/2.xml', :headers => credentials('jsmith')

  287.     assert_response :success

  288.     assert_select 'user api_key', :text => User.find(2).api_key

  289.   end

  290. 

  291.   test "GET /users/:id should not return status for standard user" do

  292.     get '/users/3.xml', :headers => credentials('jsmith')

  293.     assert_response :success

  294.     assert_select 'user status', 0

  295.   end

  296. 

  297.   test "GET /users/:id should return status for administrators" do

  298.     get '/users/2.xml', :headers => credentials('admin')

  299.     assert_response :success

  300.     assert_select 'user status', :text => User.find(2).status.to_s

  301.   end

  302. 

  303.   test "GET /users/:id should return admin status for current user" do

  304.     get '/users/2.xml', :headers => credentials('jsmith')

  305.     assert_response :success

  306.     assert_select 'user admin', :text => 'false'

  307.   end

  308. 

  309.   test "GET /users/:id should not return admin status for other user" do

  310.     get '/users/3.xml', :headers => credentials('jsmith')

  311.     assert_response :success

  312.     assert_select 'user admin', 0

  313.   end

  314. 

  315.   test "GET /users/:id should not return twofa_scheme for standard user" do

  316.     # User and password authentication is disabled when twofa is enabled

  317.     # Use token authentication

  318.     user = User.find(2)

  319.     token = Token.create!(:user => user, :action => 'api')

  320.     user.update(twofa_scheme: 'totp')

  321. 

  322.     get '/users/3.xml', :headers => credentials(token.value, 'X')

  323.     assert_response :success

  324.     assert_select 'twofa_scheme', 0

  325.   end

  326. 

  327.   test "GET /users/:id should return twofa_scheme for administrators" do

  328.     User.find(2).update(twofa_scheme: 'totp')

  329.     get '/users/2.xml', :headers => credentials('admin')

  330.     assert_response :success

  331.     assert_select 'twofa_scheme', :text => 'totp'

  332.   end

  333. 

  334.   test "POST /users.xml with valid parameters should create the user" do

  335.     assert_difference('User.count') do

  336.       post(

  337.         '/users.xml',

  338.         :params => {

  339.           :user => {

  340.             :login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname',

  341.             :mail => 'foo@example.net', :password => 'secret123',

  342.             :mail_notification => 'only_assigned'

  343.           }

  344.         },

  345.         :headers => credentials('admin'))

  346.     end

  347. 

  348.     user = User.order('id DESC').first

  349.     assert_equal 'foo', user.login

  350.     assert_equal 'Firstname', user.firstname

  351.     assert_equal 'Lastname', user.lastname

  352.     assert_equal 'foo@example.net', user.mail

  353.     assert_equal 'only_assigned', user.mail_notification

  354.     assert !user.admin?

  355.     assert user.check_password?('secret123')

  356. 

  357.     assert_response :created

  358.     assert_equal 'application/xml', @response.media_type

  359.     assert_select 'user id', :text => user.id.to_s

  360.   end

  361. 

  362.   test "POST /users.xml with generate_password should generate password" do

  363.     assert_difference('User.count') do

  364.       post(

  365.         '/users.xml',

  366.         :params => {

  367.           :user => {

  368.             :login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname',

  369.             :mail => 'foo@example.net', :generate_password => 'true'

  370.           }

  371.         },

  372.         :headers => credentials('admin'))

  373.     end

  374. 

  375.     user = User.order('id DESC').first

  376.     assert user.hashed_password.present?

  377.   end

  378. 

  379.   test "POST /users.json with valid parameters should create the user" do

  380.     assert_difference('User.count') do

  381.       post(

  382.         '/users.json',

  383.         :params => {

  384.           :user => {

  385.             :login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname',

  386.             :mail => 'foo@example.net', :password => 'secret123',

  387.             :mail_notification => 'only_assigned'

  388.           }

  389.         },

  390.         :headers => credentials('admin'))

  391.     end

  392. 

  393.     user = User.order('id DESC').first

  394.     assert_equal 'foo', user.login

  395.     assert_equal 'Firstname', user.firstname

  396.     assert_equal 'Lastname', user.lastname

  397.     assert_equal 'foo@example.net', user.mail

  398.     assert !user.admin?

  399. 

  400.     assert_response :created

  401.     assert_equal 'application/json', @response.media_type

  402.     json = ActiveSupport::JSON.decode(response.body)

  403.     assert_kind_of Hash, json

  404.     assert_kind_of Hash, json['user']

  405.     assert_equal user.id, json['user']['id']

  406.   end

  407. 

  408.   test "POST /users.xml with with invalid parameters should return errors" do

  409.     assert_no_difference('User.count') do

  410.       post(

  411.         '/users.xml',

  412.         :params => {

  413.           :user =>{

  414.             :login => 'foo', :lastname => 'Lastname', :mail => 'foo'

  415.           }

  416.         },

  417.         :headers => credentials('admin'))

  418.     end

  419. 

  420.     assert_response :unprocessable_entity

  421.     assert_equal 'application/xml', @response.media_type

  422.     assert_select 'errors error', :text => "First name cannot be blank"

  423.   end

  424. 

  425.   test "POST /users.json with with invalid parameters should return errors" do

  426.     assert_no_difference('User.count') do

  427.       post(

  428.         '/users.json',

  429.         :params => {

  430.           :user => {

  431.             :login => 'foo', :lastname => 'Lastname', :mail => 'foo'

  432.           }

  433.         },

  434.         :headers => credentials('admin'))

  435.     end

  436. 

  437.     assert_response :unprocessable_entity

  438.     assert_equal 'application/json', @response.media_type

  439.     json = ActiveSupport::JSON.decode(response.body)

  440.     assert_kind_of Hash, json

  441.     assert json.has_key?('errors')

  442.     assert_kind_of Array, json['errors']

  443.   end

  444. 

  445.   test "PUT /users/:id.xml with valid parameters should update the user" do

  446.     assert_no_difference('User.count') do

  447.       put(

  448.         '/users/2.xml',

  449.         :params => {

  450.           :user => {

  451.             :login => 'jsmith', :firstname => 'John', :lastname => 'Renamed',

  452.             :mail => 'jsmith@somenet.foo'

  453.           }

  454.         },

  455.         :headers => credentials('admin'))

  456.     end

  457. 

  458.     user = User.find(2)

  459.     assert_equal 'jsmith', user.login

  460.     assert_equal 'John', user.firstname

  461.     assert_equal 'Renamed', user.lastname

  462.     assert_equal 'jsmith@somenet.foo', user.mail

  463.     assert !user.admin?

  464. 

  465.     assert_response :no_content

  466.     assert_equal '', @response.body

  467.   end

  468. 

  469.   test "PUT /users/:id.json with valid parameters should update the user" do

  470.     assert_no_difference('User.count') do

  471.       put(

  472.         '/users/2.json',

  473.         :params => {

  474.           :user => {

  475.             :login => 'jsmith', :firstname => 'John', :lastname => 'Renamed',

  476.             :mail => 'jsmith@somenet.foo'

  477.           }

  478.         },

  479.         :headers => credentials('admin'))

  480.     end

  481. 

  482.     user = User.find(2)

  483.     assert_equal 'jsmith', user.login

  484.     assert_equal 'John', user.firstname

  485.     assert_equal 'Renamed', user.lastname

  486.     assert_equal 'jsmith@somenet.foo', user.mail

  487.     assert !user.admin?

  488. 

  489.     assert_response :no_content

  490.     assert_equal '', @response.body

  491.   end

  492. 

  493.   test "PUT /users/:id.xml with invalid parameters" do

  494.     assert_no_difference('User.count') do

  495.       put(

  496.         '/users/2.xml',

  497.         :params => {

  498.           :user => {

  499.             :login => 'jsmith', :firstname => '', :lastname => 'Lastname',

  500.             :mail => 'foo'

  501.           }

  502.         },

  503.         :headers => credentials('admin'))

  504.     end

  505. 

  506.     assert_response :unprocessable_entity

  507.     assert_equal 'application/xml', @response.media_type

  508.     assert_select 'errors error', :text => "First name cannot be blank"

  509.   end

  510. 

  511.   test "PUT /users/:id.json with invalid parameters" do

  512.     assert_no_difference('User.count') do

  513.       put(

  514.         '/users/2.json',

  515.         :params => {

  516.           :user => {

  517.             :login => 'jsmith', :firstname => '', :lastname => 'Lastname',

  518.             :mail => 'foo'

  519.           }

  520.         },

  521.         :headers => credentials('admin'))

  522.     end

  523. 

  524.     assert_response :unprocessable_entity

  525.     assert_equal 'application/json', @response.media_type

  526.     json = ActiveSupport::JSON.decode(response.body)

  527.     assert_kind_of Hash, json

  528.     assert json.has_key?('errors')

  529.     assert_kind_of Array, json['errors']

  530.   end

  531. 

  532.   test "DELETE /users/:id.xml should delete the user" do

  533.     assert_difference('User.count', -1) do

  534.       delete '/users/2.xml', :headers => credentials('admin')

  535.     end

  536. 

  537.     assert_response :no_content

  538.     assert_equal '', @response.body

  539.   end

  540. 

  541.   test "DELETE /users/:id.json should delete the user" do

  542.     assert_difference('User.count', -1) do

  543.       delete '/users/2.json', :headers => credentials('admin')

  544.     end

  545. 

  546.     assert_response :no_content

  547.     assert_equal '', @response.body

  548.   end

  549. end