session_test.rb 8.66 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 
require_relative 'test_helper'

class SessionTest < ActiveSupport::TestCase

  def setup
    create_and_activate_user
    login_api
  end

  should 'generate private token when login' do
    params = {:login => "testapi", :password => "testapi"}
    post "/api/v1/login?#{params.to_query}"
    json = JSON.parse(last_response.body)
    assert !json['user']["private_token"].blank?
  end

  should 'return 401 when login fails' do
    user.destroy
    params = {:login => "testapi", :password => "testapi"}
    post "/api/v1/login?#{params.to_query}"
    assert_equal 401, last_response.status
  end

  should 'return 401 when login with an user that was not activated' do
    user.deactivate
    params = {:login => "testapi", :password => "testapi"}
    post "/api/v1/login?#{params.to_query}"
    assert_equal 401, last_response.status
  end

  should 'register a user' do
    Environment.default.enable('skip_new_user_email_confirmation')
    params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }
    post "/api/v1/register?#{params.to_query}"
    assert_equal 201, last_response.status
    json = JSON.parse(last_response.body)
    assert User['newuserapi'].activated?
    assert json['user']['activated']
    assert json['user']['private_token'].present?
  end

  should 'register a user with name' do
    Environment.default.enable('skip_new_user_email_confirmation')
    params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com", :name => "Little John" }
    post "/api/v1/register?#{params.to_query}"
    assert_equal 201, last_response.status
    json = JSON.parse(last_response.body)
    assert json['user']['activated']
    assert json['user']['private_token'].present?
  end

  should 'register an inactive user' do
    params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }
    post "/api/v1/register?#{params.to_query}"
    assert_equal 201, last_response.status
    json = JSON.parse(last_response.body)
    assert !json['activated']
    assert json['private_token'].blank?
  end

  should 'not register a user with invalid login' do
    params = {:login => "c", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }
    post "/api/v1/register?#{params.to_query}"
    assert_equal 400, last_response.status
    json = JSON.parse(last_response.body)
    msg = json['message'].split(':')
    key = msg[0][2, 5]
    val = msg[1][2, 38]
    assert_equal "login", key
    assert_equal "is too short (minimum is 2 characters)", val
  end

  should 'not register a user with invalid login pt' do
    I18n.locale = "pt-BR"
    params = {:lang => "pt-BR", :login => "c", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }
    post "/api/v1/register?#{params.to_query}"
    assert_equal 400, last_response.status
    json = JSON.parse(last_response.body)
    msg = json['message'].split(':')
    key = msg[0][2, 5]
    val = msg[1][2, 35]
    assert_equal "login", key
    assert val.include? "muito curto"
  end

  should 'not register a user without email' do
    params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => nil }
    post "/api/v1/register?#{params.to_query}"
    assert_equal 400, last_response.status
  end

  should 'not register a duplicated user' do
    params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }
    post "/api/v1/register?#{params.to_query}"
    post "/api/v1/register?#{params.to_query}"
    assert_equal 400, last_response.status
    json = JSON.parse(last_response.body)
  end

  # TODO: Add another test cases to check register situations
  should 'activate a user' do
    params = {
      :login => "newuserapi",
      :password => "newuserapi",
      :password_confirmation => "newuserapi",
      :email => "newuserapi@email.com"
    }
    user = User.new(params)
    user.save!

    params = { activation_code: user.activation_code}
    patch "/api/v1/activate?#{params.to_query}"
    assert_equal 200, last_response.status
  end

  should 'do not activate a user if admin must approve him' do
    params = {
      :login => "newuserapi",
      :password => "newuserapi",
      :password_confirmation => "newuserapi",
      :email => "newuserapi@email.com",
      :environment => Environment.default
    }
    user = User.new(params)
    user.environment.enable('admin_must_approve_new_users')
    user.save!

    params = { activation_code: user.activation_code}
    patch "/api/v1/activate?#{params.to_query}"
    assert_equal 202, last_response.status
    assert_equal 'Waiting for admin moderate user registration', JSON.parse(last_response.body)["message"]
  end

  should 'do not activate a user if the token is invalid' do
    params = {
      :login => "newuserapi",
      :password => "newuserapi",
      :password_confirmation => "newuserapi",
      :email => "newuserapi@email.com",
      :environment => Environment.default
    }
    user = User.new(params)
    user.save!

    params = { activation_code: '70250abe20cc6a67ef9399cf3286cb998b96aeaf'}
    patch "/api/v1/activate?#{params.to_query}"
    assert_equal 412, last_response.status
  end

  should 'create task to change password by user login' do
    params = {:value => user.login}
    assert_difference 'ChangePassword.count' do
        post "/api/v1/forgot_password?#{params.to_query}"
    end
  end

  should 'not create task to change password when user is not found' do
    params = {:value => 'wronglogin'}
    assert_no_difference 'ChangePassword.count' do
      post "/api/v1/forgot_password?#{params.to_query}"
    end
    assert_equal 404, last_response.status
  end

  should 'change user password and close task' do
    task = ChangePassword.create!(:requestor => @person)
    params.merge!({:code => task.code, :password => 'secret', :password_confirmation => 'secret'})
    patch "/api/v1/new_password?#{params.to_query}"
    assert_equal Task::Status::FINISHED, task.reload.status
    assert user.reload.authenticated?('secret')
    json = JSON.parse(last_response.body)
    assert_equal user.id, json['user']['id']
  end

  should 'do not change user password when password confirmation is wrong' do
    task = ChangePassword.create!(:requestor => user.person)
    params = {:code => task.code, :password => 'secret', :password_confirmation => 's3cret'}
    patch "/api/v1/new_password?#{params.to_query}"
    assert_equal Task::Status::ACTIVE, task.reload.status
    assert !user.reload.authenticated?('secret')
    json = JSON.parse(last_response.body)
    assert_match /doesn't match/, json['message']

    assert_equal 400, last_response.status
  end

  should 'render not found when provide a wrong code on password change' do
    params = {:code => "wrongcode", :password => 'secret', :password_confirmation => 'secret'}
    patch "/api/v1/new_password?#{params.to_query}"
    json = JSON.parse(last_response.body)
    assert_match /Couldn't find/, json['message']

    assert_equal 400, last_response.status
  end

  should 'not return private token when the registered user is inactive' do
    params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }
    post "/api/v1/register?#{params.to_query}"
    assert_equal 201, last_response.status
    json = JSON.parse(last_response.body)
    assert !User['newuserapi'].activated?
    assert !json['user']['activated']
    assert !json['user']['private_token'].present?
  end

  should 'resend activation code for an inactive user' do
    another_user = User.create!(:login => "userlogin", :password => 'testapi', :password_confirmation => 'testapi', :email => 'test2@test.org', :environment => @environment)
    params = {:value => another_user.login}
    Delayed::Job.destroy_all
    assert_difference 'ActionMailer::Base.deliveries.size' do
      post "/api/v1/resend_activation_code?#{params.to_query}"
      process_delayed_job_queue
    end
    json = JSON.parse(last_response.body)
    refute json['users'].first['private_token']
    assert_equal another_user.email, ActionMailer::Base.deliveries.last['to'].to_s
  end

   should 'not resend activation code for an active user' do
     params = {:value => user.login}
     Delayed::Job.destroy_all
     assert_no_difference 'ActionMailer::Base.deliveries.size' do
       post "/api/v1/resend_activation_code?#{params.to_query}"
       process_delayed_job_queue
     end
     json = JSON.parse(last_response.body)
     assert json['users'].first['private_token']
   end

end