2012-09-20 10:44:44 -04:00
|
|
|
require 'spec_helper'
|
|
|
|
|
2016-11-23 15:14:08 -05:00
|
|
|
describe API::Session, api: true do
|
2012-09-20 10:44:44 -04:00
|
|
|
include ApiHelpers
|
|
|
|
|
2012-11-05 22:31:55 -05:00
|
|
|
let(:user) { create(:user) }
|
2012-09-20 10:44:44 -04:00
|
|
|
|
|
|
|
describe "POST /session" do
|
|
|
|
context "when valid password" do
|
2016-08-01 11:00:44 -04:00
|
|
|
it "returns private token" do
|
2013-11-25 15:33:04 -05:00
|
|
|
post api("/session"), email: user.email, password: '12345678'
|
2016-06-27 14:10:42 -04:00
|
|
|
expect(response).to have_http_status(201)
|
2012-09-20 10:44:44 -04:00
|
|
|
|
2015-02-12 13:17:35 -05:00
|
|
|
expect(json_response['email']).to eq(user.email)
|
|
|
|
expect(json_response['private_token']).to eq(user.private_token)
|
|
|
|
expect(json_response['is_admin']).to eq(user.is_admin?)
|
|
|
|
expect(json_response['can_create_project']).to eq(user.can_create_project?)
|
|
|
|
expect(json_response['can_create_group']).to eq(user.can_create_group?)
|
2012-09-20 10:44:44 -04:00
|
|
|
end
|
2016-08-12 17:16:12 -04:00
|
|
|
|
|
|
|
context 'with 2FA enabled' do
|
|
|
|
it 'rejects sign in attempts' do
|
|
|
|
user = create(:user, :two_factor)
|
|
|
|
|
|
|
|
post api('/session'), email: user.email, password: user.password
|
|
|
|
|
|
|
|
expect(response).to have_http_status(401)
|
2016-08-17 18:39:20 -04:00
|
|
|
expect(response.body).to include('You have 2FA enabled.')
|
2016-08-12 17:16:12 -04:00
|
|
|
end
|
|
|
|
end
|
2012-09-20 10:44:44 -04:00
|
|
|
end
|
|
|
|
|
2014-10-22 11:29:26 -04:00
|
|
|
context 'when email has case-typo and password is valid' do
|
2016-08-01 11:00:44 -04:00
|
|
|
it 'returns private token' do
|
2014-10-22 11:29:26 -04:00
|
|
|
post api('/session'), email: user.email.upcase, password: '12345678'
|
|
|
|
expect(response.status).to eq 201
|
|
|
|
|
|
|
|
expect(json_response['email']).to eq user.email
|
|
|
|
expect(json_response['private_token']).to eq user.private_token
|
|
|
|
expect(json_response['is_admin']).to eq user.is_admin?
|
|
|
|
expect(json_response['can_create_project']).to eq user.can_create_project?
|
|
|
|
expect(json_response['can_create_group']).to eq user.can_create_group?
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when login has case-typo and password is valid' do
|
2016-08-01 11:00:44 -04:00
|
|
|
it 'returns private token' do
|
2014-10-22 11:29:26 -04:00
|
|
|
post api('/session'), login: user.username.upcase, password: '12345678'
|
|
|
|
expect(response.status).to eq 201
|
|
|
|
|
|
|
|
expect(json_response['email']).to eq user.email
|
|
|
|
expect(json_response['private_token']).to eq user.private_token
|
|
|
|
expect(json_response['is_admin']).to eq user.is_admin?
|
|
|
|
expect(json_response['can_create_project']).to eq user.can_create_project?
|
|
|
|
expect(json_response['can_create_group']).to eq user.can_create_group?
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2012-09-20 10:44:44 -04:00
|
|
|
context "when invalid password" do
|
2016-08-01 11:00:44 -04:00
|
|
|
it "returns authentication error" do
|
2012-09-20 10:44:44 -04:00
|
|
|
post api("/session"), email: user.email, password: '123'
|
2016-06-27 14:10:42 -04:00
|
|
|
expect(response).to have_http_status(401)
|
2012-09-20 10:44:44 -04:00
|
|
|
|
2015-02-12 13:17:35 -05:00
|
|
|
expect(json_response['email']).to be_nil
|
|
|
|
expect(json_response['private_token']).to be_nil
|
2012-09-20 10:44:44 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when empty password" do
|
2016-11-09 11:36:35 -05:00
|
|
|
it "returns authentication error with email" do
|
2012-09-20 10:44:44 -04:00
|
|
|
post api("/session"), email: user.email
|
|
|
|
|
2016-11-09 11:36:35 -05:00
|
|
|
expect(response).to have_http_status(400)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "returns authentication error with username" do
|
|
|
|
post api("/session"), email: user.username
|
|
|
|
|
|
|
|
expect(response).to have_http_status(400)
|
2012-09-20 10:44:44 -04:00
|
|
|
end
|
|
|
|
end
|
2013-02-27 06:58:06 -05:00
|
|
|
|
|
|
|
context "when empty name" do
|
2016-08-01 11:00:44 -04:00
|
|
|
it "returns authentication error" do
|
2013-02-27 06:58:06 -05:00
|
|
|
post api("/session"), password: user.password
|
|
|
|
|
2016-11-09 11:36:35 -05:00
|
|
|
expect(response).to have_http_status(400)
|
2013-02-27 06:58:06 -05:00
|
|
|
end
|
|
|
|
end
|
2017-01-18 05:23:25 -05:00
|
|
|
|
|
|
|
context "when user is blocked" do
|
|
|
|
it "returns authentication error" do
|
|
|
|
user.block
|
|
|
|
post api("/session"), email: user.username, password: user.password
|
|
|
|
|
|
|
|
expect(response).to have_http_status(401)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when user is ldap_blocked" do
|
|
|
|
it "returns authentication error" do
|
|
|
|
user.ldap_block
|
|
|
|
post api("/session"), email: user.username, password: user.password
|
|
|
|
|
|
|
|
expect(response).to have_http_status(401)
|
|
|
|
end
|
|
|
|
end
|
2012-09-20 10:44:44 -04:00
|
|
|
end
|
|
|
|
end
|