2012-06-27 07:32:56 -04:00
|
|
|
require 'spec_helper'
|
|
|
|
|
|
|
|
describe Gitlab::API do
|
2012-08-25 13:31:50 -04:00
|
|
|
include ApiHelpers
|
|
|
|
|
2012-11-05 22:31:55 -05:00
|
|
|
let(:user) { create(:user) }
|
|
|
|
let(:admin) { create(:admin) }
|
|
|
|
let(:key) { create(:key, user: user) }
|
2012-06-27 07:32:56 -04:00
|
|
|
|
|
|
|
describe "GET /users" do
|
2012-09-12 08:11:56 -04:00
|
|
|
context "when unauthenticated" do
|
|
|
|
it "should return authentication error" do
|
|
|
|
get api("/users")
|
|
|
|
response.status.should == 401
|
|
|
|
end
|
2012-06-27 07:32:56 -04:00
|
|
|
end
|
|
|
|
|
2012-09-12 08:11:56 -04:00
|
|
|
context "when authenticated" do
|
2012-06-27 07:32:56 -04:00
|
|
|
it "should return an array of users" do
|
2012-08-25 13:43:55 -04:00
|
|
|
get api("/users", user)
|
2012-06-27 07:32:56 -04:00
|
|
|
response.status.should == 200
|
2012-07-04 03:48:00 -04:00
|
|
|
json_response.should be_an Array
|
|
|
|
json_response.first['email'].should == user.email
|
2012-06-27 07:32:56 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "GET /users/:id" do
|
|
|
|
it "should return a user by id" do
|
2012-08-25 13:43:55 -04:00
|
|
|
get api("/users/#{user.id}", user)
|
2012-06-27 07:32:56 -04:00
|
|
|
response.status.should == 200
|
2012-07-04 03:48:00 -04:00
|
|
|
json_response['email'].should == user.email
|
2012-06-27 07:32:56 -04:00
|
|
|
end
|
|
|
|
|
2013-02-20 06:10:51 -05:00
|
|
|
it "should return a 401 if unauthenticated" do
|
|
|
|
get api("/users/9998")
|
|
|
|
response.status.should == 401
|
|
|
|
end
|
2012-10-02 06:59:22 -04:00
|
|
|
|
2013-02-20 06:10:51 -05:00
|
|
|
it "should return a 404 error if user id not found" do
|
|
|
|
get api("/users/9999", user)
|
2012-10-02 06:59:22 -04:00
|
|
|
response.status.should == 404
|
|
|
|
end
|
2013-02-20 06:10:51 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
describe "POST /users" do
|
|
|
|
before{ admin }
|
2012-10-02 06:59:22 -04:00
|
|
|
|
|
|
|
it "should create user" do
|
2012-10-19 06:23:10 -04:00
|
|
|
expect {
|
2012-11-05 22:31:55 -05:00
|
|
|
post api("/users", admin), attributes_for(:user, projects_limit: 3)
|
2012-10-19 06:23:10 -04:00
|
|
|
}.to change { User.count }.by(1)
|
2012-10-02 06:59:22 -04:00
|
|
|
end
|
|
|
|
|
2013-02-20 06:10:51 -05:00
|
|
|
it "should return 201 Created on success" do
|
|
|
|
post api("/users", admin), attributes_for(:user, projects_limit: 3)
|
|
|
|
response.status.should == 201
|
|
|
|
end
|
|
|
|
|
|
|
|
it "should not create user with invalid email" do
|
|
|
|
post api("/users", admin), { email: "invalid email", password: 'password' }
|
|
|
|
response.status.should == 400
|
|
|
|
end
|
|
|
|
|
|
|
|
it "should return 400 error if password not given" do
|
|
|
|
post api("/users", admin), { email: 'test@example.com' }
|
|
|
|
response.status.should == 400
|
|
|
|
end
|
|
|
|
|
|
|
|
it "should return 400 error if email not given" do
|
|
|
|
post api("/users", admin), { password: 'pass1234' }
|
|
|
|
response.status.should == 400
|
|
|
|
end
|
|
|
|
|
2012-10-02 06:59:22 -04:00
|
|
|
it "shouldn't available for non admin users" do
|
2012-11-05 22:31:55 -05:00
|
|
|
post api("/users", user), attributes_for(:user)
|
2012-10-02 06:59:22 -04:00
|
|
|
response.status.should == 403
|
|
|
|
end
|
2013-02-20 06:10:51 -05:00
|
|
|
|
|
|
|
context "with existing user" do
|
|
|
|
before { post api("/users", admin), { email: 'test@example.com', password: 'password', username: 'test' } }
|
|
|
|
|
|
|
|
it "should not create user with same email" do
|
|
|
|
expect {
|
|
|
|
post api("/users", admin), { email: 'test@example.com', password: 'password' }
|
|
|
|
}.to change { User.count }.by(0)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "should return 409 conflict error if user with email exists" do
|
|
|
|
post api("/users", admin), { email: 'test@example.com', password: 'password' }
|
|
|
|
end
|
|
|
|
|
|
|
|
it "should return 409 conflict error if same username exists" do
|
|
|
|
post api("/users", admin), { email: 'foo@example.com', password: 'pass', username: 'test' }
|
|
|
|
end
|
|
|
|
end
|
2012-10-02 06:59:22 -04:00
|
|
|
end
|
|
|
|
|
2012-11-06 08:30:48 -05:00
|
|
|
describe "GET /users/sign_up" do
|
2013-02-21 06:09:47 -05:00
|
|
|
context 'enabled' do
|
|
|
|
before do
|
|
|
|
Gitlab.config.gitlab.stub(:signup_enabled).and_return(true)
|
|
|
|
end
|
2012-11-06 08:30:48 -05:00
|
|
|
|
2013-02-21 06:09:47 -05:00
|
|
|
it "should return sign up page if signup is enabled" do
|
|
|
|
get "/users/sign_up"
|
|
|
|
response.status.should == 200
|
|
|
|
end
|
2012-11-06 08:30:48 -05:00
|
|
|
end
|
2013-02-21 06:09:47 -05:00
|
|
|
|
|
|
|
context 'disabled' do
|
|
|
|
before do
|
|
|
|
Gitlab.config.gitlab.stub(:signup_enabled).and_return(false)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "should redirect to sign in page if signup is disabled" do
|
|
|
|
get "/users/sign_up"
|
|
|
|
response.status.should == 302
|
|
|
|
response.should redirect_to(new_user_session_path)
|
|
|
|
end
|
2012-11-06 08:30:48 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2012-12-18 14:24:31 -05:00
|
|
|
describe "PUT /users/:id" do
|
|
|
|
before { admin }
|
|
|
|
|
2013-02-20 06:10:51 -05:00
|
|
|
it "should update user with new bio" do
|
2012-12-18 14:24:31 -05:00
|
|
|
put api("/users/#{user.id}", admin), {bio: 'new test bio'}
|
|
|
|
response.status.should == 200
|
|
|
|
json_response['bio'].should == 'new test bio'
|
|
|
|
user.reload.bio.should == 'new test bio'
|
|
|
|
end
|
|
|
|
|
|
|
|
it "should not allow invalid update" do
|
|
|
|
put api("/users/#{user.id}", admin), {email: 'invalid email'}
|
|
|
|
response.status.should == 404
|
|
|
|
user.reload.email.should_not == 'invalid email'
|
|
|
|
end
|
|
|
|
|
|
|
|
it "shouldn't available for non admin users" do
|
|
|
|
put api("/users/#{user.id}", user), attributes_for(:user)
|
|
|
|
response.status.should == 403
|
|
|
|
end
|
|
|
|
|
|
|
|
it "should return 404 for non-existing user" do
|
|
|
|
put api("/users/999999", admin), {bio: 'update should fail'}
|
|
|
|
response.status.should == 404
|
|
|
|
end
|
2013-02-20 06:10:51 -05:00
|
|
|
|
|
|
|
context "with existing user" do
|
|
|
|
before {
|
|
|
|
post api("/users", admin), { email: 'test@example.com', password: 'password', username: 'test', name: 'test' }
|
|
|
|
post api("/users", admin), { email: 'foo@bar.com', password: 'password', username: 'john', name: 'john' }
|
|
|
|
@user_id = User.all.last.id
|
|
|
|
}
|
|
|
|
|
|
|
|
# it "should return 409 conflict error if email address exists" do
|
|
|
|
# put api("/users/#{@user_id}", admin), { email: 'test@example.com' }
|
|
|
|
# response.status.should == 409
|
|
|
|
# end
|
|
|
|
#
|
|
|
|
# it "should return 409 conflict error if username taken" do
|
|
|
|
# @user_id = User.all.last.id
|
|
|
|
# put api("/users/#{@user_id}", admin), { username: 'test' }
|
|
|
|
# response.status.should == 409
|
|
|
|
# end
|
|
|
|
end
|
2012-12-18 14:24:31 -05:00
|
|
|
end
|
|
|
|
|
2012-11-14 15:37:52 -05:00
|
|
|
describe "POST /users/:id/keys" do
|
|
|
|
before { admin }
|
|
|
|
|
|
|
|
it "should not create invalid ssh key" do
|
|
|
|
post api("/users/#{user.id}/keys", admin), { title: "invalid key" }
|
|
|
|
response.status.should == 404
|
|
|
|
end
|
|
|
|
|
|
|
|
it "should create ssh key" do
|
|
|
|
key_attrs = attributes_for :key
|
|
|
|
expect {
|
|
|
|
post api("/users/#{user.id}/keys", admin), key_attrs
|
|
|
|
}.to change{ user.keys.count }.by(1)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2012-12-18 14:24:31 -05:00
|
|
|
describe "DELETE /users/:id" do
|
|
|
|
before { admin }
|
|
|
|
|
|
|
|
it "should delete user" do
|
|
|
|
delete api("/users/#{user.id}", admin)
|
|
|
|
response.status.should == 200
|
|
|
|
expect { User.find(user.id) }.to raise_error ActiveRecord::RecordNotFound
|
|
|
|
json_response['email'].should == user.email
|
|
|
|
end
|
|
|
|
|
2013-02-20 06:10:51 -05:00
|
|
|
it "should not delete for unauthenticated user" do
|
|
|
|
delete api("/users/#{user.id}")
|
|
|
|
response.status.should == 401
|
|
|
|
end
|
|
|
|
|
2012-12-18 14:24:31 -05:00
|
|
|
it "shouldn't available for non admin users" do
|
|
|
|
delete api("/users/#{user.id}", user)
|
|
|
|
response.status.should == 403
|
|
|
|
end
|
|
|
|
|
|
|
|
it "should return 404 for non-existing user" do
|
|
|
|
delete api("/users/999999", admin)
|
|
|
|
response.status.should == 404
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2012-06-27 07:32:56 -04:00
|
|
|
describe "GET /user" do
|
|
|
|
it "should return current user" do
|
2012-08-25 13:43:55 -04:00
|
|
|
get api("/user", user)
|
2012-06-27 07:32:56 -04:00
|
|
|
response.status.should == 200
|
2012-07-04 03:48:00 -04:00
|
|
|
json_response['email'].should == user.email
|
2013-03-18 16:11:28 -04:00
|
|
|
json_response['is_admin'].should == user.is_admin?
|
|
|
|
json_response['can_create_team'].should == user.can_create_team?
|
|
|
|
json_response['can_create_project'].should == user.can_create_project?
|
|
|
|
json_response['can_create_group'].should == user.can_create_group?
|
2012-06-27 07:32:56 -04:00
|
|
|
end
|
2013-02-20 06:10:51 -05:00
|
|
|
|
|
|
|
it "should return 401 error if user is unauthenticated" do
|
|
|
|
get api("/user")
|
|
|
|
response.status.should == 401
|
|
|
|
end
|
2012-06-27 07:32:56 -04:00
|
|
|
end
|
2012-09-21 07:49:28 -04:00
|
|
|
|
|
|
|
describe "GET /user/keys" do
|
|
|
|
context "when unauthenticated" do
|
|
|
|
it "should return authentication error" do
|
|
|
|
get api("/user/keys")
|
|
|
|
response.status.should == 401
|
|
|
|
end
|
|
|
|
end
|
2012-09-21 07:53:13 -04:00
|
|
|
|
2012-09-21 07:49:28 -04:00
|
|
|
context "when authenticated" do
|
|
|
|
it "should return array of ssh keys" do
|
|
|
|
user.keys << key
|
|
|
|
user.save
|
|
|
|
get api("/user/keys", user)
|
|
|
|
response.status.should == 200
|
|
|
|
json_response.should be_an Array
|
|
|
|
json_response.first["title"].should == key.title
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "GET /user/keys/:id" do
|
|
|
|
it "should returm single key" do
|
|
|
|
user.keys << key
|
|
|
|
user.save
|
|
|
|
get api("/user/keys/#{key.id}", user)
|
|
|
|
response.status.should == 200
|
|
|
|
json_response["title"].should == key.title
|
|
|
|
end
|
2012-09-21 07:53:13 -04:00
|
|
|
|
2012-09-21 07:49:28 -04:00
|
|
|
it "should return 404 Not Found within invalid ID" do
|
|
|
|
get api("/user/keys/42", user)
|
|
|
|
response.status.should == 404
|
|
|
|
end
|
|
|
|
|
2013-02-20 06:10:51 -05:00
|
|
|
it "should return 404 error if admin accesses user's ssh key" do
|
|
|
|
user.keys << key
|
|
|
|
user.save
|
|
|
|
admin
|
|
|
|
get api("/user/keys/#{key.id}", admin)
|
2012-09-21 07:49:28 -04:00
|
|
|
response.status.should == 404
|
|
|
|
end
|
2013-02-20 06:10:51 -05:00
|
|
|
end
|
2012-09-21 07:53:13 -04:00
|
|
|
|
2013-02-20 06:10:51 -05:00
|
|
|
describe "POST /user/keys" do
|
2012-09-21 07:49:28 -04:00
|
|
|
it "should create ssh key" do
|
2012-11-05 22:31:55 -05:00
|
|
|
key_attrs = attributes_for :key
|
2012-09-21 07:49:28 -04:00
|
|
|
expect {
|
|
|
|
post api("/user/keys", user), key_attrs
|
|
|
|
}.to change{ user.keys.count }.by(1)
|
2013-02-20 06:10:51 -05:00
|
|
|
response.status.should == 201
|
|
|
|
end
|
|
|
|
|
|
|
|
it "should return a 401 error if unauthorized" do
|
|
|
|
post api("/user/keys"), title: 'some title', key: 'some key'
|
|
|
|
response.status.should == 401
|
|
|
|
end
|
|
|
|
|
|
|
|
it "should not create ssh key without key" do
|
|
|
|
post api("/user/keys", user), title: 'title'
|
|
|
|
response.status.should == 400
|
|
|
|
end
|
|
|
|
|
|
|
|
it "should not create ssh key without title" do
|
|
|
|
post api("/user/keys", user), key: "somekey"
|
|
|
|
response.status.should == 400
|
2012-09-21 07:49:28 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "DELETE /user/keys/:id" do
|
|
|
|
it "should delete existed key" do
|
|
|
|
user.keys << key
|
|
|
|
user.save
|
|
|
|
expect {
|
|
|
|
delete api("/user/keys/#{key.id}", user)
|
|
|
|
}.to change{user.keys.count}.by(-1)
|
2013-02-20 06:10:51 -05:00
|
|
|
response.status.should == 200
|
2012-09-21 07:49:28 -04:00
|
|
|
end
|
2012-09-21 07:53:13 -04:00
|
|
|
|
2013-03-17 15:46:54 -04:00
|
|
|
it "should return success if key ID not found" do
|
2012-09-21 07:49:28 -04:00
|
|
|
delete api("/user/keys/42", user)
|
2013-02-20 06:10:51 -05:00
|
|
|
response.status.should == 200
|
|
|
|
end
|
|
|
|
|
|
|
|
it "should return 401 error if unauthorized" do
|
|
|
|
user.keys << key
|
|
|
|
user.save
|
|
|
|
delete api("/user/keys/#{key.id}")
|
|
|
|
response.status.should == 401
|
2012-09-21 07:49:28 -04:00
|
|
|
end
|
|
|
|
end
|
2012-06-27 07:32:56 -04:00
|
|
|
end
|