gitlab-org--gitlab-foss/spec/requests/api/api_helpers_spec.rb

require 'spec_helper'

describe API, api: true do
  include API::APIHelpers
  include ApiHelpers
  let(:user) { create(:user) }
  let(:admin) { create(:admin) }
  let(:key) { create(:key, user: user) }

  let(:params) { {} }
  let(:env) { {} }

  def set_env(token_usr, identifier)
    clear_env
    clear_param
    env[API::APIHelpers::PRIVATE_TOKEN_HEADER] = token_usr.private_token
    env[API::APIHelpers::SUDO_HEADER] = identifier
  end

  def set_param(token_usr, identifier)
    clear_env
    clear_param
    params[API::APIHelpers::PRIVATE_TOKEN_PARAM] = token_usr.private_token
    params[API::APIHelpers::SUDO_PARAM] = identifier
  end

  def clear_env
    env.delete(API::APIHelpers::PRIVATE_TOKEN_HEADER)
    env.delete(API::APIHelpers::SUDO_HEADER)
  end

  def clear_param
    params.delete(API::APIHelpers::PRIVATE_TOKEN_PARAM)
    params.delete(API::APIHelpers::SUDO_PARAM)
  end

  def error!(message, status)
    raise Exception
  end

  describe ".current_user" do
    it "should return nil for an invalid token" do
      env[API::APIHelpers::PRIVATE_TOKEN_HEADER] = 'invalid token'
      current_user.should be_nil
    end

    it "should return nil for a user without access" do
      env[API::APIHelpers::PRIVATE_TOKEN_HEADER] = user.private_token
      Gitlab::UserAccess.stub(allowed?: false)
      current_user.should be_nil
    end

    it "should leave user as is when sudo not specified" do
      env[API::APIHelpers::PRIVATE_TOKEN_HEADER] = user.private_token
      current_user.should == user
      clear_env
      params[API::APIHelpers::PRIVATE_TOKEN_PARAM] = user.private_token
      current_user.should == user
    end

    it "should change current user to sudo when admin" do
      set_env(admin, user.id)
      current_user.should == user
      set_param(admin, user.id)
      current_user.should == user
      set_env(admin, user.username)
      current_user.should == user
      set_param(admin, user.username)
      current_user.should == user
    end

    it "should throw an error when the current user is not an admin and attempting to sudo" do
      set_env(user, admin.id)
      expect { current_user }.to raise_error
      set_param(user, admin.id)
      expect { current_user }.to raise_error
      set_env(user, admin.username)
      expect { current_user }.to raise_error
      set_param(user, admin.username)
      expect { current_user }.to raise_error
    end

    it "should throw an error when the user cannot be found for a given id" do
      id = user.id + admin.id
      user.id.should_not == id
      admin.id.should_not == id
      set_env(admin, id)
      expect { current_user }.to raise_error

      set_param(admin, id)
      expect { current_user }.to raise_error
    end

    it "should throw an error when the user cannot be found for a given username" do
      username = "#{user.username}#{admin.username}"
      user.username.should_not == username
      admin.username.should_not == username
      set_env(admin, username)
      expect { current_user }.to raise_error

      set_param(admin, username)
      expect { current_user }.to raise_error
    end

    it "should handle sudo's to oneself" do
      set_env(admin, admin.id)
      current_user.should == admin
      set_param(admin, admin.id)
      current_user.should == admin
      set_env(admin, admin.username)
      current_user.should == admin
      set_param(admin, admin.username)
      current_user.should == admin
    end

    it "should handle multiple sudo's to oneself" do
      set_env(admin, user.id)
      current_user.should == user
      current_user.should == user
      set_env(admin, user.username)
      current_user.should == user
      current_user.should == user

      set_param(admin, user.id)
      current_user.should == user
      current_user.should == user
      set_param(admin, user.username)
      current_user.should == user
      current_user.should == user
    end

    it "should handle multiple sudo's to oneself using string ids" do
      set_env(admin, user.id.to_s)
      current_user.should == user
      current_user.should == user

      set_param(admin, user.id.to_s)
      current_user.should == user
      current_user.should == user
    end
  end

  describe '.sudo_identifier' do
    it "should return integers when input is an int" do
      set_env(admin, '123')
      sudo_identifier.should == 123
      set_env(admin, '0001234567890')
      sudo_identifier.should == 1234567890

      set_param(admin, '123')
      sudo_identifier.should == 123
      set_param(admin, '0001234567890')
      sudo_identifier.should == 1234567890
    end

    it "should return string when input is an is not an int" do
      set_env(admin, '12.30')
      sudo_identifier.should == "12.30"
      set_env(admin, 'hello')
      sudo_identifier.should == 'hello'
      set_env(admin, ' 123')
      sudo_identifier.should == ' 123'

      set_param(admin, '12.30')
      sudo_identifier.should == "12.30"
      set_param(admin, 'hello')
      sudo_identifier.should == 'hello'
      set_param(admin, ' 123')
      sudo_identifier.should == ' 123'
    end
  end
end