2012-06-27 13:32:56 +02:00
|
|
|
require 'spec_helper'
|
|
|
|
|
|
|
|
describe Gitlab::API do
|
2012-08-25 19:31:50 +02:00
|
|
|
include ApiHelpers
|
|
|
|
|
2012-11-06 04:31:55 +01:00
|
|
|
let(:user) { create(:user) }
|
|
|
|
let(:admin) { create(:admin) }
|
|
|
|
let(:key) { create(:key, user: user) }
|
2012-06-27 13:32:56 +02:00
|
|
|
|
|
|
|
describe "GET /users" do
|
2012-09-12 14:11:56 +02:00
|
|
|
context "when unauthenticated" do
|
|
|
|
it "should return authentication error" do
|
|
|
|
get api("/users")
|
|
|
|
response.status.should == 401
|
|
|
|
end
|
2012-06-27 13:32:56 +02:00
|
|
|
end
|
|
|
|
|
2012-09-12 14:11:56 +02:00
|
|
|
context "when authenticated" do
|
2012-06-27 13:32:56 +02:00
|
|
|
it "should return an array of users" do
|
2012-08-25 19:43:55 +02:00
|
|
|
get api("/users", user)
|
2012-06-27 13:32:56 +02:00
|
|
|
response.status.should == 200
|
2012-07-04 09:48:00 +02:00
|
|
|
json_response.should be_an Array
|
|
|
|
json_response.first['email'].should == user.email
|
2012-06-27 13:32:56 +02:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "GET /users/:id" do
|
|
|
|
it "should return a user by id" do
|
2012-08-25 19:43:55 +02:00
|
|
|
get api("/users/#{user.id}", user)
|
2012-06-27 13:32:56 +02:00
|
|
|
response.status.should == 200
|
2012-07-04 09:48:00 +02:00
|
|
|
json_response['email'].should == user.email
|
2012-06-27 13:32:56 +02:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2012-10-02 12:59:22 +02:00
|
|
|
describe "POST /users" do
|
|
|
|
before{ admin }
|
|
|
|
|
|
|
|
it "should not create invalid user" do
|
|
|
|
post api("/users", admin), { email: "invalid email" }
|
|
|
|
response.status.should == 404
|
|
|
|
end
|
|
|
|
|
|
|
|
it "should create user" do
|
2012-10-19 12:23:10 +02:00
|
|
|
expect {
|
2012-11-06 04:31:55 +01:00
|
|
|
post api("/users", admin), attributes_for(:user, projects_limit: 3)
|
2012-10-19 12:23:10 +02:00
|
|
|
}.to change { User.count }.by(1)
|
2012-10-02 12:59:22 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
it "shouldn't available for non admin users" do
|
2012-11-06 04:31:55 +01:00
|
|
|
post api("/users", user), attributes_for(:user)
|
2012-10-02 12:59:22 +02:00
|
|
|
response.status.should == 403
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2012-11-06 14:30:48 +01:00
|
|
|
describe "GET /users/sign_up" do
|
2013-02-21 12:09:47 +01:00
|
|
|
context 'enabled' do
|
|
|
|
before do
|
|
|
|
Gitlab.config.gitlab.stub(:signup_enabled).and_return(true)
|
|
|
|
end
|
2012-11-06 14:30:48 +01:00
|
|
|
|
2013-02-21 12:09:47 +01:00
|
|
|
it "should return sign up page if signup is enabled" do
|
|
|
|
get "/users/sign_up"
|
|
|
|
response.status.should == 200
|
|
|
|
end
|
2012-11-06 14:30:48 +01:00
|
|
|
end
|
2013-02-21 12:09:47 +01:00
|
|
|
|
|
|
|
context 'disabled' do
|
|
|
|
before do
|
|
|
|
Gitlab.config.gitlab.stub(:signup_enabled).and_return(false)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "should redirect to sign in page if signup is disabled" do
|
|
|
|
get "/users/sign_up"
|
|
|
|
response.status.should == 302
|
|
|
|
response.should redirect_to(new_user_session_path)
|
|
|
|
end
|
2012-11-06 14:30:48 +01:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2012-12-18 20:24:31 +01:00
|
|
|
describe "PUT /users/:id" do
|
|
|
|
before { admin }
|
|
|
|
|
|
|
|
it "should update user" do
|
|
|
|
put api("/users/#{user.id}", admin), {bio: 'new test bio'}
|
|
|
|
response.status.should == 200
|
|
|
|
json_response['bio'].should == 'new test bio'
|
|
|
|
user.reload.bio.should == 'new test bio'
|
|
|
|
end
|
|
|
|
|
|
|
|
it "should not allow invalid update" do
|
|
|
|
put api("/users/#{user.id}", admin), {email: 'invalid email'}
|
|
|
|
response.status.should == 404
|
|
|
|
user.reload.email.should_not == 'invalid email'
|
|
|
|
end
|
|
|
|
|
|
|
|
it "shouldn't available for non admin users" do
|
|
|
|
put api("/users/#{user.id}", user), attributes_for(:user)
|
|
|
|
response.status.should == 403
|
|
|
|
end
|
|
|
|
|
|
|
|
it "should return 404 for non-existing user" do
|
|
|
|
put api("/users/999999", admin), {bio: 'update should fail'}
|
|
|
|
response.status.should == 404
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "DELETE /users/:id" do
|
|
|
|
before { admin }
|
|
|
|
|
|
|
|
it "should delete user" do
|
|
|
|
delete api("/users/#{user.id}", admin)
|
|
|
|
response.status.should == 200
|
|
|
|
expect { User.find(user.id) }.to raise_error ActiveRecord::RecordNotFound
|
|
|
|
json_response['email'].should == user.email
|
|
|
|
end
|
|
|
|
|
|
|
|
it "shouldn't available for non admin users" do
|
|
|
|
delete api("/users/#{user.id}", user)
|
|
|
|
response.status.should == 403
|
|
|
|
end
|
|
|
|
|
|
|
|
it "should return 404 for non-existing user" do
|
|
|
|
delete api("/users/999999", admin)
|
|
|
|
response.status.should == 404
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2012-06-27 13:32:56 +02:00
|
|
|
describe "GET /user" do
|
|
|
|
it "should return current user" do
|
2012-08-25 19:43:55 +02:00
|
|
|
get api("/user", user)
|
2012-06-27 13:32:56 +02:00
|
|
|
response.status.should == 200
|
2012-07-04 09:48:00 +02:00
|
|
|
json_response['email'].should == user.email
|
2012-06-27 13:32:56 +02:00
|
|
|
end
|
|
|
|
end
|
2012-09-21 13:49:28 +02:00
|
|
|
|
|
|
|
describe "GET /user/keys" do
|
|
|
|
context "when unauthenticated" do
|
|
|
|
it "should return authentication error" do
|
|
|
|
get api("/user/keys")
|
|
|
|
response.status.should == 401
|
|
|
|
end
|
|
|
|
end
|
2012-09-21 13:53:13 +02:00
|
|
|
|
2012-09-21 13:49:28 +02:00
|
|
|
context "when authenticated" do
|
|
|
|
it "should return array of ssh keys" do
|
|
|
|
user.keys << key
|
|
|
|
user.save
|
|
|
|
get api("/user/keys", user)
|
|
|
|
response.status.should == 200
|
|
|
|
json_response.should be_an Array
|
|
|
|
json_response.first["title"].should == key.title
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "GET /user/keys/:id" do
|
|
|
|
it "should returm single key" do
|
|
|
|
user.keys << key
|
|
|
|
user.save
|
|
|
|
get api("/user/keys/#{key.id}", user)
|
|
|
|
response.status.should == 200
|
|
|
|
json_response["title"].should == key.title
|
|
|
|
end
|
2012-09-21 13:53:13 +02:00
|
|
|
|
2012-09-21 13:49:28 +02:00
|
|
|
it "should return 404 Not Found within invalid ID" do
|
|
|
|
get api("/user/keys/42", user)
|
|
|
|
response.status.should == 404
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "POST /user/keys" do
|
|
|
|
it "should not create invalid ssh key" do
|
|
|
|
post api("/user/keys", user), { title: "invalid key" }
|
|
|
|
response.status.should == 404
|
|
|
|
end
|
2012-09-21 13:53:13 +02:00
|
|
|
|
2012-09-21 13:49:28 +02:00
|
|
|
it "should create ssh key" do
|
2012-11-06 04:31:55 +01:00
|
|
|
key_attrs = attributes_for :key
|
2012-09-21 13:49:28 +02:00
|
|
|
expect {
|
|
|
|
post api("/user/keys", user), key_attrs
|
|
|
|
}.to change{ user.keys.count }.by(1)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "DELETE /user/keys/:id" do
|
|
|
|
it "should delete existed key" do
|
|
|
|
user.keys << key
|
|
|
|
user.save
|
|
|
|
expect {
|
|
|
|
delete api("/user/keys/#{key.id}", user)
|
|
|
|
}.to change{user.keys.count}.by(-1)
|
|
|
|
end
|
2012-09-21 13:53:13 +02:00
|
|
|
|
2012-09-21 13:49:28 +02:00
|
|
|
it "should return 404 Not Found within invalid ID" do
|
|
|
|
delete api("/user/keys/42", user)
|
|
|
|
response.status.should == 404
|
|
|
|
end
|
|
|
|
end
|
2012-06-27 13:32:56 +02:00
|
|
|
end
|