gitlabhq/spec/requests/api/users_spec.rb

require 'spec_helper'

describe Gitlab::API do
  include ApiHelpers

  let(:user)  { create(:user) }
  let(:admin) { create(:admin) }
  let(:key)   { create(:key, user: user) }

  describe "GET /users" do
    context "when unauthenticated" do
      it "should return authentication error" do
        get api("/users")
        response.status.should == 401
      end
    end

    context "when authenticated" do
      it "should return an array of users" do
        get api("/users", user)
        response.status.should == 200
        json_response.should be_an Array
        json_response.first['email'].should == user.email
      end
    end
  end

  describe "GET /users/:id" do
    it "should return a user by id" do
      get api("/users/#{user.id}", user)
      response.status.should == 200
      json_response['email'].should == user.email
    end
  end

  describe "POST /users" do
    before{ admin }

    it "should not create invalid user" do
      post api("/users", admin), { email: "invalid email" }
      response.status.should == 404
    end

    it "should create user" do
      expect {
        post api("/users", admin), attributes_for(:user, projects_limit: 3)
      }.to change { User.count }.by(1)
    end

    it "shouldn't available for non admin users" do
      post api("/users", user), attributes_for(:user)
      response.status.should == 403
    end
  end

  describe "GET /users/sign_up" do
    context 'enabled' do
      before do
        Gitlab.config.gitlab.stub(:signup_enabled).and_return(true)
      end

      it "should return sign up page if signup is enabled" do
        get "/users/sign_up"
        response.status.should == 200
      end
    end

    context 'disabled' do
      before do
        Gitlab.config.gitlab.stub(:signup_enabled).and_return(false)
      end

      it "should redirect to sign in page if signup is disabled" do
        get "/users/sign_up"
        response.status.should == 302
        response.should redirect_to(new_user_session_path)
      end
    end
  end

  describe "PUT /users/:id" do
    before { admin }

    it "should update user" do
      put api("/users/#{user.id}", admin), {bio: 'new test bio'}
      response.status.should == 200
      json_response['bio'].should == 'new test bio'
      user.reload.bio.should == 'new test bio'
    end

    it "should not allow invalid update" do
      put api("/users/#{user.id}", admin), {email: 'invalid email'}
      response.status.should == 404
      user.reload.email.should_not == 'invalid email'
    end

    it "shouldn't available for non admin users" do
      put api("/users/#{user.id}", user), attributes_for(:user)
      response.status.should == 403
    end

    it "should return 404 for non-existing user" do
      put api("/users/999999", admin), {bio: 'update should fail'}
      response.status.should == 404
    end
  end

  describe "DELETE /users/:id" do
    before { admin }

    it "should delete user" do
      delete api("/users/#{user.id}", admin)
      response.status.should == 200
      expect { User.find(user.id) }.to raise_error ActiveRecord::RecordNotFound
      json_response['email'].should == user.email
    end

    it "shouldn't available for non admin users" do
      delete api("/users/#{user.id}", user)
      response.status.should == 403
    end

    it "should return 404 for non-existing user" do
      delete api("/users/999999", admin)
      response.status.should == 404
    end
  end

  describe "GET /user" do
    it "should return current user" do
      get api("/user", user)
      response.status.should == 200
      json_response['email'].should == user.email
    end
  end

  describe "GET /user/keys" do
    context "when unauthenticated" do
      it "should return authentication error" do
        get api("/user/keys")
        response.status.should == 401
      end
    end

    context "when authenticated" do
      it "should return array of ssh keys" do
        user.keys << key
        user.save
        get api("/user/keys", user)
        response.status.should == 200
        json_response.should be_an Array
        json_response.first["title"].should == key.title
      end
    end
  end

  describe "GET /user/keys/:id" do
    it "should returm single key" do
      user.keys << key
      user.save
      get api("/user/keys/#{key.id}", user)
      response.status.should == 200
      json_response["title"].should == key.title
    end

    it "should return 404 Not Found within invalid ID" do
      get api("/user/keys/42", user)
      response.status.should == 404
    end
  end

  describe "POST /user/keys" do
    it "should not create invalid ssh key" do
      post api("/user/keys", user), { title: "invalid key" }
      response.status.should == 404
    end

    it "should create ssh key" do
      key_attrs = attributes_for :key
      expect {
        post api("/user/keys", user), key_attrs
      }.to change{ user.keys.count }.by(1)
    end
  end

  describe "DELETE /user/keys/:id" do
    it "should delete existed key" do
      user.keys << key
      user.save
      expect {
        delete api("/user/keys/#{key.id}", user)
      }.to change{user.keys.count}.by(-1)
    end

    it "should return 404 Not Found within invalid ID" do
      delete api("/user/keys/42", user)
      response.status.should == 404
    end
  end
end
add users API 2012-06-27 13:32:56 +02:00			`require 'spec_helper'`

			`describe Gitlab::API do`
Add a simple `api` method to ApiHelpers, replacing api_prefix See docs for usage 2012-08-25 19:31:50 +02:00			`include ApiHelpers`

Remove backward compatibility of factories. 2012-11-06 04:31:55 +01:00			`let(:user) { create(:user) }`
			`let(:admin) { create(:admin) }`
			`let(:key) { create(:key, user: user) }`
add users API 2012-06-27 13:32:56 +02:00
			`describe "GET /users" do`
make API specs more organized and readable 2012-09-12 14:11:56 +02:00			`context "when unauthenticated" do`
			`it "should return authentication error" do`
			`get api("/users")`
			`response.status.should == 401`
			`end`
add users API 2012-06-27 13:32:56 +02:00			`end`

make API specs more organized and readable 2012-09-12 14:11:56 +02:00			`context "when authenticated" do`
add users API 2012-06-27 13:32:56 +02:00			`it "should return an array of users" do`
Clean up request specs 2012-08-25 19:43:55 +02:00			`get api("/users", user)`
add users API 2012-06-27 13:32:56 +02:00			`response.status.should == 200`
add API version 2012-07-04 09:48:00 +02:00			`json_response.should be_an Array`
			`json_response.first['email'].should == user.email`
add users API 2012-06-27 13:32:56 +02:00			`end`
			`end`
			`end`

			`describe "GET /users/:id" do`
			`it "should return a user by id" do`
Clean up request specs 2012-08-25 19:43:55 +02:00			`get api("/users/#{user.id}", user)`
add users API 2012-06-27 13:32:56 +02:00			`response.status.should == 200`
add API version 2012-07-04 09:48:00 +02:00			`json_response['email'].should == user.email`
add users API 2012-06-27 13:32:56 +02:00			`end`
			`end`

#1585 Api for user creation: rspec 2012-10-02 12:59:22 +02:00			`describe "POST /users" do`
			`before{ admin }`

			`it "should not create invalid user" do`
			`post api("/users", admin), { email: "invalid email" }`
			`response.status.should == 404`
			`end`

			`it "should create user" do`
fix mass-assignment error in user create API 2012-10-19 12:23:10 +02:00			`expect {`
Remove backward compatibility of factories. 2012-11-06 04:31:55 +01:00			`post api("/users", admin), attributes_for(:user, projects_limit: 3)`
fix mass-assignment error in user create API 2012-10-19 12:23:10 +02:00			`}.to change { User.count }.by(1)`
#1585 Api for user creation: rspec 2012-10-02 12:59:22 +02:00			`end`

			`it "shouldn't available for non admin users" do`
Remove backward compatibility of factories. 2012-11-06 04:31:55 +01:00			`post api("/users", user), attributes_for(:user)`
#1585 Api for user creation: rspec 2012-10-02 12:59:22 +02:00			`response.status.should == 403`
			`end`
			`end`

Add optional signup. 2012-11-06 14:30:48 +01:00			`describe "GET /users/sign_up" do`
Fixing rspec after upgrade to capybara pt1 2013-02-21 12:09:47 +01:00			`context 'enabled' do`
			`before do`
			`Gitlab.config.gitlab.stub(:signup_enabled).and_return(true)`
			`end`
Add optional signup. 2012-11-06 14:30:48 +01:00
Fixing rspec after upgrade to capybara pt1 2013-02-21 12:09:47 +01:00			`it "should return sign up page if signup is enabled" do`
			`get "/users/sign_up"`
			`response.status.should == 200`
			`end`
Add optional signup. 2012-11-06 14:30:48 +01:00			`end`
Fixing rspec after upgrade to capybara pt1 2013-02-21 12:09:47 +01:00
			`context 'disabled' do`
			`before do`
			`Gitlab.config.gitlab.stub(:signup_enabled).and_return(false)`
			`end`

			`it "should redirect to sign in page if signup is disabled" do`
			`get "/users/sign_up"`
			`response.status.should == 302`
			`response.should redirect_to(new_user_session_path)`
			`end`
Add optional signup. 2012-11-06 14:30:48 +01:00			`end`
			`end`

Extended users API to support updating and deleting users. Also added tests. 2012-12-18 20:24:31 +01:00			`describe "PUT /users/:id" do`
			`before { admin }`

			`it "should update user" do`
			`put api("/users/#{user.id}", admin), {bio: 'new test bio'}`
			`response.status.should == 200`
			`json_response['bio'].should == 'new test bio'`
			`user.reload.bio.should == 'new test bio'`
			`end`

			`it "should not allow invalid update" do`
			`put api("/users/#{user.id}", admin), {email: 'invalid email'}`
			`response.status.should == 404`
			`user.reload.email.should_not == 'invalid email'`
			`end`

			`it "shouldn't available for non admin users" do`
			`put api("/users/#{user.id}", user), attributes_for(:user)`
			`response.status.should == 403`
			`end`

			`it "should return 404 for non-existing user" do`
			`put api("/users/999999", admin), {bio: 'update should fail'}`
			`response.status.should == 404`
			`end`
			`end`

			`describe "DELETE /users/:id" do`
			`before { admin }`

			`it "should delete user" do`
			`delete api("/users/#{user.id}", admin)`
			`response.status.should == 200`
			`expect { User.find(user.id) }.to raise_error ActiveRecord::RecordNotFound`
			`json_response['email'].should == user.email`
			`end`

			`it "shouldn't available for non admin users" do`
			`delete api("/users/#{user.id}", user)`
			`response.status.should == 403`
			`end`

			`it "should return 404 for non-existing user" do`
			`delete api("/users/999999", admin)`
			`response.status.should == 404`
			`end`
			`end`

add users API 2012-06-27 13:32:56 +02:00			`describe "GET /user" do`
			`it "should return current user" do`
Clean up request specs 2012-08-25 19:43:55 +02:00			`get api("/user", user)`
add users API 2012-06-27 13:32:56 +02:00			`response.status.should == 200`
add API version 2012-07-04 09:48:00 +02:00			`json_response['email'].should == user.email`
add users API 2012-06-27 13:32:56 +02:00			`end`
			`end`
API: SSH keys belong to user entity 2012-09-21 13:49:28 +02:00
			`describe "GET /user/keys" do`
			`context "when unauthenticated" do`
			`it "should return authentication error" do`
			`get api("/user/keys")`
			`response.status.should == 401`
			`end`
			`end`
whitespace 2012-09-21 13:53:13 +02:00
API: SSH keys belong to user entity 2012-09-21 13:49:28 +02:00			`context "when authenticated" do`
			`it "should return array of ssh keys" do`
			`user.keys << key`
			`user.save`
			`get api("/user/keys", user)`
			`response.status.should == 200`
			`json_response.should be_an Array`
			`json_response.first["title"].should == key.title`
			`end`
			`end`
			`end`

			`describe "GET /user/keys/:id" do`
			`it "should returm single key" do`
			`user.keys << key`
			`user.save`
			`get api("/user/keys/#{key.id}", user)`
			`response.status.should == 200`
			`json_response["title"].should == key.title`
			`end`
whitespace 2012-09-21 13:53:13 +02:00
API: SSH keys belong to user entity 2012-09-21 13:49:28 +02:00			`it "should return 404 Not Found within invalid ID" do`
			`get api("/user/keys/42", user)`
			`response.status.should == 404`
			`end`
			`end`

			`describe "POST /user/keys" do`
			`it "should not create invalid ssh key" do`
			`post api("/user/keys", user), { title: "invalid key" }`
			`response.status.should == 404`
			`end`
whitespace 2012-09-21 13:53:13 +02:00
API: SSH keys belong to user entity 2012-09-21 13:49:28 +02:00			`it "should create ssh key" do`
Remove backward compatibility of factories. 2012-11-06 04:31:55 +01:00			`key_attrs = attributes_for :key`
API: SSH keys belong to user entity 2012-09-21 13:49:28 +02:00			`expect {`
			`post api("/user/keys", user), key_attrs`
			`}.to change{ user.keys.count }.by(1)`
			`end`
			`end`

			`describe "DELETE /user/keys/:id" do`
			`it "should delete existed key" do`
			`user.keys << key`
			`user.save`
			`expect {`
			`delete api("/user/keys/#{key.id}", user)`
			`}.to change{user.keys.count}.by(-1)`
			`end`
whitespace 2012-09-21 13:53:13 +02:00
API: SSH keys belong to user entity 2012-09-21 13:49:28 +02:00			`it "should return 404 Not Found within invalid ID" do`
			`delete api("/user/keys/42", user)`
			`response.status.should == 404`
			`end`
			`end`
add users API 2012-06-27 13:32:56 +02:00			`end`