mirror of
https://github.com/zammad/zammad
synced 2026-05-24 09:48:36 +00:00
170 lines
4.7 KiB
Ruby
170 lines
4.7 KiB
Ruby
# encoding: utf-8
|
|
require 'test_helper'
|
|
|
|
class ApiAuthControllerTest < ActionDispatch::IntegrationTest
|
|
setup do
|
|
|
|
# set accept header
|
|
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
|
|
|
|
# create agent
|
|
roles = Role.where(name: %w(Admin Agent))
|
|
groups = Group.all
|
|
|
|
UserInfo.current_user_id = 1
|
|
@admin = User.create_or_update(
|
|
login: 'api-admin',
|
|
firstname: 'API',
|
|
lastname: 'Admin',
|
|
email: 'api-admin@example.com',
|
|
password: 'adminpw',
|
|
active: true,
|
|
roles: roles,
|
|
groups: groups,
|
|
)
|
|
|
|
# create agent
|
|
roles = Role.where(name: 'Agent')
|
|
@agent = User.create_or_update(
|
|
login: 'api-agent@example.com',
|
|
firstname: 'API',
|
|
lastname: 'Agent',
|
|
email: 'api-agent@example.com',
|
|
password: 'agentpw',
|
|
active: true,
|
|
roles: roles,
|
|
groups: groups,
|
|
)
|
|
|
|
# create customer without org
|
|
roles = Role.where(name: 'Customer')
|
|
@customer = User.create_or_update(
|
|
login: 'api-customer1@example.com',
|
|
firstname: 'API',
|
|
lastname: 'Customer1',
|
|
email: 'api-customer1@example.com',
|
|
password: 'customer1pw',
|
|
active: true,
|
|
roles: roles,
|
|
)
|
|
|
|
end
|
|
|
|
test 'basic auth - admin' do
|
|
|
|
admin_credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-admin@example.com', 'adminpw')
|
|
|
|
Setting.set('api_password_access', false)
|
|
get '/api/v1/settings', {}, @headers.merge('Authorization' => admin_credentials)
|
|
assert_response(401)
|
|
|
|
Setting.set('api_password_access', true)
|
|
get '/api/v1/settings', {}, @headers.merge('Authorization' => admin_credentials)
|
|
assert_response(200)
|
|
result = JSON.parse(@response.body)
|
|
assert_equal(Array, result.class)
|
|
assert(result)
|
|
|
|
end
|
|
|
|
test 'basic auth - agent' do
|
|
|
|
agent_credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-agent@example.com', 'agentpw')
|
|
|
|
Setting.set('api_password_access', false)
|
|
get '/api/v1/tickets', {}, @headers.merge('Authorization' => agent_credentials)
|
|
assert_response(401)
|
|
|
|
Setting.set('api_password_access', true)
|
|
get '/api/v1/tickets', {}, @headers.merge('Authorization' => agent_credentials)
|
|
assert_response(200)
|
|
result = JSON.parse(@response.body)
|
|
assert_equal(Array, result.class)
|
|
assert(result)
|
|
|
|
end
|
|
|
|
test 'basic auth - customer' do
|
|
|
|
customer_credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-customer1@example.com', 'customer1pw')
|
|
|
|
Setting.set('api_password_access', false)
|
|
get '/api/v1/tickets', {}, @headers.merge('Authorization' => customer_credentials)
|
|
assert_response(401)
|
|
|
|
Setting.set('api_password_access', true)
|
|
get '/api/v1/tickets', {}, @headers.merge('Authorization' => customer_credentials)
|
|
assert_response(200)
|
|
result = JSON.parse(@response.body)
|
|
assert_equal(Array, result.class)
|
|
assert(result)
|
|
|
|
end
|
|
|
|
test 'token auth - admin' do
|
|
|
|
admin_token = Token.create(
|
|
action: 'api',
|
|
persistent: true,
|
|
user_id: @admin.id,
|
|
)
|
|
admin_credentials = "Token token=#{admin_token.name}"
|
|
|
|
Setting.set('api_token_access', false)
|
|
get '/api/v1/settings', {}, @headers.merge('Authorization' => admin_credentials)
|
|
assert_response(401)
|
|
|
|
Setting.set('api_token_access', true)
|
|
get '/api/v1/settings', {}, @headers.merge('Authorization' => admin_credentials)
|
|
assert_response(200)
|
|
result = JSON.parse(@response.body)
|
|
assert_equal(Array, result.class)
|
|
assert(result)
|
|
|
|
end
|
|
|
|
test 'token auth - agent' do
|
|
|
|
agent_token = Token.create(
|
|
action: 'api',
|
|
persistent: true,
|
|
user_id: @agent.id,
|
|
)
|
|
agent_credentials = "Token token=#{agent_token.name}"
|
|
|
|
Setting.set('api_token_access', false)
|
|
get '/api/v1/tickets', {}, @headers.merge('Authorization' => agent_credentials)
|
|
assert_response(401)
|
|
|
|
Setting.set('api_token_access', true)
|
|
get '/api/v1/tickets', {}, @headers.merge('Authorization' => agent_credentials)
|
|
assert_response(200)
|
|
result = JSON.parse(@response.body)
|
|
assert_equal(Array, result.class)
|
|
assert(result)
|
|
|
|
end
|
|
|
|
test 'token auth - customer' do
|
|
|
|
customer_token = Token.create(
|
|
action: 'api',
|
|
persistent: true,
|
|
user_id: @customer.id,
|
|
)
|
|
customer_credentials = "Token token=#{customer_token.name}"
|
|
|
|
Setting.set('api_token_access', false)
|
|
get '/api/v1/tickets', {}, @headers.merge('Authorization' => customer_credentials)
|
|
assert_response(401)
|
|
|
|
Setting.set('api_token_access', true)
|
|
get '/api/v1/tickets', {}, @headers.merge('Authorization' => customer_credentials)
|
|
assert_response(200)
|
|
result = JSON.parse(@response.body)
|
|
assert_equal(Array, result.class)
|
|
assert(result)
|
|
|
|
end
|
|
|
|
end
|