cartodb-4.42/spec/requests/carto/api/public/users_controller_spec.rb

require 'spec_helper_min'
require 'support/helpers'

describe Carto::Api::Public::UsersController do
  include Warden::Test::Helpers
  include HelperMethods

  before(:all) do
    @user = FactoryGirl.create(:valid_user)
    @org = FactoryGirl.create(:organization_with_users)
    @org_user = FactoryGirl.create(:valid_user, name: 'wa', last_name: 'dus', organization: @org)
  end

  before(:each) do
    host! "#{@user.username}.localhost.lan"
  end

  after(:all) do
    @user.destroy
    @org_user.destroy
    @org.destroy
  end

  describe '#me_public' do
    it 'works with master api_key' do
      get_json api_v4_users_me_url(api_key: @user.api_key) do |response|
        expect(response.status).to eq(200)
        expect(response.body[:username]).to eq(@user.username)
      end
    end

    it 'works with regular api_key' do
      api_key = FactoryGirl.create(:oauth_api_key, user_id: @user.id)

      get_json api_v4_users_me_url(api_key: api_key.token) do |response|
        expect(response.status).to eq(200)
        expect(response.body[:username]).to eq(@user.username)
      end
    end

    it 'return 401 without api_key' do
      get_json api_v4_users_me_url do |response|
        expect(response.status).to eq(401)
      end
    end

    it 'return 401 with cookie auth' do
      login_as(@user, scope: @user.username)
      get_json api_v4_users_me_url do |response|
        expect(response.status).to eq(401)
      end
    end

    it 'returns user public profile with user:profile grants' do
      host! "#{@org_user.username}.localhost.lan"
      api_key = FactoryGirl.create(:oauth_api_key_user_profile_grant, user_id: @org_user.id)

      get_json api_v4_users_me_url(api_key: api_key.token) do |response|
        expect(response.status).to eq(200)
        expect(response.body[:username]).to eq(@org_user.username)
        expect(response.body[:organization][:name]).to eq(@org_user.organization.name)
        expect(response.body[:first_name]).to eq(@org_user.name)
        expect(response.body[:last_name]).to eq(@org_user.last_name)
        expect(response.body[:avatar_url]).to eq(@org_user.avatar_url)
        expect(response.body[:organization][:owner][:username]).to eq(@org_user.organization.owner.username)
      end
    end

    it 'does not return user public profile without user:profile grants' do
      host! "#{@org_user.username}.localhost.lan"
      api_key = FactoryGirl.create(:oauth_api_key, user_id: @org_user.id)

      get_json api_v4_users_me_url(api_key: api_key.token) do |response|
        expect(response.status).to eq(200)
        expect(response.body[:username]).to eq(@org_user.username)
        expect(response.body[:organization][:name]).to eq(@org_user.organization.name)
        expect(response.body[:first_name]).to be_nil
        expect(response.body[:last_name]).to be_nil
        expect(response.body[:avatar_url]).to be_nil
        expect(response.body[:organization][:owner]).to be_nil
      end
    end
  end
end
first commit 2024-04-06 13:25:13 +08:00			`require 'spec_helper_min'`
			`require 'support/helpers'`

			`describe Carto::Api::Public::UsersController do`
			`include Warden::Test::Helpers`
			`include HelperMethods`

			`before(:all) do`
			`@user = FactoryGirl.create(:valid_user)`
			`@org = FactoryGirl.create(:organization_with_users)`
			`@org_user = FactoryGirl.create(:valid_user, name: 'wa', last_name: 'dus', organization: @org)`
			`end`

			`before(:each) do`
			`host! "#{@user.username}.localhost.lan"`
			`end`

			`after(:all) do`
			`@user.destroy`
			`@org_user.destroy`
			`@org.destroy`
			`end`

			`describe '#me_public' do`
			`it 'works with master api_key' do`
			`get_json api_v4_users_me_url(api_key: @user.api_key) do \|response\|`
			`expect(response.status).to eq(200)`
			`expect(response.body[:username]).to eq(@user.username)`
			`end`
			`end`

			`it 'works with regular api_key' do`
			`api_key = FactoryGirl.create(:oauth_api_key, user_id: @user.id)`

			`get_json api_v4_users_me_url(api_key: api_key.token) do \|response\|`
			`expect(response.status).to eq(200)`
			`expect(response.body[:username]).to eq(@user.username)`
			`end`
			`end`

			`it 'return 401 without api_key' do`
			`get_json api_v4_users_me_url do \|response\|`
			`expect(response.status).to eq(401)`
			`end`
			`end`

			`it 'return 401 with cookie auth' do`
			`login_as(@user, scope: @user.username)`
			`get_json api_v4_users_me_url do \|response\|`
			`expect(response.status).to eq(401)`
			`end`
			`end`

			`it 'returns user public profile with user:profile grants' do`
			`host! "#{@org_user.username}.localhost.lan"`
			`api_key = FactoryGirl.create(:oauth_api_key_user_profile_grant, user_id: @org_user.id)`

			`get_json api_v4_users_me_url(api_key: api_key.token) do \|response\|`
			`expect(response.status).to eq(200)`
			`expect(response.body[:username]).to eq(@org_user.username)`
			`expect(response.body[:organization][:name]).to eq(@org_user.organization.name)`
			`expect(response.body[:first_name]).to eq(@org_user.name)`
			`expect(response.body[:last_name]).to eq(@org_user.last_name)`
			`expect(response.body[:avatar_url]).to eq(@org_user.avatar_url)`
			`expect(response.body[:organization][:owner][:username]).to eq(@org_user.organization.owner.username)`
			`end`
			`end`

			`it 'does not return user public profile without user:profile grants' do`
			`host! "#{@org_user.username}.localhost.lan"`
			`api_key = FactoryGirl.create(:oauth_api_key, user_id: @org_user.id)`

			`get_json api_v4_users_me_url(api_key: api_key.token) do \|response\|`
			`expect(response.status).to eq(200)`
			`expect(response.body[:username]).to eq(@org_user.username)`
			`expect(response.body[:organization][:name]).to eq(@org_user.organization.name)`
			`expect(response.body[:first_name]).to be_nil`
			`expect(response.body[:last_name]).to be_nil`
			`expect(response.body[:avatar_url]).to be_nil`
			`expect(response.body[:organization][:owner]).to be_nil`
			`end`
			`end`
			`end`
			`end`