require_relative '../../spec_helper_min' require_relative '../../factories/organizations_contexts' describe Admin::OrganizationsController do include Warden::Test::Helpers include_context 'organization with users helper' let(:out_of_quota_message) { "Your organization has run out of quota" } let(:out_of_seats_message) { "Your organization has run out of seats" } before(:all) do @org_user_2.org_admin = true @org_user_2.save end describe '#settings' do let(:payload) do { organization: { color: '#ff0000' } } end let(:payload_password) do { organization: { color: '#ff0000' }, password_confirmation: @org_user_owner.password } end let(:payload_wrong_password) do { organization: { color: '#ff0000' }, password_confirmation: 'prapra' } end before(:each) do host! "#{@organization.name}.localhost.lan" Organization.any_instance.stubs(:update_in_central).returns(true) end it 'cannot be accessed by non owner users' do login_as(@org_user_1, scope: @org_user_1.username) get organization_settings_url(user_domain: @org_user_1.username) response.status.should eq 404 login_as(@org_user_2, scope: @org_user_2.username) get organization_settings_url(user_domain: @org_user_2.username) response.status.should eq 404 end it 'cannot be updated by non owner users' do login_as(@org_user_1, scope: @org_user_1.username) put organization_settings_update_url(user_domain: @org_user_1.username), payload response.status.should eq 404 login_as(@org_user_2, scope: @org_user_2.username) put organization_settings_update_url(user_domain: @org_user_2.username), payload response.status.should eq 404 end it 'can be accessed by owner user' do login_as(@org_user_owner, scope: @org_user_owner.username) get organization_settings_url(user_domain: @org_user_owner.username) response.status.should eq 200 end it 'can be updated by owner user' do login_as(@org_user_owner, scope: @org_user_owner.username) put organization_settings_update_url(user_domain: @org_user_owner.username), payload_password response.status.should eq 302 end it 'fails to update if no password_confirmation' do login_as(@org_user_owner, scope: @org_user_owner.username) put organization_settings_update_url(user_domain: @org_user_owner.username), payload response.status.should eq 403 response.body.should match /Confirmation password sent does not match your current password/ end it 'fails to update if wrong password_confirmation' do login_as(@org_user_owner, scope: @org_user_owner.username) put organization_settings_update_url(user_domain: @org_user_owner.username), payload_wrong_password response.status.should eq 403 response.body.should match /Confirmation password sent does not match your current password/ end end describe '#regenerate_api_keys' do it 'regenerate api keys for all org users' do api_key = @carto_org_user_owner.api_keys.create_regular_key!(name: 'wadus', grants: [{ type: 'apis', apis: [] }]) @organization.engine_enabled = true @organization.save host! "#{@organization.name}.localhost.lan" login_as(@org_user_owner, scope: @org_user_owner.username) post regenerate_organization_users_api_key_url( user_domain: @org_user_owner.username, password_confirmation: @org_user_owner.password ) response.status.should eq 302 @organization.users.each do |u| old_api_key = u.api_key u.reload expect(u.api_key).to_not eq old_api_key end expect { api_key.reload }.to(change { api_key.token }) api_key.destroy end end describe '#delete' do before(:all) do @delete_org = test_organization @delete_org.save helper = TestUserFactory.new @delete_org_owner = helper.create_owner(@delete_org) @delete_org_user1 = @helper.create_test_user(unique_name('user'), @delete_org) end after(:all) do @delete_org.destroy_cascade if Carto::Organization.exists?(@delete_org.id) end before(:each) do host! "#{@delete_org.name}.localhost.lan" Organization.any_instance.stubs(:update_in_central).returns(true) end it 'cannot be accessed by non owner users' do login_as(@delete_org_user1, scope: @delete_org_user1.username) delete organization_destroy_url(user_domain: @delete_org_user1.username) response.status.should eq 404 end describe 'as owner' do before(:each) do login_as(@delete_org_owner, scope: @delete_org_owner.username) end it 'returns 400 if no password confirmation is provided' do delete organization_destroy_url(user_domain: @delete_org_owner.username) response.status.should eq 400 response.body.should include("Password doesn't match") end it 'returns 400 if password confirmation is wrong' do payload = { deletion_password_confirmation: @delete_org_owner.password + 'wadus' } delete organization_destroy_url(user_domain: @delete_org_owner.username), payload response.status.should eq 400 end it 'deletes organization and redirects if passwords match' do payload = { deletion_password_confirmation: @delete_org_owner.password } delete organization_destroy_url(user_domain: @delete_org_owner.username), payload response.status.should eq 302 Carto::Organization.exists?(@delete_org.id).should be_false end end end describe '#auth' do let(:payload) do { organization: { whitelisted_email_domains: '', auth_username_password_enabled: true, auth_google_enabled: true, auth_github_enabled: true, strong_passwords_enabled: false, password_expiration_in_d: 1 } } end let(:payload_password) do { organization: { whitelisted_email_domains: '', auth_username_password_enabled: true, auth_google_enabled: true, auth_github_enabled: true, strong_passwords_enabled: false, password_expiration_in_d: 1 }, password_confirmation: @org_user_owner.password } end let(:payload_wrong_password) do { organization: { whitelisted_email_domains: '', auth_username_password_enabled: true, auth_google_enabled: true, auth_github_enabled: true, strong_passwords_enabled: false }, password_confirmation: 'prapra' } end before(:each) do host! "#{@organization.name}.localhost.lan" login_as(@org_user_owner, scope: @org_user_owner.username) Organization.any_instance.stubs(:update_in_central).returns(true) end it 'cannot be accessed by non owner users' do login_as(@org_user_1, scope: @org_user_1.username) get organization_auth_url(user_domain: @org_user_1.username) response.status.should eq 404 login_as(@org_user_2, scope: @org_user_2.username) get organization_auth_url(user_domain: @org_user_2.username) response.status.should eq 404 end it 'cannot be updated by non owner users' do login_as(@org_user_1, scope: @org_user_1.username) put organization_auth_update_url(user_domain: @org_user_1.username), payload response.status.should eq 404 login_as(@org_user_2, scope: @org_user_2.username) put organization_auth_update_url(user_domain: @org_user_2.username), payload response.status.should eq 404 end it 'can be accessed by owner user' do login_as(@org_user_owner, scope: @org_user_owner.username) get organization_auth_url(user_domain: @org_user_owner.username) response.status.should eq 200 end it 'can be updated by owner user' do login_as(@org_user_owner, scope: @org_user_owner.username) put organization_auth_update_url(user_domain: @org_user_owner.username), payload_password response.status.should eq 302 end it 'cannot be updated by owner user if missing password_confirmation' do login_as(@org_user_owner, scope: @org_user_owner.username) put organization_auth_update_url(user_domain: @org_user_owner.username), payload response.status.should eq 403 response.body.should match /Confirmation password sent does not match your current password/ end it 'cannot be updated by owner user if wrong password_confirmation' do login_as(@org_user_owner, scope: @org_user_owner.username) put organization_auth_update_url(user_domain: @org_user_owner.username), payload_wrong_password response.status.should eq 403 response.body.should match /Confirmation password sent does not match your current password/ end it 'updates password_expiration_in_d' do @organization.password_expiration_in_d = nil @organization.save login_as(@org_user_owner, scope: @org_user_owner.username) put organization_auth_update_url(user_domain: @org_user_owner.username), payload_password response.status.should eq 302 @organization.reload @organization.password_expiration_in_d.should eq 1 payload_password[:organization][:password_expiration_in_d] = '' host! "#{@organization.name}.localhost.lan" login_as(@org_user_owner, scope: @org_user_owner.username) put organization_auth_update_url(user_domain: @org_user_owner.username), payload_password response.status.should eq 302 @organization.reload @organization.password_expiration_in_d.should be_nil end describe 'signup enabled' do before(:all) do @organization.whitelisted_email_domains = ['carto.com'] @organization.save end before(:each) do @organization.signup_page_enabled.should eq true end it 'does not display out warning messages if organization signup would work' do @organization.unassigned_quota.should > @organization.default_quota_in_bytes get organization_auth_url(user_domain: @org_user_owner.username) response.status.should eq 200 response.body.should_not include(out_of_quota_message) response.body.should_not include(out_of_seats_message) end it 'displays out of quota message if there is no remaining quota' do old_quota_in_bytes = @organization.quota_in_bytes old_remaining_quota = @organization.unassigned_quota new_quota = (@organization.quota_in_bytes - old_remaining_quota) + (@organization.default_quota_in_bytes / 2) @organization.reload @org_user_owner.reload @organization.quota_in_bytes = new_quota @organization.save get organization_auth_url(user_domain: @org_user_owner.username) response.status.should eq 200 response.body.should include(out_of_quota_message) @organization.quota_in_bytes = old_quota_in_bytes @organization.save end it 'displays out of seats message if there are no seats left' do old_seats = @organization.seats new_seats = @organization.seats - @organization.remaining_seats @organization.reload @org_user_owner.reload @organization.seats = new_seats @organization.save get organization_auth_url(user_domain: @org_user_owner.username) response.status.should eq 200 response.body.should include(out_of_seats_message) @organization.seats = old_seats @organization.save end end describe 'signup disabled' do before(:all) do @organization.whitelisted_email_domains = [] @organization.save end before(:each) do @organization.signup_page_enabled.should eq false end it 'does not display out warning messages even without quota and seats' do old_quota_in_bytes = @organization.quota_in_bytes old_seats = @organization.seats @organization.reload @org_user_owner.reload @organization.seats = @organization.assigned_seats @organization.quota_in_bytes = @organization.assigned_quota + 1 @organization.save get organization_auth_url(user_domain: @org_user_owner.username) response.status.should eq 200 response.body.should_not include(out_of_quota_message) response.body.should_not include(out_of_seats_message) @organization.quota_in_bytes = old_quota_in_bytes @organization.seats = old_seats @organization.save end end end shared_examples_for 'notifications' do before(:each) do host! "#{@organization.name}.localhost.lan" login_as(@admin_user, scope: @admin_user.username) end describe '#notifications' do it 'displays last notification' do body = 'Free meal today' FactoryGirl.create(:notification, organization: @carto_organization, body: body) get organization_notifications_admin_url(user_domain: @admin_user.username) response.status.should eq 200 response.body.should include(body) end end describe '#new_notification' do it 'creates a new notification' do params = { body: 'the body', recipients: Carto::Notification::RECIPIENT_ALL } post new_organization_notification_admin_url( user_domain: @admin_user.username ), carto_notification: params, password_confirmation: @admin_user.password response.status.should eq 302 flash[:success].should eq 'Notification sent!' notification = @carto_organization.reload.notifications.first notification.body.should eq params[:body] notification.recipients.should eq params[:recipients] notification.icon.should eq Carto::Notification::ICON_ALERT end it 'does not create a new notification if wrong password_confirmation' do params = { body: 'the body wrong', recipients: Carto::Notification::RECIPIENT_ALL } post new_organization_notification_admin_url( user_domain: @admin_user.username ), carto_notification: params, password_confirmation: 'prapra' response.status.should eq 403 response.body.should match /Confirmation password sent does not match your current password/ notification = @carto_organization.reload.notifications.first notification.body.should_not eq params[:body] end it 'does not create a new notification if missing password_confirmation' do params = { body: 'the body missing', recipients: Carto::Notification::RECIPIENT_ALL } post new_organization_notification_admin_url(user_domain: @admin_user.username), carto_notification: params response.status.should eq 403 response.body.should match /Confirmation password sent does not match your current password/ notification = @carto_organization.reload.notifications.first notification.body.should_not eq params[:body] end end describe '#destroy_notification' do it 'destroys a notification' do notification = @carto_organization.notifications.first delete destroy_organization_notification_admin_url(user_domain: @admin_user.username, id: notification.id) response.status.should eq 302 flash[:success].should eq 'Notification was successfully deleted!' @carto_organization.reload.notifications.should_not include(notification) end end end describe 'with organization owner' do it_behaves_like 'notifications' do before(:all) do @admin_user = @org_user_owner end end end describe 'with organization admin' do it_behaves_like 'notifications' do before(:all) do @admin_user = @org_user_2 end end end end