cartodb/spec/requests/carto/api/public/users_controller_spec.rb

85 lines
2.9 KiB
Ruby
Raw Normal View History

2020-06-15 10:58:47 +08:00
require 'spec_helper_min'
require 'support/helpers'
describe Carto::Api::Public::UsersController do
include Warden::Test::Helpers
include HelperMethods
before(:all) do
@user = FactoryGirl.create(:valid_user)
@org = FactoryGirl.create(:organization_with_users)
@org_user = FactoryGirl.create(:valid_user, name: 'wa', last_name: 'dus', organization: @org)
end
before(:each) do
host! "#{@user.username}.localhost.lan"
end
after(:all) do
@user.destroy
@org_user.destroy
@org.destroy
end
describe '#me_public' do
it 'works with master api_key' do
get_json api_v4_users_me_url(api_key: @user.api_key) do |response|
expect(response.status).to eq(200)
expect(response.body[:username]).to eq(@user.username)
end
end
it 'works with regular api_key' do
api_key = FactoryGirl.create(:oauth_api_key, user_id: @user.id)
get_json api_v4_users_me_url(api_key: api_key.token) do |response|
expect(response.status).to eq(200)
expect(response.body[:username]).to eq(@user.username)
end
end
it 'return 401 without api_key' do
get_json api_v4_users_me_url do |response|
expect(response.status).to eq(401)
end
end
it 'return 401 with cookie auth' do
login_as(@user, scope: @user.username)
get_json api_v4_users_me_url do |response|
expect(response.status).to eq(401)
end
end
it 'returns user public profile with user:profile grants' do
host! "#{@org_user.username}.localhost.lan"
api_key = FactoryGirl.create(:oauth_api_key_user_profile_grant, user_id: @org_user.id)
get_json api_v4_users_me_url(api_key: api_key.token) do |response|
expect(response.status).to eq(200)
expect(response.body[:username]).to eq(@org_user.username)
expect(response.body[:organization][:name]).to eq(@org_user.organization.name)
expect(response.body[:first_name]).to eq(@org_user.name)
expect(response.body[:last_name]).to eq(@org_user.last_name)
expect(response.body[:avatar_url]).to eq(@org_user.avatar_url)
expect(response.body[:organization][:owner][:username]).to eq(@org_user.organization.owner.username)
end
end
it 'does not return user public profile without user:profile grants' do
host! "#{@org_user.username}.localhost.lan"
api_key = FactoryGirl.create(:oauth_api_key, user_id: @org_user.id)
get_json api_v4_users_me_url(api_key: api_key.token) do |response|
expect(response.status).to eq(200)
expect(response.body[:username]).to eq(@org_user.username)
expect(response.body[:organization][:name]).to eq(@org_user.organization.name)
expect(response.body[:first_name]).to be_nil
expect(response.body[:last_name]).to be_nil
expect(response.body[:avatar_url]).to be_nil
expect(response.body[:organization][:owner]).to be_nil
end
end
end
end