2019-04-29 20:27:42 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2018-06-11 00:35:45 -04:00
|
|
|
require 'rails_helper'
|
|
|
|
|
|
|
|
describe Admin::ApiController do
|
|
|
|
|
|
|
|
it "is a subclass of AdminController" do
|
|
|
|
expect(Admin::ApiController < Admin::AdminController).to eq(true)
|
|
|
|
end
|
|
|
|
|
2019-05-06 23:12:20 -04:00
|
|
|
fab!(:admin) { Fabricate(:admin) }
|
2018-06-11 00:35:45 -04:00
|
|
|
|
2019-11-05 09:10:23 -05:00
|
|
|
fab!(:key1) { Fabricate(:api_key, description: "my key") }
|
|
|
|
fab!(:key2) { Fabricate(:api_key, user: admin) }
|
|
|
|
|
2018-09-11 12:02:06 -04:00
|
|
|
context "as an admin" do
|
|
|
|
before do
|
|
|
|
sign_in(admin)
|
2018-06-11 00:35:45 -04:00
|
|
|
end
|
|
|
|
|
2018-09-11 12:02:06 -04:00
|
|
|
describe '#index' do
|
|
|
|
it "succeeds" do
|
|
|
|
get "/admin/api/keys.json"
|
|
|
|
expect(response.status).to eq(200)
|
2019-11-05 09:10:23 -05:00
|
|
|
expect(JSON.parse(response.body)["keys"].length).to eq(2)
|
2018-09-11 12:02:06 -04:00
|
|
|
end
|
2018-06-11 00:35:45 -04:00
|
|
|
end
|
|
|
|
|
2019-11-05 09:10:23 -05:00
|
|
|
describe '#show' do
|
|
|
|
it "succeeds" do
|
|
|
|
get "/admin/api/keys/#{key1.id}.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
data = JSON.parse(response.body)["key"]
|
|
|
|
expect(data["id"]).to eq(key1.id)
|
|
|
|
expect(data["key"]).to eq(key1.key)
|
|
|
|
expect(data["description"]).to eq("my key")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe '#update' do
|
|
|
|
it "allows updating the description" do
|
|
|
|
original_key = key1.key
|
|
|
|
|
|
|
|
put "/admin/api/keys/#{key1.id}.json", params: {
|
|
|
|
key: {
|
|
|
|
description: "my new description",
|
|
|
|
key: "overridekey"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
|
|
|
|
key1.reload
|
|
|
|
expect(key1.description).to eq("my new description")
|
|
|
|
expect(key1.key).to eq(original_key)
|
2018-06-11 00:35:45 -04:00
|
|
|
|
2019-11-05 09:10:23 -05:00
|
|
|
expect(UserHistory.last.action).to eq(UserHistory.actions[:api_key_update])
|
|
|
|
expect(UserHistory.last.subject).to eq(key1.truncated_key)
|
2018-09-11 12:02:06 -04:00
|
|
|
end
|
2018-06-11 00:35:45 -04:00
|
|
|
|
2019-11-05 09:10:23 -05:00
|
|
|
it "returns 400 for invalid payloads" do
|
|
|
|
put "/admin/api/keys/#{key1.id}.json", params: {
|
|
|
|
key: "string not a hash"
|
|
|
|
}
|
|
|
|
expect(response.status).to eq(400)
|
|
|
|
|
|
|
|
put "/admin/api/keys/#{key1.id}.json", params: {}
|
|
|
|
expect(response.status).to eq(400)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "#destroy" do
|
|
|
|
it "works" do
|
|
|
|
expect(ApiKey.exists?(key1.id)).to eq(true)
|
|
|
|
|
|
|
|
delete "/admin/api/keys/#{key1.id}.json"
|
|
|
|
|
2018-09-11 12:02:06 -04:00
|
|
|
expect(response.status).to eq(200)
|
2019-11-05 09:10:23 -05:00
|
|
|
expect(ApiKey.exists?(key1.id)).to eq(false)
|
2018-06-11 00:35:45 -04:00
|
|
|
|
2019-11-05 09:10:23 -05:00
|
|
|
expect(UserHistory.last.action).to eq(UserHistory.actions[:api_key_destroy])
|
|
|
|
expect(UserHistory.last.subject).to eq(key1.truncated_key)
|
2018-09-11 12:02:06 -04:00
|
|
|
end
|
2018-06-11 00:35:45 -04:00
|
|
|
end
|
|
|
|
|
2019-11-05 09:10:23 -05:00
|
|
|
describe "#create" do
|
|
|
|
it "can create a master key" do
|
|
|
|
post "/admin/api/keys.json", params: {
|
|
|
|
key: {
|
|
|
|
description: "master key description"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
|
|
|
|
data = JSON.parse(response.body)
|
|
|
|
|
|
|
|
expect(data['key']['description']).to eq("master key description")
|
|
|
|
expect(data['key']['user']).to eq(nil)
|
|
|
|
expect(data['key']['key']).to_not eq(nil)
|
|
|
|
expect(data['key']['last_used_at']).to eq(nil)
|
2018-09-11 12:02:06 -04:00
|
|
|
|
2019-11-05 09:10:23 -05:00
|
|
|
key = ApiKey.find(data['key']['id'])
|
|
|
|
expect(key.description).to eq("master key description")
|
|
|
|
expect(key.user).to eq(nil)
|
|
|
|
|
|
|
|
expect(UserHistory.last.action).to eq(UserHistory.actions[:api_key_create])
|
|
|
|
expect(UserHistory.last.subject).to eq(key.truncated_key)
|
2018-09-11 12:02:06 -04:00
|
|
|
end
|
|
|
|
|
2019-11-05 09:10:23 -05:00
|
|
|
it "can create a user-specific key" do
|
|
|
|
user = Fabricate(:user)
|
|
|
|
post "/admin/api/keys.json", params: {
|
|
|
|
key: {
|
|
|
|
description: "restricted key description",
|
|
|
|
username: user.username
|
|
|
|
}
|
|
|
|
}
|
2018-09-11 12:02:06 -04:00
|
|
|
expect(response.status).to eq(200)
|
2019-11-05 09:10:23 -05:00
|
|
|
|
|
|
|
data = JSON.parse(response.body)
|
|
|
|
|
|
|
|
expect(data['key']['description']).to eq("restricted key description")
|
|
|
|
expect(data['key']['user']['username']).to eq(user.username)
|
|
|
|
expect(data['key']['key']).to_not eq(nil)
|
|
|
|
expect(data['key']['last_used_at']).to eq(nil)
|
|
|
|
|
|
|
|
key = ApiKey.find(data['key']['id'])
|
|
|
|
expect(key.description).to eq("restricted key description")
|
|
|
|
expect(key.user.id).to eq(user.id)
|
|
|
|
|
|
|
|
expect(UserHistory.last.action).to eq(UserHistory.actions[:api_key_create])
|
|
|
|
expect(UserHistory.last.subject).to eq(key.truncated_key)
|
2018-09-11 12:02:06 -04:00
|
|
|
end
|
2018-06-11 00:35:45 -04:00
|
|
|
end
|
|
|
|
|
2019-11-05 09:10:23 -05:00
|
|
|
describe "#revoke and #undo_revoke" do
|
|
|
|
it "works correctly" do
|
|
|
|
post "/admin/api/keys/#{key1.id}/revoke.json"
|
|
|
|
expect(response.status).to eq 200
|
|
|
|
|
|
|
|
key1.reload
|
|
|
|
expect(key1.revoked_at).to_not eq(nil)
|
|
|
|
expect(UserHistory.last.action).to eq(UserHistory.actions[:api_key_update])
|
|
|
|
expect(UserHistory.last.subject).to eq(key1.truncated_key)
|
|
|
|
expect(UserHistory.last.details).to eq(I18n.t("staff_action_logs.api_key.revoked"))
|
|
|
|
|
|
|
|
post "/admin/api/keys/#{key1.id}/undo-revoke.json"
|
|
|
|
expect(response.status).to eq 200
|
|
|
|
|
|
|
|
key1.reload
|
|
|
|
expect(key1.revoked_at).to eq(nil)
|
|
|
|
expect(UserHistory.last.action).to eq(UserHistory.actions[:api_key_update])
|
|
|
|
expect(UserHistory.last.subject).to eq(key1.truncated_key)
|
|
|
|
expect(UserHistory.last.details).to eq(I18n.t("staff_action_logs.api_key.restored"))
|
|
|
|
end
|
2018-06-11 00:35:45 -04:00
|
|
|
end
|
2019-11-05 09:10:23 -05:00
|
|
|
end
|
2018-09-11 12:02:06 -04:00
|
|
|
|
2019-11-05 09:10:23 -05:00
|
|
|
context "as a moderator" do
|
|
|
|
before do
|
2018-09-11 12:02:06 -04:00
|
|
|
sign_in(Fabricate(:moderator))
|
|
|
|
end
|
|
|
|
|
2019-11-05 09:10:23 -05:00
|
|
|
it "doesn't allow access" do
|
|
|
|
get "/admin/api/keys.json"
|
|
|
|
expect(response.status).to eq(404)
|
|
|
|
|
|
|
|
get "/admin/api/key/#{key1.id}.json"
|
|
|
|
expect(response.status).to eq(404)
|
|
|
|
|
|
|
|
post "/admin/api/keys.json", params: {
|
|
|
|
key: {
|
|
|
|
description: "master key description"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
expect(response.status).to eq(404)
|
|
|
|
|
|
|
|
expect(ApiKey.count).to eq(2)
|
|
|
|
end
|
2018-06-11 00:35:45 -04:00
|
|
|
end
|
|
|
|
end
|