github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/atc/api/users_test.go (about) 1 package api_test 2 3 import ( 4 "errors" 5 "io/ioutil" 6 "net/http" 7 "net/url" 8 "time" 9 10 "github.com/pf-qiu/concourse/v6/atc/api/accessor" 11 "github.com/pf-qiu/concourse/v6/atc/db" 12 "github.com/pf-qiu/concourse/v6/atc/db/dbfakes" 13 . "github.com/pf-qiu/concourse/v6/atc/testhelpers" 14 15 . "github.com/onsi/ginkgo" 16 . "github.com/onsi/gomega" 17 ) 18 19 var _ = Describe("Users API", func() { 20 21 var ( 22 response *http.Response 23 query url.Values 24 ) 25 26 Context("GET /api/v1/user", func() { 27 28 JustBeforeEach(func() { 29 req, err := http.NewRequest("GET", server.URL+"/api/v1/user", nil) 30 Expect(err).NotTo(HaveOccurred()) 31 32 req.URL.RawQuery = query.Encode() 33 34 response, err = client.Do(req) 35 Expect(err).NotTo(HaveOccurred()) 36 }) 37 38 Context("when authenticated", func() { 39 40 BeforeEach(func() { 41 fakeAccess.IsAuthenticatedReturns(true) 42 43 fakeAccess.IsAdminReturns(true) 44 fakeAccess.IsSystemReturns(false) 45 46 fakeAccess.ClaimsReturns(accessor.Claims{ 47 Sub: "some-sub", 48 UserName: "some-name", 49 UserID: "some-user-id", 50 PreferredUsername: "some-user-name", 51 Email: "some@email.com", 52 }) 53 54 fakeAccess.TeamRolesReturns(map[string][]string{ 55 "some-team": {"owner"}, 56 "some-other-team": {"viewer"}, 57 }) 58 }) 59 60 It("succeeds", func() { 61 Expect(response.StatusCode).To(Equal(http.StatusOK)) 62 }) 63 64 It("returns Content-Type 'application/json'", func() { 65 Expect(response.Header.Get("Content-Type")).To(Equal("application/json")) 66 }) 67 68 It("returns the current user", func() { 69 body, err := ioutil.ReadAll(response.Body) 70 Expect(err).NotTo(HaveOccurred()) 71 72 Expect(body).To(MatchJSON(`{ 73 "sub": "some-sub", 74 "name": "some-name", 75 "user_id": "some-user-id", 76 "user_name": "some-user-name", 77 "email": "some@email.com", 78 "is_admin": true, 79 "is_system": false, 80 "teams": { 81 "some-team": ["owner"], 82 "some-other-team": ["viewer"] 83 } 84 }`)) 85 }) 86 }) 87 88 Context("not authenticated", func() { 89 BeforeEach(func() { 90 fakeAccess.IsAuthenticatedReturns(false) 91 }) 92 93 It("returns 401", func() { 94 Expect(response.StatusCode).To(Equal(http.StatusUnauthorized)) 95 }) 96 }) 97 98 }) 99 100 Context("GET /api/v1/users", func() { 101 102 JustBeforeEach(func() { 103 req, err := http.NewRequest("GET", server.URL+"/api/v1/users", nil) 104 Expect(err).NotTo(HaveOccurred()) 105 106 req.URL.RawQuery = query.Encode() 107 108 response, err = client.Do(req) 109 Expect(err).NotTo(HaveOccurred()) 110 }) 111 112 Context("when authenticated", func() { 113 114 BeforeEach(func() { 115 fakeAccess.IsAuthenticatedReturns(true) 116 }) 117 118 Context("not an admin", func() { 119 120 It("returns 403", func() { 121 Expect(response.StatusCode).To(Equal(http.StatusForbidden)) 122 }) 123 124 }) 125 126 Context("being an admin", func() { 127 128 BeforeEach(func() { 129 fakeAccess.IsAdminReturns(true) 130 }) 131 132 It("succeeds", func() { 133 Expect(response.StatusCode).To(Equal(http.StatusOK)) 134 }) 135 136 It("returns Content-Type 'application/json'", func() { 137 expectedHeaderEntries := map[string]string{ 138 "Content-Type": "application/json", 139 } 140 Expect(response).Should(IncludeHeaderEntries(expectedHeaderEntries)) 141 }) 142 143 Context("failing to retrieve users", func() { 144 BeforeEach(func() { 145 dbUserFactory.GetAllUsersReturns(nil, errors.New("no db connection")) 146 }) 147 148 It("fails", func() { 149 Expect(response.StatusCode).To(Equal(http.StatusInternalServerError)) 150 }) 151 }) 152 153 Context("having no users", func() { 154 BeforeEach(func() { 155 dbUserFactory.GetAllUsersReturns([]db.User{}, nil) 156 }) 157 158 It("returns an empty array", func() { 159 body, err := ioutil.ReadAll(response.Body) 160 Expect(err).NotTo(HaveOccurred()) 161 162 Expect(body).To(MatchJSON(`[]`)) 163 }) 164 }) 165 166 Context("having users", func() { 167 var loginDate time.Time 168 BeforeEach(func() { 169 user1 := new(dbfakes.FakeUser) 170 user1.IDReturns(6) 171 user1.NameReturns("bob") 172 user1.ConnectorReturns("github") 173 user1.SubReturns("sub") 174 175 loginDate = time.Unix(10, 0) 176 user1.LastLoginReturns(loginDate) 177 178 dbUserFactory.GetAllUsersReturns([]db.User{user1}, nil) 179 }) 180 181 It("returns all users logged in since table creation", func() { 182 body, err := ioutil.ReadAll(response.Body) 183 Expect(err).NotTo(HaveOccurred()) 184 185 Expect(body).To(MatchJSON(`[{ 186 "id": 6, 187 "username": "bob", 188 "connector": "github", 189 "last_login": 10 190 }]`)) 191 }) 192 193 }) 194 195 }) 196 197 }) 198 199 Context("not authenticated", func() { 200 201 BeforeEach(func() { 202 fakeAccess.IsAuthenticatedReturns(false) 203 }) 204 205 It("returns 401", func() { 206 Expect(response.StatusCode).To(Equal(http.StatusUnauthorized)) 207 }) 208 209 }) 210 211 }) 212 213 Context("GET /api/v1/users?since=", func() { 214 var date string 215 BeforeEach(func() { 216 fakeAccess.IsAuthenticatedReturns(true) 217 fakeAccess.IsAdminReturns(true) 218 }) 219 220 JustBeforeEach(func() { 221 req, err := http.NewRequest("GET", server.URL+"/api/v1/users?since="+date, nil) 222 Expect(err).NotTo(HaveOccurred()) 223 224 response, err = client.Do(req) 225 Expect(err).NotTo(HaveOccurred()) 226 }) 227 Context("with correct date format", func() { 228 var loginDate time.Time 229 BeforeEach(func() { 230 date = "1969-12-30" 231 232 user1 := new(dbfakes.FakeUser) 233 user1.IDReturns(6) 234 user1.NameReturns("bob") 235 user1.ConnectorReturns("github") 236 user1.SubReturns("sub") 237 loginDate = time.Unix(10, 0) 238 user1.LastLoginReturns(loginDate) 239 dbUserFactory.GetAllUsersByLoginDateReturns([]db.User{user1}, nil) 240 }) 241 It("returns users", func() { 242 body, err := ioutil.ReadAll(response.Body) 243 Expect(err).NotTo(HaveOccurred()) 244 245 Expect(body).To(MatchJSON(`[{ 246 "id": 6, 247 "username": "bob", 248 "connector": "github", 249 "last_login": 10 250 }]`)) 251 }) 252 }) 253 254 Context("with incorrect date format", func() { 255 BeforeEach(func() { 256 date = "1969-14-30" 257 }) 258 It("returns an error message", func() { 259 body, err := ioutil.ReadAll(response.Body) 260 Expect(err).NotTo(HaveOccurred()) 261 262 Expect(body).To(MatchJSON(`{"error": "wrong date format (yyyy-mm-dd)"}`)) 263 }) 264 265 It("returns a HTTP 400", func() { 266 Expect(response.StatusCode).To(Equal(http.StatusBadRequest)) 267 }) 268 }) 269 270 Context("no users logged in since the given date", func() { 271 BeforeEach(func() { 272 date = "" 273 }) 274 It("returns an empty array", func() { 275 body, err := ioutil.ReadAll(response.Body) 276 Expect(err).NotTo(HaveOccurred()) 277 278 Expect(body).To(MatchJSON(`[]`)) 279 }) 280 }) 281 }) 282 })