github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/atc/api/users_test.go (about)

     1  package api_test
     2  
     3  import (
     4  	"errors"
     5  	"io/ioutil"
     6  	"net/http"
     7  	"net/url"
     8  	"time"
     9  
    10  	"github.com/pf-qiu/concourse/v6/atc/api/accessor"
    11  	"github.com/pf-qiu/concourse/v6/atc/db"
    12  	"github.com/pf-qiu/concourse/v6/atc/db/dbfakes"
    13  	. "github.com/pf-qiu/concourse/v6/atc/testhelpers"
    14  
    15  	. "github.com/onsi/ginkgo"
    16  	. "github.com/onsi/gomega"
    17  )
    18  
    19  var _ = Describe("Users API", func() {
    20  
    21  	var (
    22  		response *http.Response
    23  		query    url.Values
    24  	)
    25  
    26  	Context("GET /api/v1/user", func() {
    27  
    28  		JustBeforeEach(func() {
    29  			req, err := http.NewRequest("GET", server.URL+"/api/v1/user", nil)
    30  			Expect(err).NotTo(HaveOccurred())
    31  
    32  			req.URL.RawQuery = query.Encode()
    33  
    34  			response, err = client.Do(req)
    35  			Expect(err).NotTo(HaveOccurred())
    36  		})
    37  
    38  		Context("when authenticated", func() {
    39  
    40  			BeforeEach(func() {
    41  				fakeAccess.IsAuthenticatedReturns(true)
    42  
    43  				fakeAccess.IsAdminReturns(true)
    44  				fakeAccess.IsSystemReturns(false)
    45  
    46  				fakeAccess.ClaimsReturns(accessor.Claims{
    47  					Sub:               "some-sub",
    48  					UserName:          "some-name",
    49  					UserID:            "some-user-id",
    50  					PreferredUsername: "some-user-name",
    51  					Email:             "some@email.com",
    52  				})
    53  
    54  				fakeAccess.TeamRolesReturns(map[string][]string{
    55  					"some-team":       {"owner"},
    56  					"some-other-team": {"viewer"},
    57  				})
    58  			})
    59  
    60  			It("succeeds", func() {
    61  				Expect(response.StatusCode).To(Equal(http.StatusOK))
    62  			})
    63  
    64  			It("returns Content-Type 'application/json'", func() {
    65  				Expect(response.Header.Get("Content-Type")).To(Equal("application/json"))
    66  			})
    67  
    68  			It("returns the current user", func() {
    69  				body, err := ioutil.ReadAll(response.Body)
    70  				Expect(err).NotTo(HaveOccurred())
    71  
    72  				Expect(body).To(MatchJSON(`{
    73  							"sub": "some-sub",
    74  							"name": "some-name",
    75  							"user_id": "some-user-id",
    76  							"user_name": "some-user-name",
    77  							"email": "some@email.com",
    78  							"is_admin": true,
    79  							"is_system": false,
    80  							"teams": {
    81  							  "some-team": ["owner"],
    82  							  "some-other-team": ["viewer"]
    83  							}
    84  						}`))
    85  			})
    86  		})
    87  
    88  		Context("not authenticated", func() {
    89  			BeforeEach(func() {
    90  				fakeAccess.IsAuthenticatedReturns(false)
    91  			})
    92  
    93  			It("returns 401", func() {
    94  				Expect(response.StatusCode).To(Equal(http.StatusUnauthorized))
    95  			})
    96  		})
    97  
    98  	})
    99  
   100  	Context("GET /api/v1/users", func() {
   101  
   102  		JustBeforeEach(func() {
   103  			req, err := http.NewRequest("GET", server.URL+"/api/v1/users", nil)
   104  			Expect(err).NotTo(HaveOccurred())
   105  
   106  			req.URL.RawQuery = query.Encode()
   107  
   108  			response, err = client.Do(req)
   109  			Expect(err).NotTo(HaveOccurred())
   110  		})
   111  
   112  		Context("when authenticated", func() {
   113  
   114  			BeforeEach(func() {
   115  				fakeAccess.IsAuthenticatedReturns(true)
   116  			})
   117  
   118  			Context("not an admin", func() {
   119  
   120  				It("returns 403", func() {
   121  					Expect(response.StatusCode).To(Equal(http.StatusForbidden))
   122  				})
   123  
   124  			})
   125  
   126  			Context("being an admin", func() {
   127  
   128  				BeforeEach(func() {
   129  					fakeAccess.IsAdminReturns(true)
   130  				})
   131  
   132  				It("succeeds", func() {
   133  					Expect(response.StatusCode).To(Equal(http.StatusOK))
   134  				})
   135  
   136  				It("returns Content-Type 'application/json'", func() {
   137  					expectedHeaderEntries := map[string]string{
   138  						"Content-Type": "application/json",
   139  					}
   140  					Expect(response).Should(IncludeHeaderEntries(expectedHeaderEntries))
   141  				})
   142  
   143  				Context("failing to retrieve users", func() {
   144  					BeforeEach(func() {
   145  						dbUserFactory.GetAllUsersReturns(nil, errors.New("no db connection"))
   146  					})
   147  
   148  					It("fails", func() {
   149  						Expect(response.StatusCode).To(Equal(http.StatusInternalServerError))
   150  					})
   151  				})
   152  
   153  				Context("having no users", func() {
   154  					BeforeEach(func() {
   155  						dbUserFactory.GetAllUsersReturns([]db.User{}, nil)
   156  					})
   157  
   158  					It("returns an empty array", func() {
   159  						body, err := ioutil.ReadAll(response.Body)
   160  						Expect(err).NotTo(HaveOccurred())
   161  
   162  						Expect(body).To(MatchJSON(`[]`))
   163  					})
   164  				})
   165  
   166  				Context("having users", func() {
   167  					var loginDate time.Time
   168  					BeforeEach(func() {
   169  						user1 := new(dbfakes.FakeUser)
   170  						user1.IDReturns(6)
   171  						user1.NameReturns("bob")
   172  						user1.ConnectorReturns("github")
   173  						user1.SubReturns("sub")
   174  
   175  						loginDate = time.Unix(10, 0)
   176  						user1.LastLoginReturns(loginDate)
   177  
   178  						dbUserFactory.GetAllUsersReturns([]db.User{user1}, nil)
   179  					})
   180  
   181  					It("returns all users logged in since table creation", func() {
   182  						body, err := ioutil.ReadAll(response.Body)
   183  						Expect(err).NotTo(HaveOccurred())
   184  
   185  						Expect(body).To(MatchJSON(`[{
   186  							"id": 6,
   187  							"username": "bob",
   188  							"connector": "github",
   189  							"last_login": 10
   190  						}]`))
   191  					})
   192  
   193  				})
   194  
   195  			})
   196  
   197  		})
   198  
   199  		Context("not authenticated", func() {
   200  
   201  			BeforeEach(func() {
   202  				fakeAccess.IsAuthenticatedReturns(false)
   203  			})
   204  
   205  			It("returns 401", func() {
   206  				Expect(response.StatusCode).To(Equal(http.StatusUnauthorized))
   207  			})
   208  
   209  		})
   210  
   211  	})
   212  
   213  	Context("GET /api/v1/users?since=", func() {
   214  		var date string
   215  		BeforeEach(func() {
   216  			fakeAccess.IsAuthenticatedReturns(true)
   217  			fakeAccess.IsAdminReturns(true)
   218  		})
   219  
   220  		JustBeforeEach(func() {
   221  			req, err := http.NewRequest("GET", server.URL+"/api/v1/users?since="+date, nil)
   222  			Expect(err).NotTo(HaveOccurred())
   223  
   224  			response, err = client.Do(req)
   225  			Expect(err).NotTo(HaveOccurred())
   226  		})
   227  		Context("with correct date format", func() {
   228  			var loginDate time.Time
   229  			BeforeEach(func() {
   230  				date = "1969-12-30"
   231  
   232  				user1 := new(dbfakes.FakeUser)
   233  				user1.IDReturns(6)
   234  				user1.NameReturns("bob")
   235  				user1.ConnectorReturns("github")
   236  				user1.SubReturns("sub")
   237  				loginDate = time.Unix(10, 0)
   238  				user1.LastLoginReturns(loginDate)
   239  				dbUserFactory.GetAllUsersByLoginDateReturns([]db.User{user1}, nil)
   240  			})
   241  			It("returns users", func() {
   242  				body, err := ioutil.ReadAll(response.Body)
   243  				Expect(err).NotTo(HaveOccurred())
   244  
   245  				Expect(body).To(MatchJSON(`[{
   246  						"id": 6,
   247  						"username": "bob",
   248  						"connector": "github",
   249  						"last_login": 10
   250  					}]`))
   251  			})
   252  		})
   253  
   254  		Context("with incorrect date format", func() {
   255  			BeforeEach(func() {
   256  				date = "1969-14-30"
   257  			})
   258  			It("returns an error message", func() {
   259  				body, err := ioutil.ReadAll(response.Body)
   260  				Expect(err).NotTo(HaveOccurred())
   261  
   262  				Expect(body).To(MatchJSON(`{"error": "wrong date format (yyyy-mm-dd)"}`))
   263  			})
   264  
   265  			It("returns a HTTP 400", func() {
   266  				Expect(response.StatusCode).To(Equal(http.StatusBadRequest))
   267  			})
   268  		})
   269  
   270  		Context("no users logged in since the given date", func() {
   271  			BeforeEach(func() {
   272  				date = ""
   273  			})
   274  			It("returns an empty array", func() {
   275  				body, err := ioutil.ReadAll(response.Body)
   276  				Expect(err).NotTo(HaveOccurred())
   277  
   278  				Expect(body).To(MatchJSON(`[]`))
   279  			})
   280  		})
   281  	})
   282  })