jira-ruby 1.2.0 → 2.3.0

data/spec/jira/client_spec.rb

@@ -1,223 +1,291 @@
 require 'spec_helper'
 
-describe JIRA::Client do
-  before(:each) do
-    stub_request(:post, "https://foo:bar@localhost:2990/rest/auth/1/session").
-      to_return(:status => 200, :body => "", :headers => {})
+# We have three forms of authentication with two clases to represent the client for those different authentications.
+# Some behaviours are shared across all three types of authentication.  these are captured here.
+RSpec.shared_examples 'Client Common Tests' do
+  it { is_expected.to be_a JIRA::Client }
+
+  it 'freezes the options once initialised' do
+    expect(subject.options).to be_frozen
   end
 
-  let(:oauth_client) do
-    JIRA::Client.new({ :consumer_key => 'foo', :consumer_secret => 'bar' })
+  it 'prepends context path to rest base_path' do
+    options = [:rest_base_path]
+    defaults = JIRA::Client::DEFAULT_OPTIONS
+    options.each { |key| expect(subject.options[key]).to eq(defaults[:context_path] + defaults[key]) }
   end
 
-  let(:basic_client) do
-    JIRA::Client.new({ :username => 'foo', :password => 'bar', :auth_type => :basic })
+  it 'merges headers' do
+    expect(subject.send(:merge_default_headers, {})).to eq('Accept' => 'application/json')
   end
 
-  let(:cookie_client) do
-    JIRA::Client.new({ :username => 'foo', :password => 'bar', :auth_type => :cookie })
+  describe 'http methods' do
+    it 'merges default headers' do
+      # stubbed response for generic client request method
+      expect(subject).to receive(:request).exactly(5).times.and_return(successful_response)
+
+      # response for merging headers for http methods with no body
+      expect(subject).to receive(:merge_default_headers).exactly(3).times.with({})
+
+      # response for merging headers for http methods with body
+      expect(subject).to receive(:merge_default_headers).exactly(2).times.with(content_type_header)
+
+      %i[delete get head].each { |method| subject.send(method, '/path', {}) }
+      %i[post put].each { |method| subject.send(method, '/path', '', content_type_header) }
+    end
+
+    it 'calls the generic request method' do
+      %i[delete get head].each do |method|
+        expect(subject).to receive(:request).with(method, '/path', nil, headers).and_return(successful_response)
+        subject.send(method, '/path', {})
+      end
+
+      %i[post put].each do |method|
+        expect(subject).to receive(:request).with(method, '/path', '', merged_headers)
+        subject.send(method, '/path', '', {})
+      end
+    end
   end
 
-  let(:clients) { [oauth_client, basic_client, cookie_client] }
+  describe 'Resource Factories' do
+    it 'gets all projects' do
+      expect(JIRA::Resource::Project).to receive(:all).with(subject).and_return([])
+      expect(subject.Project.all).to eq([])
+    end
 
-  let(:response) do
-    response = double("response")
-    allow(response).to receive(:kind_of?).with(Net::HTTPSuccess).and_return(true)
-    response
+    it 'finds a single project' do
+      find_result = double
+      expect(JIRA::Resource::Project).to receive(:find).with(subject, '123').and_return(find_result)
+      expect(subject.Project.find('123')).to eq(find_result)
+    end
   end
 
-  let(:headers) { {'Accept' => 'application/json'} }
-  let(:content_type_header) { {'Content-Type' => 'application/json'} }
-  let(:merged_headers) { headers.merge(content_type_header) }
+  describe 'SSL client options' do
+    context 'without certificate and key' do
+      let(:options) { { use_client_cert: true } }
+      subject { JIRA::Client.new(options) }
 
-  it "creates an instance" do
-    clients.each {|client| expect(client.class).to eq(JIRA::Client) }
+      it 'raises an ArgumentError' do
+        expect { subject }.to raise_exception(ArgumentError, 'Options: :cert_path or :ssl_client_cert must be set when :use_client_cert is true')
+        options[:ssl_client_cert] = '<cert></cert>'
+        expect { subject }.to raise_exception(ArgumentError, 'Options: :key_path or :ssl_client_key must be set when :use_client_cert is true')
+      end
+    end
   end
+end
 
-  it "allows the overriding of some options" do
-    client = JIRA::Client.new({:consumer_key => 'foo', :consumer_secret => 'bar', :site => 'http://foo.com/'})
-    expect(client.options[:site]).to eq('http://foo.com/')
-    expect(JIRA::Client::DEFAULT_OPTIONS[:site]).not_to eq('http://foo.com/')
+RSpec.shared_examples 'HttpClient tests' do
+  it 'makes a valid request' do
+    %i[delete get head].each do |method|
+      expect(subject.request_client).to receive(:make_request).with(method, '/path', nil, headers).and_return(successful_response)
+      subject.send(method, '/path', headers)
+    end
+    %i[post put].each do |method|
+      expect(subject.request_client).to receive(:make_request).with(method, '/path', '', merged_headers).and_return(successful_response)
+      subject.send(method, '/path', '', headers)
+    end
   end
+end
 
-  it "prepends the context path to the rest base path" do
-    options = [:rest_base_path]
-    defaults = JIRA::Client::DEFAULT_OPTIONS
-    options.each do |key|
-      clients.each { |client| expect(client.options[key]).to eq(defaults[:context_path] + defaults[key]) }
+RSpec.shared_examples 'OAuth Common Tests' do
+  include_examples 'Client Common Tests'
+
+  specify { expect(subject.request_client).to be_a JIRA::OauthClient }
+
+  it 'allows setting an access token' do
+    token = double
+    expect(OAuth::AccessToken).to receive(:new).with(subject.consumer, '', '').and_return(token)
+
+    expect(subject.authenticated?).to be_falsey
+    access_token = subject.set_access_token('', '')
+    expect(access_token).to eq(token)
+    expect(subject.access_token).to eq(token)
+    expect(subject.authenticated?).to be_truthy
+  end
+
+  describe 'that call a oauth client' do
+    specify 'which makes a request' do
+      %i[delete get head].each do |method|
+        expect(subject.request_client).to receive(:make_request).with(method, '/path', nil, headers).and_return(successful_response)
+        subject.send(method, '/path', {})
+      end
+      %i[post put].each do |method|
+        expect(subject.request_client).to receive(:make_request).with(method, '/path', '', merged_headers).and_return(successful_response)
+        subject.send(method, '/path', '', {})
+      end
     end
   end
+end
 
-  # To avoid having to validate options after initialisation, e.g. setting
-  # client.options[:invalid] = 'foo'
-  it "freezes the options" do
-    clients.each { |client| expect(client.options).to be_frozen }
+describe JIRA::Client do
+  let(:request) { subject.request_client.class }
+  let(:successful_response) do
+    response = double('response')
+    allow(response).to receive(:is_a?).with(Net::HTTPSuccess).and_return(true)
+    response
   end
+  let(:content_type_header) { { 'Content-Type' => 'application/json' } }
+  let(:headers) { { 'Accept' => 'application/json' } }
+  let(:merged_headers) { headers.merge(content_type_header) }
 
-  it "merges headers" do
-    clients.each { |client| expect(client.send(:merge_default_headers, {})).to eq({'Accept' => 'application/json'}) }
+  context 'behaviour that applies to all client classes irrespective of authentication method' do
+    it 'allows the overriding of some options' do
+      client = JIRA::Client.new(consumer_key: 'foo', consumer_secret: 'bar', site: 'http://foo.com/')
+      expect(client.options[:site]).to eq('http://foo.com/')
+      expect(JIRA::Client::DEFAULT_OPTIONS[:site]).not_to eq('http://foo.com/')
+    end
   end
 
-  describe "creates instances of request clients" do
-    specify "that are of the correct class" do
-      expect(oauth_client.request_client.class).to eq(JIRA::OauthClient)
-      expect(basic_client.request_client.class).to eq(JIRA::HttpClient)
-      expect(cookie_client.request_client.class).to eq(JIRA::HttpClient)
+  context 'with basic http authentication' do
+    subject { JIRA::Client.new(username: 'foo', password: 'bar', auth_type: :basic) }
+
+    before(:each) do
+      stub_request(:get, 'https://foo:bar@localhost:2990/jira/rest/api/2/project')
+        .to_return(status: 200, body: '[]', headers: {})
+
+      stub_request(:get, 'https://foo:badpassword@localhost:2990/jira/rest/api/2/project')
+        .to_return(status: 401, headers: {})
+    end
+
+    include_examples 'Client Common Tests'
+    include_examples 'HttpClient tests'
+
+    specify { expect(subject.request_client).to be_a JIRA::HttpClient }
+
+    it 'sets the username and password' do
+      expect(subject.options[:username]).to eq('foo')
+      expect(subject.options[:password]).to eq('bar')
     end
 
-    specify "which have a corresponding auth type option" do
-      expect(oauth_client.options[:auth_type]).to eq(:oauth)
-      expect(basic_client.options[:auth_type]).to eq(:basic)
-      expect(cookie_client.options[:auth_type]).to eq(:cookie)
+    it 'fails with wrong user name and password' do
+      bad_login = JIRA::Client.new(username: 'foo', password: 'badpassword', auth_type: :basic)
+      expect(bad_login.authenticated?).to be_falsey
+      expect { bad_login.Project.all }.to raise_error JIRA::HTTPError
     end
 
-    describe "like oauth" do
+    it 'only returns a true for #authenticated? once we have requested some data' do
+      expect(subject.authenticated?).to be_falsey
+      expect(subject.Project.all).to be_empty
+      expect(subject.authenticated?).to be_truthy
+    end
+  end
 
-      it "allows setting an access token" do
-        token = double()
-        expect(OAuth::AccessToken).to receive(:new).with(oauth_client.consumer, 'foo', 'bar').and_return(token)
-        access_token = oauth_client.set_access_token('foo', 'bar')
+  context 'with cookie authentication' do
+    subject { JIRA::Client.new(username: 'foo', password: 'bar', auth_type: :cookie) }
+
+    let(:session_cookie) { '6E3487971234567896704A9EB4AE501F' }
+    let(:session_body) do
+      {
+        'session': { 'name' => 'JSESSIONID', 'value' => session_cookie },
+        'loginInfo': { 'failedLoginCount' => 1, 'loginCount' => 2,
+                       'lastFailedLoginTime' => (DateTime.now - 2).iso8601,
+                       'previousLoginTime' => (DateTime.now - 5).iso8601 }
+      }
+    end
 
-        expect(access_token).to eq(token)
-        expect(oauth_client.access_token).to eq(token)
-      end
+    before(:each) do
+      # General case of API call with no authentication, or wrong authentication
+      stub_request(:post, 'https://localhost:2990/jira/rest/auth/1/session')
+        .to_return(status: 401, headers: {})
 
-      it "allows initializing the access token" do
-        request_token = OAuth::RequestToken.new(oauth_client.consumer)
-        allow(oauth_client.consumer).to receive(:get_request_token).and_return(request_token)
-        mock_access_token = double()
-        expect(request_token).to receive(:get_access_token).with(:oauth_verifier => 'abc123').and_return(mock_access_token)
-        oauth_client.init_access_token(:oauth_verifier => 'abc123')
-        expect(oauth_client.access_token).to eq(mock_access_token)
-      end
+      # Now special case of API with correct authentication.  This gets checked first by RSpec.
+      stub_request(:post, 'https://localhost:2990/jira/rest/auth/1/session')
+        .with(body: '{"username":"foo","password":"bar"}')
+        .to_return(status: 200, body: session_body.to_json,
+                   headers: { 'Set-Cookie': "JSESSIONID=#{session_cookie}; Path=/; HttpOnly" })
 
-      specify "that has specific default options" do
-        options = [:signature_method, :private_key_file]
-        options.each do |key|
-          expect(oauth_client.options[key]).to eq(JIRA::Client::DEFAULT_OPTIONS[key])
-        end
-      end
+      stub_request(:get, 'https://localhost:2990/jira/rest/api/2/project')
+        .with(headers: { cookie: "JSESSIONID=#{session_cookie}" })
+        .to_return(status: 200, body: '[]', headers: {})
     end
 
-    describe "like basic http" do
-      it "sets the username and password" do
-        expect(basic_client.options[:username]).to eq('foo')
-        expect(basic_client.options[:password]).to eq('bar')
+    include_examples 'Client Common Tests'
+    include_examples 'HttpClient tests'
 
-        expect(cookie_client.options[:username]).to eq('foo')
-        expect(cookie_client.options[:password]).to eq('bar')
-      end
+    specify { expect(subject.request_client).to be_a JIRA::HttpClient }
+
+    it 'authenticates with a correct username and password' do
+      expect(subject).to be_authenticated
+      expect(subject.Project.all).to be_empty
+    end
+
+    it 'does not authenticate with an incorrect username and password' do
+      bad_client = JIRA::Client.new(username: 'foo', password: 'bad_password', auth_type: :cookie)
+      expect(bad_client).not_to be_authenticated
     end
 
+    it 'destroys the username and password once authenticated' do
+      expect(subject.options[:username]).to be_nil
+      expect(subject.options[:password]).to be_nil
+    end
   end
 
-  describe "has http methods" do
-    before do
-      oauth_client.set_access_token("foo", "bar")
+  context 'with jwt authentication' do
+    subject do
+      JIRA::Client.new(
+        issuer: 'foo',
+        base_url: 'https://host.tld',
+        shared_secret: 'shared_secret_key',
+        auth_type: :jwt
+      )
     end
 
-    specify "that merge default headers" do
-      # stubbed response for generic client request method
-      expect(oauth_client).to receive(:request).exactly(5).times.and_return(response)
-      expect(basic_client).to receive(:request).exactly(5).times.and_return(response)
-      expect(cookie_client).to receive(:request).exactly(5).times.and_return(response)
+    before(:each) do
+      stub_request(:get, 'https://localhost:2990/jira/rest/api/2/project')
+          .with(query: hash_including(:jwt))
+          .to_return(status: 200, body: '[]', headers: {})
+    end
 
-      # response for merging headers for http methods with no body
-      expect(oauth_client).to receive(:merge_default_headers).exactly(3).times.with({})
-      expect(basic_client).to receive(:merge_default_headers).exactly(3).times.with({})
-      expect(cookie_client).to receive(:merge_default_headers).exactly(3).times.with({})
+    include_examples 'Client Common Tests'
+    include_examples 'HttpClient tests'
 
-      # response for merging headers for http methods with body
-      expect(oauth_client).to receive(:merge_default_headers).exactly(2).times.with(content_type_header)
-      expect(basic_client).to receive(:merge_default_headers).exactly(2).times.with(content_type_header)
-      expect(cookie_client).to receive(:merge_default_headers).exactly(2).times.with(content_type_header)
-
-      [:delete, :get, :head].each do |method|
-        oauth_client.send(method, '/path', {})
-        basic_client.send(method, '/path', {})
-        cookie_client.send(method, '/path', {})
-      end
+    specify { expect(subject.request_client).to be_a JIRA::JwtClient }
 
-      [:post, :put].each do |method|
-        oauth_client.send(method, '/path', '', content_type_header)
-        basic_client.send(method, '/path', '', content_type_header)
-        cookie_client.send(method, '/path', '', content_type_header)
-      end
+    it 'sets the username and password' do
+      expect(subject.options[:shared_secret]).to eq('shared_secret_key')
     end
 
-    specify "that call the generic request method" do
-      [:delete, :get, :head].each do |method|
-        expect(oauth_client).to receive(:request).with(method, '/path', nil, headers).and_return(response)
-        expect(basic_client).to receive(:request).with(method, '/path', nil, headers).and_return(response)
-        expect(cookie_client).to receive(:request).with(method, '/path', nil, headers).and_return(response)
-        oauth_client.send(method, '/path', {})
-        basic_client.send(method, '/path', {})
-        cookie_client.send(method, '/path', {})
+    context 'with a incorrect jwt key' do
+      before do
+        stub_request(:get, 'https://localhost:2990/jira/rest/api/2/project')
+            .with(query: hash_including(:jwt))
+            .to_return(status: 401, body: '[]', headers: {})
       end
 
-      [:post, :put].each do |method|
-        expect(oauth_client).to receive(:request).with(method, '/path', '', merged_headers)
-        expect(basic_client).to receive(:request).with(method, '/path', '', merged_headers)
-        expect(cookie_client).to receive(:request).with(method, '/path', '', merged_headers)
-        oauth_client.send(method, '/path', '', {})
-        basic_client.send(method, '/path', '', {})
-        cookie_client.send(method, '/path', '', {})
+      it 'is not authenticated' do
+        expect(subject.authenticated?).to be_falsey
       end
-    end
 
-    describe "that call a oauth client" do
-      specify "which makes a request" do
-        [:delete, :get, :head].each do |method|
-          expect(oauth_client.request_client).to receive(:make_request).with(method, '/path', nil, headers).and_return(response)
-          oauth_client.send(method, '/path', {})
-        end
-        [:post, :put].each do |method|
-          expect(oauth_client.request_client).to receive(:make_request).with(method, '/path', '', merged_headers).and_return(response)
-          oauth_client.send(method, '/path', '', {})
-        end
+      it 'raises a JIRA::HTTPError when trying to fetch projects' do
+        expect { subject.Project.all }.to raise_error JIRA::HTTPError
       end
     end
 
-    describe "that call a http client" do
-      it "which makes a request" do
-        [:delete, :get, :head].each do |method|
-          expect(basic_client.request_client).to receive(:make_request).with(method, '/path', nil, headers).and_return(response)
-          basic_client.send(method, '/path', headers)
+    it 'only returns a true for #authenticated? once we have requested some data' do
+      expect(subject.authenticated?).to be_falsey
+      expect(subject.Project.all).to be_empty
+      expect(subject.authenticated?).to be_truthy
+    end
+  end
 
-          expect(cookie_client.request_client).to receive(:make_request).with(method, '/path', nil, headers).and_return(response)
-          cookie_client.send(method, '/path', headers)
-        end
-        [:post, :put].each do |method|
-          expect(basic_client.request_client).to receive(:make_request).with(method, '/path', '', merged_headers).and_return(response)
-          basic_client.send(method, '/path', '', headers)
+  context 'oauth authentication' do
+    subject { JIRA::Client.new(consumer_key: 'foo', consumer_secret: 'bar') }
 
-          expect(cookie_client.request_client).to receive(:make_request).with(method, '/path', '', merged_headers).and_return(response)
-          cookie_client.send(method, '/path', '', headers)
-        end
-      end
-    end
+    include_examples 'OAuth Common Tests'
   end
 
-  describe "Resource Factories" do
-    it "gets all projects" do
-      expect(JIRA::Resource::Project).to receive(:all).with(oauth_client).and_return([])
-      expect(JIRA::Resource::Project).to receive(:all).with(basic_client).and_return([])
-      expect(JIRA::Resource::Project).to receive(:all).with(cookie_client).and_return([])
+  context 'with oauth_2legged' do
+    subject { JIRA::Client.new(consumer_key: 'foo', consumer_secret: 'bar', auth_type: :oauth_2legged) }
 
-      expect(oauth_client.Project.all).to eq([])
-      expect(basic_client.Project.all).to eq([])
-      expect(cookie_client.Project.all).to eq([])
-    end
+    include_examples 'OAuth Common Tests'
+  end
 
-    it "finds a single project" do
-      find_result = double()
-      expect(JIRA::Resource::Project).to receive(:find).with(oauth_client, '123').and_return(find_result)
-      expect(JIRA::Resource::Project).to receive(:find).with(basic_client, '123').and_return(find_result)
-      expect(JIRA::Resource::Project).to receive(:find).with(cookie_client, '123').and_return(find_result)
+  context 'with unknown options' do
+    let(:options) { { 'username' => 'foo', 'password' => 'bar', auth_type: :basic } }
+    subject { JIRA::Client.new(options) }
 
-      expect(oauth_client.Project.find('123')).to eq(find_result)
-      expect(basic_client.Project.find('123')).to eq(find_result)
-      expect(cookie_client.Project.find('123')).to eq(find_result)
+    it 'raises an ArgumentError' do
+      expect { subject }.to raise_exception(ArgumentError, 'Unknown option(s) given: ["username", "password"]')
     end
   end
 end

data/spec/jira/has_many_proxy_spec.rb

@@ -1,46 +1,45 @@
 require 'spec_helper'
 
 describe JIRA::HasManyProxy do
-
-  class Foo ; end
+  class Foo; end
 
   subject { JIRA::HasManyProxy.new(parent, Foo, collection) }
 
-  let(:parent)      { double("parent") }
-  let(:collection)  { double("collection") }
+  let(:parent)      { double('parent') }
+  let(:collection)  { double('collection') }
 
-  it "has a target class" do
+  it 'has a target class' do
     expect(subject.target_class).to eq(Foo)
   end
 
-  it "has a parent" do
+  it 'has a parent' do
     expect(subject.parent).to eq(parent)
   end
 
-  it "has a collection" do
+  it 'has a collection' do
     expect(subject.collection).to eq(collection)
   end
 
-  it "can build a new instance" do
+  it 'can build a new instance' do
     client = double('client')
     foo = double('foo')
     allow(parent).to receive(:client).and_return(client)
     allow(parent).to receive(:to_sym).and_return(:parent)
-    expect(Foo).to receive(:new).with(client, :attrs => {'foo' => 'bar'}, :parent => parent).and_return(foo)
+    expect(Foo).to receive(:new).with(client, attrs: { 'foo' => 'bar' }, parent: parent).and_return(foo)
     expect(collection).to receive(:<<).with(foo)
     expect(subject.build('foo' => 'bar')).to eq(foo)
   end
 
-  it "can get all the instances" do
+  it 'can get all the instances' do
     foo = double('foo')
     client = double('client')
     allow(parent).to receive(:client).and_return(client)
     allow(parent).to receive(:to_sym).and_return(:parent)
-    expect(Foo).to receive(:all).with(client, :parent => parent).and_return(foo)
+    expect(Foo).to receive(:all).with(client, parent: parent).and_return(foo)
     expect(subject.all).to eq(foo)
   end
 
-  it "delegates missing methods to the collection" do
+  it 'delegates missing methods to the collection' do
     expect(collection).to receive(:missing_method)
     subject.missing_method
   end