wordjelly-auth 0.0.3 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/auth/version.rb +1 -1
- data/spec/auth_test.rb +7 -0
- data/spec/controllers/auth/admin_create_users_controller_spec.rb +141 -0
- data/spec/controllers/auth/clients_controller_spec.rb +223 -0
- data/spec/controllers/auth/search_controller_spec.rb +5 -0
- data/spec/controllers/auth/shopping/discounts_controller_spec.rb +54 -0
- data/spec/controllers/auth/users/profiles_controller_spec.rb +5 -0
- data/spec/dummy/README.rdoc +28 -0
- data/spec/dummy/Rakefile +6 -0
- data/spec/dummy/app/assets/javascripts/activity.js +2 -0
- data/spec/dummy/app/assets/javascripts/application.js +16 -0
- data/spec/dummy/app/assets/javascripts/home.js +2 -0
- data/spec/dummy/app/assets/javascripts/pollymer.min.js +170 -0
- data/spec/dummy/app/assets/javascripts/tests.js +2 -0
- data/spec/dummy/app/assets/javascripts/topics.js +2 -0
- data/spec/dummy/app/assets/stylesheets/activity.css +4 -0
- data/spec/dummy/app/assets/stylesheets/application.scss +16 -0
- data/spec/dummy/app/assets/stylesheets/home.css +4 -0
- data/spec/dummy/app/assets/stylesheets/tests.css +4 -0
- data/spec/dummy/app/assets/stylesheets/topics.css +4 -0
- data/spec/dummy/app/controllers/activity_controller.rb +3 -0
- data/spec/dummy/app/controllers/admins/confirmations_controller.rb +28 -0
- data/spec/dummy/app/controllers/admins/omniauth_callbacks_controller.rb +28 -0
- data/spec/dummy/app/controllers/admins/passwords_controller.rb +32 -0
- data/spec/dummy/app/controllers/admins/registrations_controller.rb +60 -0
- data/spec/dummy/app/controllers/admins/sessions_controller.rb +5 -0
- data/spec/dummy/app/controllers/admins/unlocks_controller.rb +28 -0
- data/spec/dummy/app/controllers/application_controller.rb +49 -0
- data/spec/dummy/app/controllers/home_controller.rb +13 -0
- data/spec/dummy/app/controllers/otp_controller.rb +3 -0
- data/spec/dummy/app/controllers/shopping/cart_items_controller.rb +28 -0
- data/spec/dummy/app/controllers/shopping/carts_controller.rb +4 -0
- data/spec/dummy/app/controllers/shopping/discounts_controller.rb +3 -0
- data/spec/dummy/app/controllers/shopping/payments_controller.rb +5 -0
- data/spec/dummy/app/controllers/shopping/products_controller.rb +2 -0
- data/spec/dummy/app/controllers/tests_controller.rb +58 -0
- data/spec/dummy/app/controllers/topics_controller.rb +63 -0
- data/spec/dummy/app/controllers/users/sessions_controller.rb +3 -0
- data/spec/dummy/app/controllers/webhooks_controller.rb +13 -0
- data/spec/dummy/app/helpers/activity_helper.rb +2 -0
- data/spec/dummy/app/helpers/api/v1/token_auth_helper.rb +2 -0
- data/spec/dummy/app/helpers/application_helper.rb +2 -0
- data/spec/dummy/app/helpers/home_helper.rb +2 -0
- data/spec/dummy/app/helpers/tests_helper.rb +2 -0
- data/spec/dummy/app/helpers/topics_helper.rb +2 -0
- data/spec/dummy/app/mailers/application_mailer.rb +4 -0
- data/spec/dummy/app/mailers/new.rb +3 -0
- data/spec/dummy/app/models/activity.rb +3 -0
- data/spec/dummy/app/models/admin.rb +12 -0
- data/spec/dummy/app/models/noti.rb +48 -0
- data/spec/dummy/app/models/noti_response.rb +9 -0
- data/spec/dummy/app/models/shopping/cart.rb +3 -0
- data/spec/dummy/app/models/shopping/cart_item.rb +7 -0
- data/spec/dummy/app/models/shopping/discount.rb +3 -0
- data/spec/dummy/app/models/shopping/payment.rb +16 -0
- data/spec/dummy/app/models/shopping/product.rb +6 -0
- data/spec/dummy/app/models/test.rb +5 -0
- data/spec/dummy/app/models/topic.rb +75 -0
- data/spec/dummy/app/models/user.rb +95 -0
- data/spec/dummy/app/views/home/index.html.erb +6 -0
- data/spec/dummy/app/views/home/send_notification.html.erb +2 -0
- data/spec/dummy/app/views/layouts/application.html.erb +26 -0
- data/spec/dummy/app/views/layouts/mailer.html.erb +8 -0
- data/spec/dummy/app/views/layouts/mailer.text.erb +1 -0
- data/spec/dummy/app/views/new/notification.html.erb +1 -0
- data/spec/dummy/app/views/new/notification.text.erb +1 -0
- data/spec/dummy/app/views/shopping/_navigation_options.html.erb +1 -0
- data/spec/dummy/app/views/tests/_form.html.erb +25 -0
- data/spec/dummy/app/views/tests/edit.html.erb +6 -0
- data/spec/dummy/app/views/tests/index.html.erb +33 -0
- data/spec/dummy/app/views/tests/new.html.erb +5 -0
- data/spec/dummy/app/views/tests/show.html.erb +14 -0
- data/spec/dummy/app/views/topics/_form.html.erb +25 -0
- data/spec/dummy/app/views/topics/edit.html.erb +6 -0
- data/spec/dummy/app/views/topics/index.html.erb +29 -0
- data/spec/dummy/app/views/topics/new.html.erb +5 -0
- data/spec/dummy/app/views/topics/show.html.erb +14 -0
- data/spec/dummy/app/views/users/sessions/create.js.erb +6 -0
- data/spec/dummy/bin/bundle +3 -0
- data/spec/dummy/bin/rails +4 -0
- data/spec/dummy/bin/rake +4 -0
- data/spec/dummy/bin/setup +29 -0
- data/spec/dummy/config.ru +8 -0
- data/spec/dummy/config/application.rb +31 -0
- data/spec/dummy/config/boot.rb +5 -0
- data/spec/dummy/config/environment.rb +4 -0
- data/spec/dummy/config/environments/development.rb +57 -0
- data/spec/dummy/config/environments/production.rb +92 -0
- data/spec/dummy/config/environments/test.rb +44 -0
- data/spec/dummy/config/initializers/assets.rb +11 -0
- data/spec/dummy/config/initializers/aws.rb +15 -0
- data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/dummy/config/initializers/cookies_serializer.rb +3 -0
- data/spec/dummy/config/initializers/devise.rb +273 -0
- data/spec/dummy/config/initializers/filter_parameter_logging.rb +4 -0
- data/spec/dummy/config/initializers/inflections.rb +16 -0
- data/spec/dummy/config/initializers/mime_types.rb +4 -0
- data/spec/dummy/config/initializers/preinitializer.rb +167 -0
- data/spec/dummy/config/initializers/redis.rb +9 -0
- data/spec/dummy/config/initializers/session_store.rb +3 -0
- data/spec/dummy/config/initializers/wrap_parameters.rb +9 -0
- data/spec/dummy/config/locales/devise.en.yml +62 -0
- data/spec/dummy/config/locales/en.yml +25 -0
- data/spec/dummy/config/mongoid.yml +142 -0
- data/spec/dummy/config/redis.yml +14 -0
- data/spec/dummy/config/routes.rb +38 -0
- data/spec/dummy/config/secrets.yml +22 -0
- data/spec/dummy/db/seeds.rb +48 -0
- data/spec/dummy/lib/admin/parameter_sanitizer.rb +9 -0
- data/spec/dummy/lib/assets/files/test_names.json +1 -0
- data/spec/dummy/lib/user/parameter_sanitizer.rb +8 -0
- data/spec/dummy/public/404.html +67 -0
- data/spec/dummy/public/422.html +67 -0
- data/spec/dummy/public/500.html +66 -0
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/shoryuken.yml +5 -0
- data/spec/dummy/sidekiq.yml +9 -0
- data/spec/dummy/sidekiq_prep.sh +6 -0
- data/spec/dummy/spec/controllers/activity_controller_spec.rb +5 -0
- data/spec/dummy/spec/controllers/tests_controller_spec.rb +141 -0
- data/spec/dummy/spec/factories/tests.rb +6 -0
- data/spec/dummy/spec/fixtures/new/send_notification +3 -0
- data/spec/dummy/spec/helpers/activity_helper_spec.rb +15 -0
- data/spec/dummy/spec/helpers/tests_helper_spec.rb +15 -0
- data/spec/dummy/spec/mailers/new_spec.rb +18 -0
- data/spec/dummy/spec/mailers/previews/new_preview.rb +13 -0
- data/spec/dummy/spec/models/test_spec.rb +5 -0
- data/spec/dummy/spec/requests/tests_spec.rb +10 -0
- data/spec/dummy/spec/routing/tests_routing_spec.rb +39 -0
- data/spec/dummy/spec/views/tests/edit.html.erb_spec.rb +21 -0
- data/spec/dummy/spec/views/tests/index.html.erb_spec.rb +22 -0
- data/spec/dummy/spec/views/tests/new.html.erb_spec.rb +21 -0
- data/spec/dummy/spec/views/tests/show.html.erb_spec.rb +16 -0
- data/spec/dummy/test/controllers/api/v1/token_auth_controller_test.rb +7 -0
- data/spec/dummy/test/controllers/home_controller_test.rb +9 -0
- data/spec/dummy/test/controllers/oauth_tests_controller_test.rb +7 -0
- data/spec/dummy/test/fixtures/oauth_tests.yml +11 -0
- data/spec/dummy/test/fixtures/users.yml +7 -0
- data/spec/dummy/test/models/oauth_test_test.rb +7 -0
- data/spec/dummy/test/models/user_test.rb +7 -0
- data/spec/factories/client_factory.rb +77 -0
- data/spec/features/additional_login_param_feature_spec.rb +63 -0
- data/spec/features/extension_spec.rb +680 -0
- data/spec/features/redirect_disable_spec.rb +74 -0
- data/spec/fixtures/auth/clients.yml +13 -0
- data/spec/helpers/auth/admin_create_users_helper_spec.rb +15 -0
- data/spec/helpers/auth/resource_helper_spec.rb +15 -0
- data/spec/helpers/auth/search_helper_spec.rb +15 -0
- data/spec/helpers/auth/users/profiles_helper_spec.rb +15 -0
- data/spec/integration/navigation_test.rb +8 -0
- data/spec/mailers/auth/notifier_spec.rb +5 -0
- data/spec/mailers/previews/auth/notifier_preview.rb +4 -0
- data/spec/models/auth/admin_create_user_spec.rb +5 -0
- data/spec/models/auth/client_test.rb +9 -0
- data/spec/models/auth/shopping/discount_spec.rb +5 -0
- data/spec/rails_helper.rb +70 -0
- data/spec/requests/admin/confirmation_request_spec.rb +164 -0
- data/spec/requests/admin/password_request_spec.rb +191 -0
- data/spec/requests/admin/registration_request_spec.rb +574 -0
- data/spec/requests/admin/session_request_spec.rb +352 -0
- data/spec/requests/admin/unlock_request_spec.rb +178 -0
- data/spec/requests/admin_create_user_request_spec.rb +303 -0
- data/spec/requests/background_job_request_spec.rb +28 -0
- data/spec/requests/cart_item_request_spec.rb +381 -0
- data/spec/requests/cart_request_spec.rb +451 -0
- data/spec/requests/client_request_spec.rb +65 -0
- data/spec/requests/discount_request_spec.rb +589 -0
- data/spec/requests/payment_request_spec.rb +1254 -0
- data/spec/requests/search_request_spec.rb +173 -0
- data/spec/requests/topic_request_spec.rb +138 -0
- data/spec/requests/user/additional_login_param_and_email_validation_spec.rb +673 -0
- data/spec/requests/user/confirmation_request_spec.rb +189 -0
- data/spec/requests/user/omniauth_callbacks_request_spec.rb +682 -0
- data/spec/requests/user/otp_basic_flow_request_spec.rb +512 -0
- data/spec/requests/user/password_request_spec.rb +216 -0
- data/spec/requests/user/registration_request_spec.rb +615 -0
- data/spec/requests/user/session_request_spec.rb +361 -0
- data/spec/requests/user/unlock_request_spec.rb +208 -0
- data/spec/routing/admin/admin_routes_spec.rb +15 -0
- data/spec/routing/auth/admin_create_users_routing_spec.rb +39 -0
- data/spec/routing/clients_controller_routes_spec.rb +75 -0
- data/spec/routing/engine_routes_spec.rb +16 -0
- data/spec/spec_helper.rb +138 -0
- data/spec/support/factory_girl.rb +3 -0
- data/spec/support/omniauth_macros.rb +195 -0
- data/spec/support/payumoney_support.rb +11 -0
- data/spec/support/sign_in_support.rb +361 -0
- data/spec/support/wait_for_ajax.rb +11 -0
- data/spec/views/auth/admin_create_users/edit.html.erb_spec.rb +14 -0
- data/spec/views/auth/admin_create_users/index.html.erb_spec.rb +14 -0
- data/spec/views/auth/admin_create_users/new.html.erb_spec.rb +14 -0
- data/spec/views/auth/admin_create_users/show.html.erb_spec.rb +11 -0
- data/spec/views/auth/shopping/discounts/create.html.erb_spec.rb +5 -0
- data/spec/views/auth/shopping/discounts/destroy.html.erb_spec.rb +5 -0
- data/spec/views/auth/shopping/discounts/edit.html.erb_spec.rb +5 -0
- data/spec/views/auth/shopping/discounts/index.html.erb_spec.rb +5 -0
- data/spec/views/auth/shopping/discounts/new.html.erb_spec.rb +5 -0
- data/spec/views/auth/shopping/discounts/show.html.erb_spec.rb +5 -0
- data/spec/views/auth/shopping/discounts/update.html.erb_spec.rb +5 -0
- data/spec/views/profile/show.html.erb_spec.rb +5 -0
- metadata +401 -3
@@ -0,0 +1,173 @@
|
|
1
|
+
require "rails_helper"
|
2
|
+
|
3
|
+
RSpec.describe "search request spec",:search => true, :type => :request do
|
4
|
+
|
5
|
+
before(:all) do
|
6
|
+
ActionController::Base.allow_forgery_protection = false
|
7
|
+
User.delete_all
|
8
|
+
Auth::Client.delete_all
|
9
|
+
Shopping::Product.delete_all
|
10
|
+
Shopping::CartItem.delete_all
|
11
|
+
|
12
|
+
puts "deleting user index #{User.es.index.delete}"
|
13
|
+
puts "creating user index: #{User.es.index.create}"
|
14
|
+
|
15
|
+
|
16
|
+
puts "deleting product index #{Shopping::Product.es.index.delete}"
|
17
|
+
puts "creating product index: #{Shopping::Product.es.index.create}"
|
18
|
+
|
19
|
+
|
20
|
+
puts "deleting cart_item index #{Shopping::CartItem.es.index.delete}"
|
21
|
+
puts "creating cart_item index: #{Shopping::CartItem.es.index.create}"
|
22
|
+
|
23
|
+
|
24
|
+
## CREATE A USER
|
25
|
+
@u = User.new(attributes_for(:user_confirmed))
|
26
|
+
@u.versioned_create
|
27
|
+
|
28
|
+
@c = Auth::Client.new(:resource_id => @u.id, :api_key => "test", :app_ids => ["test_app_id"])
|
29
|
+
@c.redirect_urls = ["http://www.google.com"]
|
30
|
+
@c.versioned_create
|
31
|
+
@u.client_authentication["test_app_id"] = "test_es_token"
|
32
|
+
@u.confirm!
|
33
|
+
sr = @u.save
|
34
|
+
@ap_key = @c.api_key
|
35
|
+
@headers = { "CONTENT_TYPE" => "application/json" , "ACCEPT" => "application/json", "X-User-Token" => @u.authentication_token, "X-User-Es" => @u.client_authentication["test_app_id"], "X-User-Aid" => "test_app_id"}
|
36
|
+
|
37
|
+
|
38
|
+
### CREATE ONE ADMIN USER
|
39
|
+
@admin = Admin.new(attributes_for(:admin_confirmed))
|
40
|
+
@admin.client_authentication["test_app_id"] = "test_es_token"
|
41
|
+
@admin.versioned_create
|
42
|
+
@admin_headers = { "CONTENT_TYPE" => "application/json" , "ACCEPT" => "application/json", "X-Admin-Token" => @admin.authentication_token, "X-Admin-Es" => @admin.client_authentication["test_app_id"], "X-Admin-Aid" => "test_app_id"}
|
43
|
+
|
44
|
+
## create a product.
|
45
|
+
@product = Shopping::Product.new
|
46
|
+
@product.name = "Cobas e411"
|
47
|
+
@product.price = 500.00
|
48
|
+
@product.signed_in_resource = @admin
|
49
|
+
@product.resource_id = @admin.id.to_s
|
50
|
+
@product.resource_class = @admin.class.name.to_s
|
51
|
+
sp = @product.save
|
52
|
+
puts "product successfully saved: #{sp.to_s}"
|
53
|
+
|
54
|
+
## create another product
|
55
|
+
@product = Shopping::Product.new
|
56
|
+
@product.name = "Roche 423"
|
57
|
+
@product.price = 500.00
|
58
|
+
@product.signed_in_resource = @admin
|
59
|
+
@product.resource_id = @admin.id.to_s
|
60
|
+
@product.resource_class = @admin.class.name.to_s
|
61
|
+
sp = @product.save
|
62
|
+
puts "product successfully saved: #{sp.to_s}"
|
63
|
+
|
64
|
+
## create a cart item based on above product
|
65
|
+
@cart_item = Shopping::CartItem.new
|
66
|
+
@cart_item.product_id = @product.id.to_s
|
67
|
+
@cart_item.resource_class = @u.class.name.to_s
|
68
|
+
@cart_item.resource_id = @u.id.to_s
|
69
|
+
@cart_item.signed_in_resource = @u
|
70
|
+
su = @cart_item.save
|
71
|
+
puts "cart item saved: #{su.to_s}"
|
72
|
+
|
73
|
+
|
74
|
+
## create one more user who shouldnt be able to see this cart item.
|
75
|
+
@u2 = User.new(attributes_for(:user_confirmed))
|
76
|
+
@u2.versioned_create
|
77
|
+
@u2.client_authentication["test_app_id"] = "test_es_token"
|
78
|
+
@u2.save
|
79
|
+
@u2_headers = { "CONTENT_TYPE" => "application/json" , "ACCEPT" => "application/json", "X-User-Token" => @u2.authentication_token, "X-User-Es" => @u2.client_authentication["test_app_id"], "X-User-Aid" => "test_app_id"}
|
80
|
+
|
81
|
+
|
82
|
+
## refresh all indices
|
83
|
+
puts "refreshing user index"
|
84
|
+
puts User.es.index.refresh
|
85
|
+
puts "refreshing product index"
|
86
|
+
puts Shopping::Product.es.index.refresh
|
87
|
+
puts "refrehsing cart item index"
|
88
|
+
puts Shopping::CartItem.es.index.refresh
|
89
|
+
|
90
|
+
end
|
91
|
+
|
92
|
+
|
93
|
+
context " -- signed in user -- " do
|
94
|
+
|
95
|
+
context " -- public resource -- " do
|
96
|
+
|
97
|
+
it " -- allows user to search -- ",:purr => true do
|
98
|
+
get authenticated_user_search_index_path({api_key: @ap_key, :current_app_id => "test_app_id", query: {query_string: "Coba", size:10}}),nil,@headers
|
99
|
+
|
100
|
+
puts response.body.to_s
|
101
|
+
results = JSON.parse(response.body)
|
102
|
+
|
103
|
+
expect(results.size).to eq(1)
|
104
|
+
end
|
105
|
+
|
106
|
+
it " -- allows admin to search -- " do
|
107
|
+
get authenticated_user_search_index_path({api_key: @ap_key, :current_app_id => "test_app_id", query: {query_string: "Coba", size:10}}),nil,@admin_headers
|
108
|
+
|
109
|
+
results = JSON.parse(response.body)
|
110
|
+
puts results.to_s
|
111
|
+
expect(results.size).to eq(1)
|
112
|
+
end
|
113
|
+
end
|
114
|
+
|
115
|
+
context " -- private resource -- " do
|
116
|
+
|
117
|
+
|
118
|
+
|
119
|
+
it " -- allows user to search if he owns resource -- ", :pr_user => true do
|
120
|
+
|
121
|
+
get authenticated_user_search_index_path({api_key: @ap_key, :current_app_id => "test_app_id", query: {query_string: "Roc", size:10}}),nil,@headers
|
122
|
+
|
123
|
+
results = JSON.parse(response.body)
|
124
|
+
expect(results.size).to eq(2)
|
125
|
+
|
126
|
+
end
|
127
|
+
|
128
|
+
it " -- allows user to find itself -- ", :search_self => true do
|
129
|
+
|
130
|
+
get authenticated_user_search_index_path({api_key: @ap_key, :current_app_id => "test_app_id", query: {query_string: @u.email[0..4]}}),nil,@headers
|
131
|
+
results = JSON.parse(response.body)
|
132
|
+
puts "this is the response body."
|
133
|
+
puts results.to_s
|
134
|
+
expect(results.size).to eq(1)
|
135
|
+
end
|
136
|
+
|
137
|
+
|
138
|
+
|
139
|
+
it " -- allows admin to search -- " do
|
140
|
+
|
141
|
+
get authenticated_user_search_index_path({api_key: @ap_key, :current_app_id => "test_app_id", query: {query_string: "Roch", size:10}}),nil,@admin_headers
|
142
|
+
|
143
|
+
results = JSON.parse(response.body)
|
144
|
+
expect(results.size).to eq(2)
|
145
|
+
|
146
|
+
end
|
147
|
+
|
148
|
+
it " -- doesnt allow user to search if he doesnt own the resource -- ", :pr_na do
|
149
|
+
|
150
|
+
get authenticated_user_search_index_path({api_key: @ap_key, :current_app_id => "test_app_id", query: {query_string: "Roc", size:10}}),nil,@u2_headers
|
151
|
+
|
152
|
+
results = JSON.parse(response.body)
|
153
|
+
#puts "this is the response body"
|
154
|
+
#puts results.to_s
|
155
|
+
expect(results.size).to eq(1)
|
156
|
+
|
157
|
+
end
|
158
|
+
|
159
|
+
end
|
160
|
+
|
161
|
+
end
|
162
|
+
|
163
|
+
context " -- no signed in user -- " do
|
164
|
+
it " -- returns not authenticated -- " do
|
165
|
+
get authenticated_user_search_index_path({api_key: @ap_key, :current_app_id => "test_app_id", query: {query_string: "Roc", size:10}}),nil,{ "CONTENT_TYPE" => "application/json" , "ACCEPT" => "application/json"}
|
166
|
+
|
167
|
+
expect(response.code).to eq("401")
|
168
|
+
end
|
169
|
+
end
|
170
|
+
|
171
|
+
|
172
|
+
|
173
|
+
end
|
@@ -0,0 +1,138 @@
|
|
1
|
+
require "rails_helper"
|
2
|
+
|
3
|
+
RSpec.describe "token request spec", :type => :request,topic: true do
|
4
|
+
|
5
|
+
before(:all) do
|
6
|
+
|
7
|
+
ActionController::Base.allow_forgery_protection = true
|
8
|
+
User.delete_all
|
9
|
+
Auth::Client.delete_all
|
10
|
+
@u = User.new(attributes_for(:user_confirmed))
|
11
|
+
@u.save
|
12
|
+
Auth.configuration.token_regeneration_time = 1.day
|
13
|
+
@c = Auth::Client.new(:resource_id => @u.id, :api_key => "test")
|
14
|
+
@c.redirect_urls = ["http://www.google.com"]
|
15
|
+
@c.app_ids << "test_app_id"
|
16
|
+
@c.versioned_create
|
17
|
+
@u.client_authentication["test_app_id"] = "test_es"
|
18
|
+
@u.save
|
19
|
+
|
20
|
+
@ap_key = @c.api_key
|
21
|
+
@headers = { "CONTENT_TYPE" => "application/json" , "ACCEPT" => "application/json", "X-User-Token" => @u.authentication_token, "X-User-Es" => @u.client_authentication["test_app_id"], "X-User-Aid" => @c.app_ids[0]}
|
22
|
+
|
23
|
+
@admin = Admin.new(attributes_for(:admin_confirmed))
|
24
|
+
|
25
|
+
@admin.client_authentication["test_app_id"] = "test_es_token"
|
26
|
+
|
27
|
+
@admin.save
|
28
|
+
|
29
|
+
@admin_headers = { "CONTENT_TYPE" => "application/json" , "ACCEPT" => "application/json", "X-Admin-Token" => @admin.authentication_token, "X-Admin-Es" => @admin.client_authentication["test_app_id"], "X-Admin-Aid" => "test_app_id"}
|
30
|
+
|
31
|
+
end
|
32
|
+
|
33
|
+
|
34
|
+
|
35
|
+
context "-- API JSON token authentication tests " do
|
36
|
+
|
37
|
+
it " - authenticates ",:topic_focus => true do
|
38
|
+
get new_topic_path, nil, @headers
|
39
|
+
expect(response.code).to eq("200")
|
40
|
+
end
|
41
|
+
|
42
|
+
it " - authenticates and sets resource ", :topic_focus => true do
|
43
|
+
get new_topic_path, nil, @headers
|
44
|
+
expect(assigns(:resource)).to be_truthy
|
45
|
+
end
|
46
|
+
|
47
|
+
it " - does not authenticate without es", :defocus => true do
|
48
|
+
|
49
|
+
get new_topic_path, nil, { "CONTENT_TYPE" => "application/json" , "ACCEPT" => "application/json", "X-User-Token" => @u.authentication_token, "X-User-Aid" => @c.app_ids[0]}
|
50
|
+
expect(response.code).to eq("401")
|
51
|
+
end
|
52
|
+
|
53
|
+
it " - does not authenticate without app id", :focus => true do
|
54
|
+
|
55
|
+
get new_topic_path, nil, { "CONTENT_TYPE" => "application/json" , "ACCEPT" => "application/json", "X-User-Token" => @u.authentication_token, "X-User-Es" => @u.client_authentication["test_app_id"]}
|
56
|
+
expect(response.code).to eq("401")
|
57
|
+
end
|
58
|
+
|
59
|
+
end
|
60
|
+
|
61
|
+
context " -- authenticates admin as well as user models -- ", :token_tests => true do
|
62
|
+
|
63
|
+
it " -- authenticates an admin user using a token -- " do
|
64
|
+
|
65
|
+
get new_topic_path, nil, @admin_headers
|
66
|
+
|
67
|
+
expect(response.code).to eq("200")
|
68
|
+
|
69
|
+
end
|
70
|
+
|
71
|
+
|
72
|
+
it " -- doesnt attempt authentication of admin user if the normal user gets authenticated -- " do
|
73
|
+
|
74
|
+
get new_topic_path, nil, @headers
|
75
|
+
|
76
|
+
expect(response.code).to eq("200")
|
77
|
+
|
78
|
+
end
|
79
|
+
|
80
|
+
|
81
|
+
end
|
82
|
+
|
83
|
+
|
84
|
+
context " -- it sets authentication_token_expires_at alongwith auth token-- " do
|
85
|
+
|
86
|
+
before(:all) do
|
87
|
+
$earlier_auth_token = nil
|
88
|
+
end
|
89
|
+
|
90
|
+
it " - authenticates and sets resource, with token expires at ", :topic_focus => true do
|
91
|
+
get new_topic_path, nil, @headers
|
92
|
+
expect(assigns(:resource)).to be_truthy
|
93
|
+
resource = assigns(:resource)
|
94
|
+
expect(resource.authentication_token_expires_at).not_to be_nil
|
95
|
+
end
|
96
|
+
|
97
|
+
it " - doesnt authenticate if token has expired -- " do
|
98
|
+
|
99
|
+
Auth.configuration.token_regeneration_time = 1
|
100
|
+
user = User.new(attributes_for(:user_confirmed))
|
101
|
+
user.client_authentication["test_app_id"] = "test_es"
|
102
|
+
user.save
|
103
|
+
$earlier_auth_token = user.authentication_token
|
104
|
+
Auth.configuration.token_regeneration_time = 1.day
|
105
|
+
@headers = { "CONTENT_TYPE" => "application/json" , "ACCEPT" => "application/json", "X-User-Token" => user.authentication_token, "X-User-Es" => user.client_authentication["test_app_id"], "X-User-Aid" => @c.app_ids[0]}
|
106
|
+
sleep(2)
|
107
|
+
get new_topic_path, nil, @headers
|
108
|
+
expect(response.code).to eq("401")
|
109
|
+
|
110
|
+
end
|
111
|
+
|
112
|
+
it " -- on signing in with this user , it will return the new authentication token and es -- " do
|
113
|
+
last_user_created = User.order_by(:confirmation_sent_at => 'desc').first
|
114
|
+
ActionController::Base.allow_forgery_protection = false
|
115
|
+
post user_session_path ,{user: {login: last_user_created.email, password: "password"}}
|
116
|
+
ActionController::Base.allow_forgery_protection = true
|
117
|
+
user_returned = assigns(:user)
|
118
|
+
|
119
|
+
expect(user_returned.authentication_token).not_to eq($earlier_auth_token)
|
120
|
+
|
121
|
+
expect(user_returned.authentication_token).not_to be_nil
|
122
|
+
expect(user_returned.authentication_token_expires_at > Time.now.to_i).to be_truthy
|
123
|
+
end
|
124
|
+
|
125
|
+
it " -- subsequently it will sign in using the new authentication token and es -- " do
|
126
|
+
|
127
|
+
user = User.order_by(:confirmation_sent_at => 'desc').first
|
128
|
+
##now use this authentication token and es.
|
129
|
+
@headers = { "CONTENT_TYPE" => "application/json" , "ACCEPT" => "application/json", "X-User-Token" => user.authentication_token, "X-User-Es" => user.client_authentication["test_app_id"], "X-User-Aid" => @c.app_ids[0]}
|
130
|
+
|
131
|
+
get new_topic_path, nil, @headers
|
132
|
+
expect(response.code).to eq("200")
|
133
|
+
|
134
|
+
end
|
135
|
+
|
136
|
+
end
|
137
|
+
|
138
|
+
end
|
@@ -0,0 +1,673 @@
|
|
1
|
+
##this checks the validation rules set on both the additional_login_param and email.
|
2
|
+
require "rails_helper"
|
3
|
+
|
4
|
+
RSpec.describe "Additional login param and email flow requests", :alp_email => true, :authentication => true, :type => :request do
|
5
|
+
before(:all) do
|
6
|
+
User.delete_all
|
7
|
+
Auth::Client.delete_all
|
8
|
+
module Devise
|
9
|
+
|
10
|
+
RegistrationsController.class_eval do
|
11
|
+
|
12
|
+
def sign_up_params
|
13
|
+
##quick hack to make registrations controller accept confirmed_at, because without that there is no way to send in a confirmed admin directly while creating the admin.
|
14
|
+
params.require(:user).permit(
|
15
|
+
:email, :password, :password_confirmation,
|
16
|
+
:confirmed_at, :redirect_url, :api_key, :additional_login_param
|
17
|
+
)
|
18
|
+
end
|
19
|
+
|
20
|
+
end
|
21
|
+
|
22
|
+
end
|
23
|
+
|
24
|
+
end
|
25
|
+
|
26
|
+
context " -- json requests -- " do
|
27
|
+
|
28
|
+
before(:all) do
|
29
|
+
ActionController::Base.allow_forgery_protection = true
|
30
|
+
User.delete_all
|
31
|
+
Auth::Client.delete_all
|
32
|
+
@u = User.new(attributes_for(:user_confirmed))
|
33
|
+
@u.save
|
34
|
+
@c = Auth::Client.new(:resource_id => @u.id, :api_key => "test", :app_ids => ["test_app_id"])
|
35
|
+
@c.redirect_urls = ["http://www.google.com"]
|
36
|
+
@c.versioned_create
|
37
|
+
@u.client_authentication["test_app_id"] = "test_es_token"
|
38
|
+
@u.save
|
39
|
+
@ap_key = @c.api_key
|
40
|
+
@headers = { "CONTENT_TYPE" => "application/json" , "ACCEPT" => "application/json"}
|
41
|
+
@otp = 1234
|
42
|
+
Auth.configuration.stub_otp_api_calls = true
|
43
|
+
end
|
44
|
+
|
45
|
+
context " -- on creating account -- " do
|
46
|
+
|
47
|
+
it "creating an account with email and additional login param produces a validation error." do
|
48
|
+
usr_attrs = attributes_for(:user)
|
49
|
+
usr_attrs[:additional_login_param] = "9822028511"
|
50
|
+
post user_registration_path, {user: usr_attrs,:api_key => @ap_key, :current_app_id => "test_app_id"}.to_json, @headers
|
51
|
+
expect(assigns(:user).errors).not_to be_empty
|
52
|
+
end
|
53
|
+
|
54
|
+
context " -- mobile validations -- ", :mobile_validations => true do
|
55
|
+
|
56
|
+
context " -- additional login param validations " do
|
57
|
+
|
58
|
+
before(:all) do
|
59
|
+
ActionController::Base.allow_forgery_protection = true
|
60
|
+
User.delete_all
|
61
|
+
Auth::Client.delete_all
|
62
|
+
@u = User.new(attributes_for(:user_confirmed))
|
63
|
+
@u.save
|
64
|
+
@c = Auth::Client.new(:resource_id => @u.id, :api_key => "test", :app_ids => ["test_app_id"])
|
65
|
+
@c.redirect_urls = ["http://www.google.com"]
|
66
|
+
@c.versioned_create
|
67
|
+
@u.client_authentication["test_app_id"] = "test_es_token"
|
68
|
+
@u.save
|
69
|
+
@ap_key = @c.api_key
|
70
|
+
@headers = { "CONTENT_TYPE" => "application/json" , "ACCEPT" => "application/json"}
|
71
|
+
@otp = 1234
|
72
|
+
Auth.configuration.stub_otp_api_calls = true
|
73
|
+
end
|
74
|
+
|
75
|
+
it " --- gives a validation error if additional login param is not a valid mobile on CREATE -- " do
|
76
|
+
post user_registration_path, {user: attributes_for(:user_mobile_invalid),:api_key => @ap_key, :current_app_id => "test_app_id"}.to_json, @headers
|
77
|
+
@user_created = assigns(:user)
|
78
|
+
@cl = assigns(:client)
|
79
|
+
user_json_hash = JSON.parse(response.body)
|
80
|
+
expect(user_json_hash.keys).to match_array(["errors","nothing"])
|
81
|
+
end
|
82
|
+
|
83
|
+
|
84
|
+
end
|
85
|
+
|
86
|
+
context " --- validation flow first create a valid mobile, confirm it, then try to update with an invalid mobile -- should throw validation errors " do
|
87
|
+
|
88
|
+
before(:all) do
|
89
|
+
ActionController::Base.allow_forgery_protection = true
|
90
|
+
User.delete_all
|
91
|
+
Auth::Client.delete_all
|
92
|
+
@u = User.new(attributes_for(:user_confirmed))
|
93
|
+
@u.save
|
94
|
+
@c = Auth::Client.new(:resource_id => @u.id, :api_key => "test", :app_ids => ["test_app_id"])
|
95
|
+
@c.redirect_urls = ["http://www.google.com"]
|
96
|
+
@c.versioned_create
|
97
|
+
@u.client_authentication["test_app_id"] = "test_es_token"
|
98
|
+
@u.save
|
99
|
+
@ap_key = @c.api_key
|
100
|
+
@headers = { "CONTENT_TYPE" => "application/json" , "ACCEPT" => "application/json"}
|
101
|
+
@otp = 1234
|
102
|
+
Auth.configuration.stub_otp_api_calls = true
|
103
|
+
end
|
104
|
+
|
105
|
+
before(:all) do
|
106
|
+
$otp_session_id = nil
|
107
|
+
end
|
108
|
+
|
109
|
+
after(:all) do
|
110
|
+
$otp_session_id = nil
|
111
|
+
end
|
112
|
+
|
113
|
+
it " -- on creating unconfirmed user with a mobile number, it sends otp -- " do
|
114
|
+
|
115
|
+
post user_registration_path, {user: attributes_for(:user_mobile),:api_key => @ap_key, :current_app_id => "test_app_id"}.to_json, @headers
|
116
|
+
@user_created = assigns(:user)
|
117
|
+
@cl = assigns(:client)
|
118
|
+
user_json_hash = JSON.parse(response.body)
|
119
|
+
|
120
|
+
expect(user_json_hash.keys).to match_array(["nothing"])
|
121
|
+
|
122
|
+
end
|
123
|
+
|
124
|
+
it " -- accepts otp at the verify otp endpoint -- " do
|
125
|
+
|
126
|
+
@last_user_created = User.order_by(:confirmation_sent_at => 'desc').first
|
127
|
+
$otp_session_id = $redis.hget(@last_user_created.id.to_s + "_two_factor_sms_otp","otp_session_id")
|
128
|
+
|
129
|
+
get verify_otp_url({:resource => "users",:user => {:additional_login_param => @last_user_created.additional_login_param, :otp => $otp_session_id},:api_key => @ap_key, :current_app_id => "test_app_id"}),nil,@headers
|
130
|
+
user_json_hash = JSON.parse(response.body)
|
131
|
+
|
132
|
+
expect(user_json_hash.keys).to match_array(["nothing"])
|
133
|
+
end
|
134
|
+
|
135
|
+
it " -- short polls for verification status, returns auth_token, es" do
|
136
|
+
@last_user_created = User.order_by(:confirmation_sent_at => 'desc').first
|
137
|
+
|
138
|
+
|
139
|
+
get otp_verification_result_url({:resource => "users",:user => {:additional_login_param => @last_user_created.additional_login_param, :otp => $otp_session_id},:api_key => @ap_key, :current_app_id => "test_app_id"}),nil,@headers
|
140
|
+
user_json_hash = JSON.parse(response.body)
|
141
|
+
|
142
|
+
expect(user_json_hash["verified"]).to eq(true)
|
143
|
+
expect(user_json_hash["resource"]).not_to include("authentication_token","es")
|
144
|
+
end
|
145
|
+
|
146
|
+
it " -- has errors if we try to update with an invalid mobile number now -- " do
|
147
|
+
|
148
|
+
@last_user_created = User.order_by(:confirmation_sent_at => 'desc').first
|
149
|
+
|
150
|
+
|
151
|
+
a = {:id => @last_user_created.id, :user => {:additional_login_param => Faker::Name.name, :current_password => 'password'}, api_key: @ap_key, :current_app_id => "test_app_id"}
|
152
|
+
|
153
|
+
put user_registration_path, a.to_json,@headers.merge({"X-User-Token" => @last_user_created.authentication_token, "X-User-Es" => @last_user_created.client_authentication["test_app_id"], "X-User-Aid" => "test_app_id"})
|
154
|
+
@user_updated = assigns(:user)
|
155
|
+
expect(@user_updated.errors).not_to be_empty
|
156
|
+
user_json_hash = JSON.parse(response.body)
|
157
|
+
expect(user_json_hash.keys).to match_array(["nothing","errors"])
|
158
|
+
end
|
159
|
+
|
160
|
+
|
161
|
+
end
|
162
|
+
|
163
|
+
##with redirect the targets are as follows:
|
164
|
+
## => should redirect with mobile flow
|
165
|
+
## => should be able to switch off redirect functionality
|
166
|
+
|
167
|
+
context " -- validation flow - create account with confirmed email, then add invalid mobile - should throw error " do
|
168
|
+
|
169
|
+
before(:all) do
|
170
|
+
ActionController::Base.allow_forgery_protection = true
|
171
|
+
User.delete_all
|
172
|
+
Auth::Client.delete_all
|
173
|
+
@u = User.new(attributes_for(:user_confirmed))
|
174
|
+
@u.save
|
175
|
+
@c = Auth::Client.new(:resource_id => @u.id, :api_key => "test", :app_ids => ["test_app_id"])
|
176
|
+
@c.redirect_urls = ["http://www.google.com"]
|
177
|
+
@c.versioned_create
|
178
|
+
@u.client_authentication["test_app_id"] = "test_es_token"
|
179
|
+
@u.save
|
180
|
+
@ap_key = @c.api_key
|
181
|
+
@headers = { "CONTENT_TYPE" => "application/json" , "ACCEPT" => "application/json"}
|
182
|
+
@otp = 1234
|
183
|
+
Auth.configuration.stub_otp_api_calls = true
|
184
|
+
end
|
185
|
+
|
186
|
+
|
187
|
+
it "-- creates confirmed email account " do
|
188
|
+
|
189
|
+
post user_registration_path, {user: attributes_for(:user_confirmed),:api_key => @ap_key, :current_app_id => "test_app_id"}.to_json, @headers
|
190
|
+
@user_created = assigns(:user)
|
191
|
+
@cl = assigns(:client)
|
192
|
+
user_json_hash = JSON.parse(response.body)
|
193
|
+
|
194
|
+
|
195
|
+
expect(user_json_hash.keys).to match_array(["authentication_token","es"])
|
196
|
+
|
197
|
+
end
|
198
|
+
|
199
|
+
it " -- fails to update with invalid mobile number -- " do
|
200
|
+
|
201
|
+
@last_user_created = User.order_by(:confirmation_sent_at => 'desc').first
|
202
|
+
|
203
|
+
|
204
|
+
a = {:id => @last_user_created.id, :user => {:additional_login_param => Faker::Name.name, :current_password => 'password'}, api_key: @ap_key, :current_app_id => "test_app_id"}
|
205
|
+
|
206
|
+
put user_registration_path, a.to_json,@headers.merge({"X-User-Token" => @last_user_created.authentication_token, "X-User-Es" => @last_user_created.client_authentication["test_app_id"], "X-User-Aid" => "test_app_id"})
|
207
|
+
@user_updated = assigns(:user)
|
208
|
+
expect(@user_updated.errors).not_to be_empty
|
209
|
+
user_json_hash = JSON.parse(response.body)
|
210
|
+
expect(user_json_hash.keys).to match_array(["nothing","errors"])
|
211
|
+
|
212
|
+
end
|
213
|
+
|
214
|
+
|
215
|
+
end
|
216
|
+
|
217
|
+
end
|
218
|
+
|
219
|
+
context " -- flow test --- " do
|
220
|
+
|
221
|
+
context " --- create and confirm an account with a mobile number, then try to delete the mobile -- should give a validation error -- " do
|
222
|
+
|
223
|
+
before(:all) do
|
224
|
+
ActionController::Base.allow_forgery_protection = true
|
225
|
+
User.delete_all
|
226
|
+
Auth::Client.delete_all
|
227
|
+
@u = User.new(attributes_for(:user_confirmed))
|
228
|
+
@u.save
|
229
|
+
@c = Auth::Client.new(:resource_id => @u.id, :api_key => "test", :app_ids => ["test_app_id"])
|
230
|
+
@c.redirect_urls = ["http://www.google.com"]
|
231
|
+
@c.versioned_create
|
232
|
+
@u.client_authentication["test_app_id"] = "test_es_token"
|
233
|
+
@u.save
|
234
|
+
@ap_key = @c.api_key
|
235
|
+
@headers = { "CONTENT_TYPE" => "application/json" , "ACCEPT" => "application/json"}
|
236
|
+
@otp = 1234
|
237
|
+
Auth.configuration.stub_otp_api_calls = true
|
238
|
+
end
|
239
|
+
|
240
|
+
before(:all) do
|
241
|
+
$otp_session_id = nil
|
242
|
+
end
|
243
|
+
|
244
|
+
after(:all) do
|
245
|
+
$otp_session_id = nil
|
246
|
+
end
|
247
|
+
|
248
|
+
it " -- on creating unconfirmed user with a mobile number, it sends otp -- " do
|
249
|
+
|
250
|
+
post user_registration_path, {user: attributes_for(:user_mobile),:api_key => @ap_key, :current_app_id => "test_app_id"}.to_json, @headers
|
251
|
+
@user_created = assigns(:user)
|
252
|
+
@cl = assigns(:client)
|
253
|
+
user_json_hash = JSON.parse(response.body)
|
254
|
+
expect(user_json_hash.keys).to match_array(["nothing"])
|
255
|
+
|
256
|
+
end
|
257
|
+
|
258
|
+
it " -- accepts otp at the verify otp endpoint -- " do
|
259
|
+
|
260
|
+
@last_user_created = User.order_by(:confirmation_sent_at => 'desc').first
|
261
|
+
$otp_session_id = $redis.hget(@last_user_created.id.to_s + "_two_factor_sms_otp","otp_session_id")
|
262
|
+
|
263
|
+
get verify_otp_url({:resource => "users",:user => {:additional_login_param => @last_user_created.additional_login_param, :otp => $otp_session_id},:api_key => @ap_key, :current_app_id => "test_app_id"}),nil,@headers
|
264
|
+
user_json_hash = JSON.parse(response.body)
|
265
|
+
|
266
|
+
expect(user_json_hash.keys).to match_array(["nothing"])
|
267
|
+
end
|
268
|
+
|
269
|
+
it " -- short polls for verification status, returns auth_token, es" do
|
270
|
+
@last_user_created = User.order_by(:confirmation_sent_at => 'desc').first
|
271
|
+
|
272
|
+
|
273
|
+
get otp_verification_result_url({:resource => "users",:user => {:additional_login_param => @last_user_created.additional_login_param, :otp => $otp_session_id},:api_key => @ap_key, :current_app_id => "test_app_id"}),nil,@headers
|
274
|
+
user_json_hash = JSON.parse(response.body)
|
275
|
+
|
276
|
+
expect(user_json_hash["verified"]).to eq(true)
|
277
|
+
expect(user_json_hash["resource"]).not_to include("authentication_token","es")
|
278
|
+
end
|
279
|
+
|
280
|
+
it " -- has errors if we try to delete the mobile now -- " do
|
281
|
+
|
282
|
+
@last_user_created = User.order_by(:confirmation_sent_at => 'desc').first
|
283
|
+
|
284
|
+
|
285
|
+
a = {:id => @last_user_created.id, :user => {:additional_login_param => "", :current_password => 'password'}, api_key: @ap_key, :current_app_id => "test_app_id"}
|
286
|
+
|
287
|
+
put user_registration_path, a.to_json,@headers.merge({"X-User-Token" => @last_user_created.authentication_token, "X-User-Es" => @last_user_created.client_authentication["test_app_id"], "X-User-Aid" => "test_app_id"})
|
288
|
+
@user_updated = assigns(:user)
|
289
|
+
expect(@user_updated.errors).not_to be_empty
|
290
|
+
|
291
|
+
end
|
292
|
+
|
293
|
+
end
|
294
|
+
|
295
|
+
context " -- create an confirm a mobile number, try to change it, -- should fail, without a confirmed email " do
|
296
|
+
|
297
|
+
before(:all) do
|
298
|
+
ActionController::Base.allow_forgery_protection = true
|
299
|
+
User.delete_all
|
300
|
+
Auth::Client.delete_all
|
301
|
+
@u = User.new(attributes_for(:user_confirmed))
|
302
|
+
@u.save
|
303
|
+
@c = Auth::Client.new(:resource_id => @u.id, :api_key => "test", :app_ids => ["test_app_id"])
|
304
|
+
@c.redirect_urls = ["http://www.google.com"]
|
305
|
+
@c.versioned_create
|
306
|
+
@u.client_authentication["test_app_id"] = "test_es_token"
|
307
|
+
@u.save
|
308
|
+
@ap_key = @c.api_key
|
309
|
+
@headers = { "CONTENT_TYPE" => "application/json" , "ACCEPT" => "application/json"}
|
310
|
+
@otp = 1234
|
311
|
+
Auth.configuration.stub_otp_api_calls = true
|
312
|
+
end
|
313
|
+
|
314
|
+
before(:all) do
|
315
|
+
$otp_session_id = nil
|
316
|
+
end
|
317
|
+
|
318
|
+
after(:all) do
|
319
|
+
$otp_session_id = nil
|
320
|
+
end
|
321
|
+
|
322
|
+
it " -- on creating unconfirmed user with a mobile number, it sends otp -- " do
|
323
|
+
|
324
|
+
post user_registration_path, {user: attributes_for(:user_mobile),:api_key => @ap_key, :current_app_id => "test_app_id"}.to_json, @headers
|
325
|
+
@user_created = assigns(:user)
|
326
|
+
@cl = assigns(:client)
|
327
|
+
user_json_hash = JSON.parse(response.body)
|
328
|
+
expect(user_json_hash.keys).to match_array(["nothing"])
|
329
|
+
|
330
|
+
end
|
331
|
+
|
332
|
+
it " -- accepts otp at the verify otp endpoint -- " do
|
333
|
+
|
334
|
+
@last_user_created = User.order_by(:confirmation_sent_at => 'desc').first
|
335
|
+
$otp_session_id = $redis.hget(@last_user_created.id.to_s + "_two_factor_sms_otp","otp_session_id")
|
336
|
+
|
337
|
+
get verify_otp_url({:resource => "users",:user => {:additional_login_param => @last_user_created.additional_login_param, :otp => $otp_session_id},:api_key => @ap_key, :current_app_id => "test_app_id"}),nil,@headers
|
338
|
+
user_json_hash = JSON.parse(response.body)
|
339
|
+
|
340
|
+
expect(user_json_hash.keys).to match_array(["nothing"])
|
341
|
+
end
|
342
|
+
|
343
|
+
it " -- short polls for verification status, returns auth_token, es" do
|
344
|
+
@last_user_created = User.order_by(:confirmation_sent_at => 'desc').first
|
345
|
+
|
346
|
+
|
347
|
+
get otp_verification_result_url({:resource => "users",:user => {:additional_login_param => @last_user_created.additional_login_param, :otp => $otp_session_id},:api_key => @ap_key, :current_app_id => "test_app_id"}),nil,@headers
|
348
|
+
user_json_hash = JSON.parse(response.body)
|
349
|
+
|
350
|
+
expect(user_json_hash["verified"]).to eq(true)
|
351
|
+
expect(user_json_hash["resource"]).not_to include("authentication_token","es")
|
352
|
+
end
|
353
|
+
|
354
|
+
it " -- has errors if we try to update the mobile now -- " do
|
355
|
+
|
356
|
+
@last_user_created = User.order_by(:confirmation_sent_at => 'desc').first
|
357
|
+
|
358
|
+
|
359
|
+
a = {:id => @last_user_created.id, :user => {:additional_login_param => "9561137096", :current_password => 'password'}, api_key: @ap_key, :current_app_id => "test_app_id"}
|
360
|
+
|
361
|
+
put user_registration_path, a.to_json,@headers.merge({"X-User-Token" => @last_user_created.authentication_token, "X-User-Es" => @last_user_created.client_authentication["test_app_id"], "X-User-Aid" => "test_app_id"})
|
362
|
+
@user_updated = assigns(:user)
|
363
|
+
expect(@user_updated.errors).to be_empty
|
364
|
+
|
365
|
+
end
|
366
|
+
|
367
|
+
|
368
|
+
end
|
369
|
+
|
370
|
+
|
371
|
+
context " --- create and confirm an account with a mobile number,add an unconfirmed email,try to change the mobile -> should fail ---" do
|
372
|
+
|
373
|
+
before(:all) do
|
374
|
+
ActionController::Base.allow_forgery_protection = true
|
375
|
+
User.delete_all
|
376
|
+
Auth::Client.delete_all
|
377
|
+
@u = User.new(attributes_for(:user_confirmed))
|
378
|
+
@u.save
|
379
|
+
@c = Auth::Client.new(:resource_id => @u.id, :api_key => "test", :app_ids => ["test_app_id"])
|
380
|
+
@c.redirect_urls = ["http://www.google.com"]
|
381
|
+
@c.versioned_create
|
382
|
+
@u.client_authentication["test_app_id"] = "test_es_token"
|
383
|
+
@u.save
|
384
|
+
@ap_key = @c.api_key
|
385
|
+
@headers = { "CONTENT_TYPE" => "application/json" , "ACCEPT" => "application/json"}
|
386
|
+
@otp = 1234
|
387
|
+
Auth.configuration.stub_otp_api_calls = true
|
388
|
+
end
|
389
|
+
|
390
|
+
|
391
|
+
before(:all) do
|
392
|
+
$otp_session_id = nil
|
393
|
+
end
|
394
|
+
|
395
|
+
after(:all) do
|
396
|
+
$otp_session_id = nil
|
397
|
+
end
|
398
|
+
|
399
|
+
it " -- on creating unconfirmed user with a mobile number, it sends otp -- " do
|
400
|
+
|
401
|
+
post user_registration_path, {user: attributes_for(:user_mobile),:api_key => @ap_key, :current_app_id => "test_app_id"}.to_json, @headers
|
402
|
+
@user_created = assigns(:user)
|
403
|
+
@cl = assigns(:client)
|
404
|
+
user_json_hash = JSON.parse(response.body)
|
405
|
+
expect(user_json_hash.keys).to match_array(["nothing"])
|
406
|
+
|
407
|
+
end
|
408
|
+
|
409
|
+
it " -- accepts otp at the verify otp endpoint -- " do
|
410
|
+
|
411
|
+
@last_user_created = User.order_by(:confirmation_sent_at => 'desc').first
|
412
|
+
$otp_session_id = $redis.hget(@last_user_created.id.to_s + "_two_factor_sms_otp","otp_session_id")
|
413
|
+
|
414
|
+
get verify_otp_url({:resource => "users",:user => {:additional_login_param => @last_user_created.additional_login_param, :otp => $otp_session_id},:api_key => @ap_key, :current_app_id => "test_app_id"}),nil,@headers
|
415
|
+
user_json_hash = JSON.parse(response.body)
|
416
|
+
|
417
|
+
expect(user_json_hash.keys).to match_array(["nothing"])
|
418
|
+
end
|
419
|
+
|
420
|
+
it " -- short polls for verification status, returns auth_token, es" do
|
421
|
+
@last_user_created = User.order_by(:confirmation_sent_at => 'desc').first
|
422
|
+
|
423
|
+
|
424
|
+
get otp_verification_result_url({:resource => "users",:user => {:additional_login_param => @last_user_created.additional_login_param, :otp => $otp_session_id},:api_key => @ap_key, :current_app_id => "test_app_id"}),nil,@headers
|
425
|
+
user_json_hash = JSON.parse(response.body)
|
426
|
+
|
427
|
+
expect(user_json_hash["verified"]).to eq(true)
|
428
|
+
expect(user_json_hash["resource"]).not_to include("authentication_token","es")
|
429
|
+
end
|
430
|
+
|
431
|
+
|
432
|
+
it "-- update with a valid email. -- " do
|
433
|
+
@last_user_created = User.order_by(:confirmation_sent_at => 'desc').first
|
434
|
+
|
435
|
+
a = {:id => @last_user_created.id.to_s, :user => {:email => "rihanna@gmail.com", :current_password => 'password'}, api_key: @ap_key, :current_app_id => "test_app_id"}
|
436
|
+
|
437
|
+
put user_registration_path, a.to_json,@headers.merge({"X-User-Token" => @last_user_created.authentication_token, "X-User-Es" => @last_user_created.client_authentication["test_app_id"], "X-User-Aid" => "test_app_id"})
|
438
|
+
@user_updated = assigns(:user)
|
439
|
+
expect(@user_updated.unconfirmed_email).to eq("rihanna@gmail.com")
|
440
|
+
expect(@user_updated.errors).to be_empty
|
441
|
+
expect(response.code).to eq("200")
|
442
|
+
|
443
|
+
|
444
|
+
end
|
445
|
+
|
446
|
+
it " -- has errors if we try to update the mobile now -- " do
|
447
|
+
|
448
|
+
@last_user_created = User.order_by(:confirmation_sent_at => 'desc').first
|
449
|
+
|
450
|
+
|
451
|
+
a = {:id => @last_user_created.id, :user => {:additional_login_param => "9822028511", :current_password => 'password'}, api_key: @ap_key, :current_app_id => "test_app_id"}
|
452
|
+
|
453
|
+
put user_registration_path, a.to_json,@headers.merge({"X-User-Token" => @last_user_created.authentication_token, "X-User-Es" => @last_user_created.client_authentication["test_app_id"], "X-User-Aid" => "test_app_id"})
|
454
|
+
@user_updated = assigns(:user)
|
455
|
+
expect(@user_updated.errors).not_to be_empty
|
456
|
+
|
457
|
+
end
|
458
|
+
end
|
459
|
+
|
460
|
+
|
461
|
+
|
462
|
+
##create an confirm an account with an email address
|
463
|
+
##add an unconfirmed mobile.
|
464
|
+
##try to change the email -> should fail
|
465
|
+
##try to change the mobile -> should fail.
|
466
|
+
context " -- create a confirmed email, then change the email , it should pass -- " do
|
467
|
+
|
468
|
+
|
469
|
+
before(:all) do
|
470
|
+
ActionController::Base.allow_forgery_protection = true
|
471
|
+
User.delete_all
|
472
|
+
Auth::Client.delete_all
|
473
|
+
@u = User.new(attributes_for(:user_confirmed))
|
474
|
+
@u.save
|
475
|
+
@c = Auth::Client.new(:resource_id => @u.id, :api_key => "test", :app_ids => ["test_app_id"])
|
476
|
+
@c.redirect_urls = ["http://www.google.com"]
|
477
|
+
@c.versioned_create
|
478
|
+
@u.client_authentication["test_app_id"] = "test_es_token"
|
479
|
+
@u.save
|
480
|
+
@ap_key = @c.api_key
|
481
|
+
@headers = { "CONTENT_TYPE" => "application/json" , "ACCEPT" => "application/json"}
|
482
|
+
@otp = 1234
|
483
|
+
Auth.configuration.stub_otp_api_calls = true
|
484
|
+
end
|
485
|
+
|
486
|
+
|
487
|
+
it "-- creates confirmed email account " do
|
488
|
+
|
489
|
+
post user_registration_path, {user: attributes_for(:user_confirmed),:api_key => @ap_key, :current_app_id => "test_app_id"}.to_json, @headers
|
490
|
+
@user_created = assigns(:user)
|
491
|
+
@cl = assigns(:client)
|
492
|
+
user_json_hash = JSON.parse(response.body)
|
493
|
+
|
494
|
+
|
495
|
+
expect(user_json_hash.keys).to match_array(["authentication_token","es"])
|
496
|
+
|
497
|
+
end
|
498
|
+
|
499
|
+
it "-- updates with a new email id -- " do
|
500
|
+
|
501
|
+
@last_user_created = User.order_by(:confirmation_sent_at => 'desc').first
|
502
|
+
auth_token = @last_user_created.authentication_token
|
503
|
+
es = @last_user_created.client_authentication["test_app_id"]
|
504
|
+
|
505
|
+
a = {:id => @last_user_created.id.to_s, :user => {:email => "jeronimo1122334@gmail.com", :current_password => 'password'}, api_key: @ap_key, :current_app_id => "test_app_id"}
|
506
|
+
|
507
|
+
put user_registration_path, a.to_json,@headers.merge({"X-User-Token" => @last_user_created.authentication_token, "X-User-Es" => @last_user_created.client_authentication["test_app_id"], "X-User-Aid" => "test_app_id"})
|
508
|
+
|
509
|
+
@user_updated = assigns(:user)
|
510
|
+
user_json_hash = JSON.parse(response.body)
|
511
|
+
puts user_json_hash.to_s
|
512
|
+
expect(user_json_hash.keys).to match_array(["nothing"])
|
513
|
+
expect(response.code.to_s).to eq("200")
|
514
|
+
expect(@user_updated.errors).to be_empty
|
515
|
+
end
|
516
|
+
|
517
|
+
end
|
518
|
+
|
519
|
+
##create an account with email
|
520
|
+
##then confirm
|
521
|
+
##should return auth_token and es
|
522
|
+
##now add mobile unconfirmed
|
523
|
+
##should return auth_token and es -> but auth_token should be different from earlier one.
|
524
|
+
context " -- regeneration and return of auth_token and es even when unconfirmed additional_login_param added ", :problem => true do
|
525
|
+
|
526
|
+
|
527
|
+
before(:all) do
|
528
|
+
|
529
|
+
ActionController::Base.allow_forgery_protection = true
|
530
|
+
User.delete_all
|
531
|
+
Auth::Client.delete_all
|
532
|
+
@u = User.new(attributes_for(:user_confirmed))
|
533
|
+
@u.save
|
534
|
+
@c = Auth::Client.new(:resource_id => @u.id, :api_key => "test", :app_ids => ["test_app_id"])
|
535
|
+
@c.redirect_urls = ["http://www.google.com"]
|
536
|
+
@c.versioned_create
|
537
|
+
@u.client_authentication["test_app_id"] = "test_es_token"
|
538
|
+
@u.save
|
539
|
+
@ap_key = @c.api_key
|
540
|
+
@headers = { "CONTENT_TYPE" => "application/json" , "ACCEPT" => "application/json"}
|
541
|
+
@otp = 1234
|
542
|
+
|
543
|
+
end
|
544
|
+
|
545
|
+
it "-- creates confirmed email account " do
|
546
|
+
|
547
|
+
post user_registration_path, {user: attributes_for(:user_confirmed),:api_key => @ap_key, :current_app_id => "test_app_id"}.to_json, @headers
|
548
|
+
@user_created = assigns(:user)
|
549
|
+
@cl = assigns(:client)
|
550
|
+
user_json_hash = JSON.parse(response.body)
|
551
|
+
|
552
|
+
|
553
|
+
expect(user_json_hash.keys).to match_array(["authentication_token","es"])
|
554
|
+
|
555
|
+
end
|
556
|
+
|
557
|
+
it " -- updates with a mobile number " do
|
558
|
+
@last_user_created = User.order_by(:confirmation_sent_at => 'desc').first
|
559
|
+
auth_token = @last_user_created.authentication_token
|
560
|
+
es = @last_user_created.client_authentication["test_app_id"]
|
561
|
+
|
562
|
+
a = {:id => @last_user_created.id.to_s, :user => {:additional_login_param => "9822028511", :current_password => 'password'}, api_key: @ap_key, :current_app_id => "test_app_id"}
|
563
|
+
|
564
|
+
put user_registration_path, a.to_json,@headers.merge({"X-User-Token" => @last_user_created.authentication_token, "X-User-Es" => @last_user_created.client_authentication["test_app_id"], "X-User-Aid" => "test_app_id"})
|
565
|
+
@user_updated = assigns(:user)
|
566
|
+
expect(response.code.to_s).to eq("200")
|
567
|
+
user_json_hash = JSON.parse(response.body)
|
568
|
+
expect(user_json_hash.keys).to match_array(["authentication_token","es"])
|
569
|
+
expect(@user_updated.authentication_token).not_to eq(auth_token)
|
570
|
+
expect(@user_updated.client_authentication["test_app_id"]).to eq(es)
|
571
|
+
end
|
572
|
+
|
573
|
+
end
|
574
|
+
|
575
|
+
context " -- regeneration and return of auth_token and es even when unconfirmed email is added " do
|
576
|
+
|
577
|
+
before(:all) do
|
578
|
+
|
579
|
+
ActionController::Base.allow_forgery_protection = true
|
580
|
+
User.delete_all
|
581
|
+
Auth::Client.delete_all
|
582
|
+
@u = User.new(attributes_for(:user_confirmed))
|
583
|
+
@u.save
|
584
|
+
@c = Auth::Client.new(:resource_id => @u.id, :api_key => "test", :app_ids => ["test_app_id"])
|
585
|
+
@c.redirect_urls = ["http://www.google.com"]
|
586
|
+
@c.versioned_create
|
587
|
+
@u.client_authentication["test_app_id"] = "test_es_token"
|
588
|
+
@u.save
|
589
|
+
@ap_key = @c.api_key
|
590
|
+
@headers = { "CONTENT_TYPE" => "application/json" , "ACCEPT" => "application/json"}
|
591
|
+
@otp = 1234
|
592
|
+
|
593
|
+
end
|
594
|
+
|
595
|
+
it " -- on creating unconfirmed user with a mobile number, it sends otp -- " do
|
596
|
+
|
597
|
+
post user_registration_path, {user: attributes_for(:user_mobile),:api_key => @ap_key, :current_app_id => "test_app_id"}.to_json, @headers
|
598
|
+
@user_created = assigns(:user)
|
599
|
+
@cl = assigns(:client)
|
600
|
+
user_json_hash = JSON.parse(response.body)
|
601
|
+
expect(user_json_hash.keys).to match_array(["nothing"])
|
602
|
+
|
603
|
+
end
|
604
|
+
|
605
|
+
it " -- accepts otp at the verify otp endpoint -- " do
|
606
|
+
|
607
|
+
@last_user_created = User.order_by(:confirmation_sent_at => 'desc').first
|
608
|
+
$otp_session_id = $redis.hget(@last_user_created.id.to_s + "_two_factor_sms_otp","otp_session_id")
|
609
|
+
|
610
|
+
get verify_otp_url({:resource => "users",:user => {:additional_login_param => @last_user_created.additional_login_param, :otp => $otp_session_id},:api_key => @ap_key, :current_app_id => "test_app_id"}),nil,@headers
|
611
|
+
user_json_hash = JSON.parse(response.body)
|
612
|
+
|
613
|
+
expect(user_json_hash.keys).to match_array(["nothing"])
|
614
|
+
end
|
615
|
+
|
616
|
+
it " -- short polls for verification status, returns auth_token, es" do
|
617
|
+
@last_user_created = User.order_by(:confirmation_sent_at => 'desc').first
|
618
|
+
|
619
|
+
|
620
|
+
get otp_verification_result_url({:resource => "users",:user => {:additional_login_param => @last_user_created.additional_login_param, :otp => $otp_session_id},:api_key => @ap_key, :current_app_id => "test_app_id"}),nil,@headers
|
621
|
+
user_json_hash = JSON.parse(response.body)
|
622
|
+
|
623
|
+
expect(user_json_hash["verified"]).to eq(true)
|
624
|
+
expect(user_json_hash["resource"]).not_to include("authentication_token","es")
|
625
|
+
end
|
626
|
+
|
627
|
+
|
628
|
+
it " -- does not return auth_token or es in case of any validation errors " do
|
629
|
+
|
630
|
+
@last_user_created = User.order_by(:confirmation_sent_at => 'desc').first
|
631
|
+
auth_token = @last_user_created.authentication_token
|
632
|
+
|
633
|
+
es = @last_user_created.client_authentication["test_app_id"]
|
634
|
+
##here the current password is intentionally not sent to simulate a situation where there will be some validation errors.
|
635
|
+
a = {:id => @last_user_created.id.to_s, :user => {:email => "doggon@gmail.com"}, api_key: @ap_key, :current_app_id => "test_app_id"}
|
636
|
+
|
637
|
+
put user_registration_path, a.to_json,@headers.merge({"X-User-Token" => @last_user_created.authentication_token, "X-User-Es" => @last_user_created.client_authentication["test_app_id"], "X-User-Aid" => "test_app_id"})
|
638
|
+
@user_updated = assigns(:user)
|
639
|
+
expect(response.code.to_s).to eq("200")
|
640
|
+
user_json_hash = JSON.parse(response.body)
|
641
|
+
expect(user_json_hash).not_to include("authentication_token","es")
|
642
|
+
end
|
643
|
+
|
644
|
+
it " -- returns auth token and es, after adding an email account, and even before confirmation " do
|
645
|
+
|
646
|
+
@last_user_created = User.order_by(:confirmation_sent_at => 'desc').first
|
647
|
+
auth_token = @last_user_created.authentication_token
|
648
|
+
|
649
|
+
es = @last_user_created.client_authentication["test_app_id"]
|
650
|
+
|
651
|
+
a = {:id => @last_user_created.id.to_s, :user => {:email => "doggon@gmail.com", :current_password => "password"}, api_key: @ap_key, :current_app_id => "test_app_id"}
|
652
|
+
|
653
|
+
put user_registration_path, a.to_json,@headers.merge({"X-User-Token" => @last_user_created.authentication_token, "X-User-Es" => @last_user_created.client_authentication["test_app_id"], "X-User-Aid" => "test_app_id"})
|
654
|
+
@user_updated = assigns(:user)
|
655
|
+
expect(response.code.to_s).to eq("200")
|
656
|
+
user_json_hash = JSON.parse(response.body)
|
657
|
+
|
658
|
+
expect(user_json_hash.keys).to match_array(["authentication_token","es"])
|
659
|
+
expect(@user_updated.authentication_token).not_to eq(auth_token)
|
660
|
+
expect(@user_updated.client_authentication["test_app_id"]).to eq(es)
|
661
|
+
|
662
|
+
end
|
663
|
+
|
664
|
+
end
|
665
|
+
|
666
|
+
end
|
667
|
+
|
668
|
+
end
|
669
|
+
|
670
|
+
end
|
671
|
+
|
672
|
+
|
673
|
+
end
|