diff options
Diffstat (limited to 'spec/requests/api/users_spec.rb')
-rw-r--r-- | spec/requests/api/users_spec.rb | 228 |
1 files changed, 124 insertions, 104 deletions
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index bb913ae0e79..f3431e0be3d 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -43,7 +43,7 @@ describe API::Users do end it "returns the user when a valid `username` parameter is passed" do - get api("/users"), username: user.username + get api("/users"), params: { username: user.username } expect(response).to match_response_schema('public_api/v4/user/basics') expect(json_response.size).to eq(1) @@ -52,7 +52,7 @@ describe API::Users do end it "returns the user when a valid `username` parameter is passed (case insensitive)" do - get api("/users"), username: user.username.upcase + get api("/users"), params: { username: user.username.upcase } expect(response).to match_response_schema('public_api/v4/user/basics') expect(json_response.size).to eq(1) @@ -61,7 +61,7 @@ describe API::Users do end it "returns an empty response when an invalid `username` parameter is passed" do - get api("/users"), username: 'invalid' + get api("/users"), params: { username: 'invalid' } expect(response).to have_gitlab_http_status(200) expect(json_response).to be_an Array @@ -74,7 +74,7 @@ describe API::Users do end it "returns authorization error when the `username` parameter refers to an inaccessible user" do - get api("/users"), username: user.username + get api("/users"), params: { username: user.username } expect(response).to have_gitlab_http_status(403) end @@ -243,7 +243,7 @@ describe API::Users do admin user - get api('/users', admin), { order_by: 'id', sort: 'asc' } + get api('/users', admin), params: { order_by: 'id', sort: 'asc' } expect(response).to match_response_schema('public_api/v4/user/admins') expect(json_response.size).to eq(2) @@ -256,7 +256,7 @@ describe API::Users do user user_with_2fa = create(:user, :two_factor_via_otp) - get api('/users', admin), { two_factor: 'enabled' } + get api('/users', admin), params: { two_factor: 'enabled' } expect(response).to match_response_schema('public_api/v4/user/admins') expect(json_response.size).to eq(1) @@ -264,7 +264,7 @@ describe API::Users do end it 'returns 400 when provided incorrect sort params' do - get api('/users', admin), { order_by: 'magic', sort: 'asc' } + get api('/users', admin), params: { order_by: 'magic', sort: 'asc' } expect(response).to have_gitlab_http_status(400) end @@ -375,12 +375,12 @@ describe API::Users do it "creates user" do expect do - post api("/users", admin), attributes_for(:user, projects_limit: 3) + post api("/users", admin), params: attributes_for(:user, projects_limit: 3) end.to change { User.count }.by(1) end it "creates user with correct attributes" do - post api('/users', admin), attributes_for(:user, admin: true, can_create_group: true) + post api('/users', admin), params: attributes_for(:user, admin: true, can_create_group: true) expect(response).to have_gitlab_http_status(201) user_id = json_response['id'] new_user = User.find(user_id) @@ -393,13 +393,13 @@ describe API::Users do optional_attributes = { confirm: true } attributes = attributes_for(:user).merge(optional_attributes) - post api('/users', admin), attributes + post api('/users', admin), params: attributes expect(response).to have_gitlab_http_status(201) end it "creates non-admin user" do - post api('/users', admin), attributes_for(:user, admin: false, can_create_group: false) + post api('/users', admin), params: attributes_for(:user, admin: false, can_create_group: false) expect(response).to have_gitlab_http_status(201) user_id = json_response['id'] new_user = User.find(user_id) @@ -409,7 +409,7 @@ describe API::Users do end it "creates non-admin users by default" do - post api('/users', admin), attributes_for(:user) + post api('/users', admin), params: attributes_for(:user) expect(response).to have_gitlab_http_status(201) user_id = json_response['id'] new_user = User.find(user_id) @@ -418,12 +418,12 @@ describe API::Users do end it "returns 201 Created on success" do - post api("/users", admin), attributes_for(:user, projects_limit: 3) + post api("/users", admin), params: attributes_for(:user, projects_limit: 3) expect(response).to have_gitlab_http_status(201) end it 'creates non-external users by default' do - post api("/users", admin), attributes_for(:user) + post api("/users", admin), params: attributes_for(:user) expect(response).to have_gitlab_http_status(201) user_id = json_response['id'] @@ -433,7 +433,7 @@ describe API::Users do end it 'allows an external user to be created' do - post api("/users", admin), attributes_for(:user, external: true) + post api("/users", admin), params: attributes_for(:user, external: true) expect(response).to have_gitlab_http_status(201) user_id = json_response['id'] @@ -443,7 +443,7 @@ describe API::Users do end it "creates user with reset password" do - post api('/users', admin), attributes_for(:user, reset_password: true).except(:password) + post api('/users', admin), params: attributes_for(:user, reset_password: true).except(:password) expect(response).to have_gitlab_http_status(201) @@ -455,7 +455,7 @@ describe API::Users do end it "creates user with private profile" do - post api('/users', admin), attributes_for(:user, private_profile: true) + post api('/users', admin), params: attributes_for(:user, private_profile: true) expect(response).to have_gitlab_http_status(201) @@ -468,40 +468,44 @@ describe API::Users do it "does not create user with invalid email" do post api('/users', admin), - email: 'invalid email', - password: 'password', - name: 'test' + params: { + email: 'invalid email', + password: 'password', + name: 'test' + } expect(response).to have_gitlab_http_status(400) end it 'returns 400 error if name not given' do - post api('/users', admin), attributes_for(:user).except(:name) + post api('/users', admin), params: attributes_for(:user).except(:name) expect(response).to have_gitlab_http_status(400) end it 'returns 400 error if password not given' do - post api('/users', admin), attributes_for(:user).except(:password) + post api('/users', admin), params: attributes_for(:user).except(:password) expect(response).to have_gitlab_http_status(400) end it 'returns 400 error if email not given' do - post api('/users', admin), attributes_for(:user).except(:email) + post api('/users', admin), params: attributes_for(:user).except(:email) expect(response).to have_gitlab_http_status(400) end it 'returns 400 error if username not given' do - post api('/users', admin), attributes_for(:user).except(:username) + post api('/users', admin), params: attributes_for(:user).except(:username) expect(response).to have_gitlab_http_status(400) end it 'returns 400 error if user does not validate' do post api('/users', admin), - password: 'pass', - email: 'test@example.com', - username: 'test!', - name: 'test', - bio: 'g' * 256, - projects_limit: -1 + params: { + password: 'pass', + email: 'test@example.com', + username: 'test!', + name: 'test', + bio: 'g' * 256, + projects_limit: -1 + } expect(response).to have_gitlab_http_status(400) expect(json_response['message']['password']) .to eq(['is too short (minimum is 8 characters)']) @@ -514,26 +518,30 @@ describe API::Users do end it "is not available for non admin users" do - post api("/users", user), attributes_for(:user) + post api("/users", user), params: attributes_for(:user) expect(response).to have_gitlab_http_status(403) end context 'with existing user' do before do post api('/users', admin), - email: 'test@example.com', - password: 'password', - username: 'test', - name: 'foo' + params: { + email: 'test@example.com', + password: 'password', + username: 'test', + name: 'foo' + } end it 'returns 409 conflict error if user with same email exists' do expect do post api('/users', admin), - name: 'foo', - email: 'test@example.com', - password: 'password', - username: 'foo' + params: { + name: 'foo', + email: 'test@example.com', + password: 'password', + username: 'foo' + } end.to change { User.count }.by(0) expect(response).to have_gitlab_http_status(409) expect(json_response['message']).to eq('Email has already been taken') @@ -542,10 +550,12 @@ describe API::Users do it 'returns 409 conflict error if same username exists' do expect do post api('/users', admin), - name: 'foo', - email: 'foo@example.com', - password: 'password', - username: 'test' + params: { + name: 'foo', + email: 'foo@example.com', + password: 'password', + username: 'test' + } end.to change { User.count }.by(0) expect(response).to have_gitlab_http_status(409) expect(json_response['message']).to eq('Username has already been taken') @@ -554,17 +564,19 @@ describe API::Users do it 'returns 409 conflict error if same username exists (case insensitive)' do expect do post api('/users', admin), - name: 'foo', - email: 'foo@example.com', - password: 'password', - username: 'TEST' + params: { + name: 'foo', + email: 'foo@example.com', + password: 'password', + username: 'TEST' + } end.to change { User.count }.by(0) expect(response).to have_gitlab_http_status(409) expect(json_response['message']).to eq('Username has already been taken') end it 'creates user with new identity' do - post api("/users", admin), attributes_for(:user, provider: 'github', extern_uid: '67890') + post api("/users", admin), params: attributes_for(:user, provider: 'github', extern_uid: '67890') expect(response).to have_gitlab_http_status(201) expect(json_response['identities'].first['extern_uid']).to eq('67890') @@ -593,7 +605,7 @@ describe API::Users do let!(:admin_user) { create(:admin) } it "updates user with new bio" do - put api("/users/#{user.id}", admin), { bio: 'new test bio' } + put api("/users/#{user.id}", admin), params: { bio: 'new test bio' } expect(response).to have_gitlab_http_status(200) expect(json_response['bio']).to eq('new test bio') @@ -601,14 +613,14 @@ describe API::Users do end it "updates user with new password and forces reset on next login" do - put api("/users/#{user.id}", admin), password: '12345678' + put api("/users/#{user.id}", admin), params: { password: '12345678' } expect(response).to have_gitlab_http_status(200) expect(user.reload.password_expires_at).to be <= Time.now end it "updates user with organization" do - put api("/users/#{user.id}", admin), { organization: 'GitLab' } + put api("/users/#{user.id}", admin), params: { organization: 'GitLab' } expect(response).to have_gitlab_http_status(200) expect(json_response['organization']).to eq('GitLab') @@ -616,7 +628,7 @@ describe API::Users do end it 'updates user with avatar' do - put api("/users/#{user.id}", admin), { avatar: fixture_file_upload('spec/fixtures/banana_sample.gif', 'image/gif') } + put api("/users/#{user.id}", admin), params: { avatar: fixture_file_upload('spec/fixtures/banana_sample.gif', 'image/gif') } user.reload @@ -628,7 +640,7 @@ describe API::Users do it 'updates user with a new email' do old_email = user.email old_notification_email = user.notification_email - put api("/users/#{user.id}", admin), email: 'new@email.com' + put api("/users/#{user.id}", admin), params: { email: 'new@email.com' } user.reload @@ -640,7 +652,7 @@ describe API::Users do end it 'skips reconfirmation when requested' do - put api("/users/#{user.id}", admin), email: 'new@email.com', skip_reconfirmation: true + put api("/users/#{user.id}", admin), params: { email: 'new@email.com', skip_reconfirmation: true } user.reload @@ -650,7 +662,7 @@ describe API::Users do end it 'updates user with his own username' do - put api("/users/#{user.id}", admin), username: user.username + put api("/users/#{user.id}", admin), params: { username: user.username } expect(response).to have_gitlab_http_status(200) expect(json_response['username']).to eq(user.username) @@ -658,14 +670,14 @@ describe API::Users do end it "updates user's existing identity" do - put api("/users/#{omniauth_user.id}", admin), provider: 'ldapmain', extern_uid: '654321' + put api("/users/#{omniauth_user.id}", admin), params: { provider: 'ldapmain', extern_uid: '654321' } expect(response).to have_gitlab_http_status(200) expect(omniauth_user.reload.identities.first.extern_uid).to eq('654321') end it 'updates user with new identity' do - put api("/users/#{user.id}", admin), provider: 'github', extern_uid: 'john' + put api("/users/#{user.id}", admin), params: { provider: 'github', extern_uid: 'john' } expect(response).to have_gitlab_http_status(200) expect(user.reload.identities.first.extern_uid).to eq('john') @@ -673,14 +685,14 @@ describe API::Users do end it "updates admin status" do - put api("/users/#{user.id}", admin), { admin: true } + put api("/users/#{user.id}", admin), params: { admin: true } expect(response).to have_gitlab_http_status(200) expect(user.reload.admin).to eq(true) end it "updates external status" do - put api("/users/#{user.id}", admin), { external: true } + put api("/users/#{user.id}", admin), params: { external: true } expect(response.status).to eq 200 expect(json_response['external']).to eq(true) @@ -688,14 +700,14 @@ describe API::Users do end it "updates private profile" do - put api("/users/#{user.id}", admin), { private_profile: true } + put api("/users/#{user.id}", admin), params: { private_profile: true } expect(response).to have_gitlab_http_status(200) expect(user.reload.private_profile).to eq(true) end it "does not update admin status" do - put api("/users/#{admin_user.id}", admin), { can_create_group: false } + put api("/users/#{admin_user.id}", admin), params: { can_create_group: false } expect(response).to have_gitlab_http_status(200) expect(admin_user.reload.admin).to eq(true) @@ -703,7 +715,7 @@ describe API::Users do end it "does not allow invalid update" do - put api("/users/#{user.id}", admin), { email: 'invalid email' } + put api("/users/#{user.id}", admin), params: { email: 'invalid email' } expect(response).to have_gitlab_http_status(400) expect(user.reload.email).not_to eq('invalid email') @@ -712,7 +724,7 @@ describe API::Users do context 'when the current user is not an admin' do it "is not available" do expect do - put api("/users/#{user.id}", user), attributes_for(:user) + put api("/users/#{user.id}", user), params: attributes_for(:user) end.not_to change { user.reload.attributes } expect(response).to have_gitlab_http_status(403) @@ -720,7 +732,7 @@ describe API::Users do end it "returns 404 for non-existing user" do - put api("/users/999999", admin), { bio: 'update should fail' } + put api("/users/999999", admin), params: { bio: 'update should fail' } expect(response).to have_gitlab_http_status(404) expect(json_response['message']).to eq('404 User Not Found') @@ -734,12 +746,14 @@ describe API::Users do it 'returns 400 error if user does not validate' do put api("/users/#{user.id}", admin), - password: 'pass', - email: 'test@example.com', - username: 'test!', - name: 'test', - bio: 'g' * 256, - projects_limit: -1 + params: { + password: 'pass', + email: 'test@example.com', + username: 'test!', + name: 'test', + bio: 'g' * 256, + projects_limit: -1 + } expect(response).to have_gitlab_http_status(400) expect(json_response['message']['password']) .to eq(['is too short (minimum is 8 characters)']) @@ -752,26 +766,26 @@ describe API::Users do end it 'returns 400 if provider is missing for identity update' do - put api("/users/#{omniauth_user.id}", admin), extern_uid: '654321' + put api("/users/#{omniauth_user.id}", admin), params: { extern_uid: '654321' } expect(response).to have_gitlab_http_status(400) end it 'returns 400 if external UID is missing for identity update' do - put api("/users/#{omniauth_user.id}", admin), provider: 'ldap' + put api("/users/#{omniauth_user.id}", admin), params: { provider: 'ldap' } expect(response).to have_gitlab_http_status(400) end context "with existing user" do before do - post api("/users", admin), { email: 'test@example.com', password: 'password', username: 'test', name: 'test' } - post api("/users", admin), { email: 'foo@bar.com', password: 'password', username: 'john', name: 'john' } + post api("/users", admin), params: { email: 'test@example.com', password: 'password', username: 'test', name: 'test' } + post api("/users", admin), params: { email: 'foo@bar.com', password: 'password', username: 'john', name: 'john' } @user = User.all.last end it 'returns 409 conflict error if email address exists' do - put api("/users/#{@user.id}", admin), email: 'test@example.com' + put api("/users/#{@user.id}", admin), params: { email: 'test@example.com' } expect(response).to have_gitlab_http_status(409) expect(@user.reload.email).to eq(@user.email) @@ -779,7 +793,7 @@ describe API::Users do it 'returns 409 conflict error if username taken' do @user_id = User.all.last.id - put api("/users/#{@user.id}", admin), username: 'test' + put api("/users/#{@user.id}", admin), params: { username: 'test' } expect(response).to have_gitlab_http_status(409) expect(@user.reload.username).to eq(@user.username) @@ -787,7 +801,7 @@ describe API::Users do it 'returns 409 conflict error if username taken (case insensitive)' do @user_id = User.all.last.id - put api("/users/#{@user.id}", admin), username: 'TEST' + put api("/users/#{@user.id}", admin), params: { username: 'TEST' } expect(response).to have_gitlab_http_status(409) expect(@user.reload.username).to eq(@user.username) @@ -801,14 +815,14 @@ describe API::Users do end it "does not create invalid ssh key" do - post api("/users/#{user.id}/keys", admin), { title: "invalid key" } + post api("/users/#{user.id}/keys", admin), params: { title: "invalid key" } expect(response).to have_gitlab_http_status(400) expect(json_response['error']).to eq('key is missing') end it 'does not create key without title' do - post api("/users/#{user.id}/keys", admin), key: 'some key' + post api("/users/#{user.id}/keys", admin), params: { key: 'some key' } expect(response).to have_gitlab_http_status(400) expect(json_response['error']).to eq('title is missing') @@ -817,7 +831,7 @@ describe API::Users do it "creates ssh key" do key_attrs = attributes_for :key expect do - post api("/users/#{user.id}/keys", admin), key_attrs + post api("/users/#{user.id}/keys", admin), params: key_attrs end.to change { user.keys.count }.by(1) end @@ -909,7 +923,7 @@ describe API::Users do it 'creates GPG key' do key_attrs = attributes_for :gpg_key expect do - post api("/users/#{user.id}/gpg_keys", admin), key_attrs + post api("/users/#{user.id}/gpg_keys", admin), params: key_attrs expect(response).to have_gitlab_http_status(201) end.to change { user.gpg_keys.count }.by(1) @@ -1058,7 +1072,7 @@ describe API::Users do end it "does not create invalid email" do - post api("/users/#{user.id}/emails", admin), {} + post api("/users/#{user.id}/emails", admin), params: {} expect(response).to have_gitlab_http_status(400) expect(json_response['error']).to eq('email is missing') @@ -1067,7 +1081,7 @@ describe API::Users do it "creates unverified email" do email_attrs = attributes_for :email expect do - post api("/users/#{user.id}/emails", admin), email_attrs + post api("/users/#{user.id}/emails", admin), params: email_attrs end.to change { user.emails.count }.by(1) email = Email.find_by(user_id: user.id, email: email_attrs[:email]) @@ -1084,7 +1098,7 @@ describe API::Users do email_attrs = attributes_for :email email_attrs[:skip_confirmation] = true - post api("/users/#{user.id}/emails", admin), email_attrs + post api("/users/#{user.id}/emails", admin), params: email_attrs expect(response).to have_gitlab_http_status(201) @@ -1379,32 +1393,32 @@ describe API::Users do it "creates ssh key" do key_attrs = attributes_for :key expect do - post api("/user/keys", user), key_attrs + post api("/user/keys", user), params: key_attrs end.to change { user.keys.count }.by(1) expect(response).to have_gitlab_http_status(201) end it "returns a 401 error if unauthorized" do - post api("/user/keys"), title: 'some title', key: 'some key' + post api("/user/keys"), params: { title: 'some title', key: 'some key' } expect(response).to have_gitlab_http_status(401) end it "does not create ssh key without key" do - post api("/user/keys", user), title: 'title' + post api("/user/keys", user), params: { title: 'title' } expect(response).to have_gitlab_http_status(400) expect(json_response['error']).to eq('key is missing') end it 'does not create ssh key without title' do - post api('/user/keys', user), key: 'some key' + post api('/user/keys', user), params: { key: 'some key' } expect(response).to have_gitlab_http_status(400) expect(json_response['error']).to eq('title is missing') end it "does not create ssh key without title" do - post api("/user/keys", user), key: "somekey" + post api("/user/keys", user), params: { key: "somekey" } expect(response).to have_gitlab_http_status(400) end end @@ -1523,14 +1537,14 @@ describe API::Users do it 'creates a GPG key' do key_attrs = attributes_for :gpg_key expect do - post api('/user/gpg_keys', user), key_attrs + post api('/user/gpg_keys', user), params: key_attrs expect(response).to have_gitlab_http_status(201) end.to change { user.gpg_keys.count }.by(1) end it 'returns a 401 error if unauthorized' do - post api('/user/gpg_keys'), key: 'some key' + post api('/user/gpg_keys'), params: { key: 'some key' } expect(response).to have_gitlab_http_status(401) end @@ -1685,18 +1699,18 @@ describe API::Users do it "creates email" do email_attrs = attributes_for :email expect do - post api("/user/emails", user), email_attrs + post api("/user/emails", user), params: email_attrs end.to change { user.emails.count }.by(1) expect(response).to have_gitlab_http_status(201) end it "returns a 401 error if unauthorized" do - post api("/user/emails"), email: 'some email' + post api("/user/emails"), params: { email: 'some email' } expect(response).to have_gitlab_http_status(401) end it "does not create email with invalid email" do - post api("/user/emails", user), {} + post api("/user/emails", user), params: {} expect(response).to have_gitlab_http_status(400) expect(json_response['error']).to eq('email is missing') @@ -1864,14 +1878,14 @@ describe API::Users do describe 'PUT /user/status' do it 'saves the status' do - put api('/user/status', user), { emoji: 'smirk', message: 'hello world' } + put api('/user/status', user), params: { emoji: 'smirk', message: 'hello world' } expect(response).to have_gitlab_http_status(:success) expect(json_response['emoji']).to eq('smirk') end it 'renders errors when the status was invalid' do - put api('/user/status', user), { emoji: 'does not exist', message: 'hello world' } + put api('/user/status', user), params: { emoji: 'does not exist', message: 'hello world' } expect(response).to have_gitlab_http_status(400) expect(json_response['message']['emoji']).to be_present @@ -1950,8 +1964,10 @@ describe API::Users do it 'returns a 404 error if user not found' do post api("/users/#{not_existing_user_id}/impersonation_tokens", admin), - name: name, - expires_at: expires_at + params: { + name: name, + expires_at: expires_at + } expect(response).to have_gitlab_http_status(404) expect(json_response['message']).to eq('404 User Not Found') @@ -1959,8 +1975,10 @@ describe API::Users do it 'returns a 403 error when authenticated as normal user' do post api("/users/#{user.id}/impersonation_tokens", user), - name: name, - expires_at: expires_at + params: { + name: name, + expires_at: expires_at + } expect(response).to have_gitlab_http_status(403) expect(json_response['message']).to eq('403 Forbidden') @@ -1968,10 +1986,12 @@ describe API::Users do it 'creates a impersonation token' do post api("/users/#{user.id}/impersonation_tokens", admin), - name: name, - expires_at: expires_at, - scopes: scopes, - impersonation: impersonation + params: { + name: name, + expires_at: expires_at, + scopes: scopes, + impersonation: impersonation + } expect(response).to have_gitlab_http_status(201) expect(json_response['name']).to eq(name) |