1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
|
require 'spec_helper'
describe Gitlab::API do
include ApiHelpers
let(:user) { create(:user) }
let(:admin) { create(:admin) }
let(:key) { create(:key, user: user) }
describe "GET /users" do
context "when unauthenticated" do
it "should return authentication error" do
get api("/users")
response.status.should == 401
end
end
context "when authenticated" do
it "should return an array of users" do
get api("/users", user)
response.status.should == 200
json_response.should be_an Array
json_response.first['email'].should == user.email
end
end
end
describe "GET /users/:id" do
it "should return a user by id" do
get api("/users/#{user.id}", user)
response.status.should == 200
json_response['email'].should == user.email
end
end
describe "POST /users" do
before{ admin }
it "should not create invalid user" do
post api("/users", admin), { email: "invalid email" }
response.status.should == 404
end
it "should create user" do
expect {
post api("/users", admin), attributes_for(:user, projects_limit: 3)
}.to change { User.count }.by(1)
end
it "shouldn't available for non admin users" do
post api("/users", user), attributes_for(:user)
response.status.should == 403
end
end
describe "GET /users/sign_up" do
context 'enabled' do
before do
Gitlab.config.gitlab.stub(:signup_enabled).and_return(true)
end
it "should return sign up page if signup is enabled" do
get "/users/sign_up"
response.status.should == 200
end
end
context 'disabled' do
before do
Gitlab.config.gitlab.stub(:signup_enabled).and_return(false)
end
it "should redirect to sign in page if signup is disabled" do
get "/users/sign_up"
response.status.should == 302
response.should redirect_to(new_user_session_path)
end
end
end
describe "PUT /users/:id" do
before { admin }
it "should update user" do
put api("/users/#{user.id}", admin), {bio: 'new test bio'}
response.status.should == 200
json_response['bio'].should == 'new test bio'
user.reload.bio.should == 'new test bio'
end
it "should not allow invalid update" do
put api("/users/#{user.id}", admin), {email: 'invalid email'}
response.status.should == 404
user.reload.email.should_not == 'invalid email'
end
it "shouldn't available for non admin users" do
put api("/users/#{user.id}", user), attributes_for(:user)
response.status.should == 403
end
it "should return 404 for non-existing user" do
put api("/users/999999", admin), {bio: 'update should fail'}
response.status.should == 404
end
end
describe "POST /users/:id/keys" do
before { admin }
it "should not create invalid ssh key" do
post api("/users/#{user.id}/keys", admin), { title: "invalid key" }
response.status.should == 404
end
it "should create ssh key" do
key_attrs = attributes_for :key
expect {
post api("/users/#{user.id}/keys", admin), key_attrs
}.to change{ user.keys.count }.by(1)
end
end
describe "DELETE /users/:id" do
before { admin }
it "should delete user" do
delete api("/users/#{user.id}", admin)
response.status.should == 200
expect { User.find(user.id) }.to raise_error ActiveRecord::RecordNotFound
json_response['email'].should == user.email
end
it "shouldn't available for non admin users" do
delete api("/users/#{user.id}", user)
response.status.should == 403
end
it "should return 404 for non-existing user" do
delete api("/users/999999", admin)
response.status.should == 404
end
end
describe "GET /user" do
it "should return current user" do
get api("/user", user)
response.status.should == 200
json_response['email'].should == user.email
end
end
describe "GET /user/keys" do
context "when unauthenticated" do
it "should return authentication error" do
get api("/user/keys")
response.status.should == 401
end
end
context "when authenticated" do
it "should return array of ssh keys" do
user.keys << key
user.save
get api("/user/keys", user)
response.status.should == 200
json_response.should be_an Array
json_response.first["title"].should == key.title
end
end
end
describe "GET /user/keys/:id" do
it "should returm single key" do
user.keys << key
user.save
get api("/user/keys/#{key.id}", user)
response.status.should == 200
json_response["title"].should == key.title
end
it "should return 404 Not Found within invalid ID" do
get api("/user/keys/42", user)
response.status.should == 404
end
end
describe "POST /user/keys" do
it "should not create invalid ssh key" do
post api("/user/keys", user), { title: "invalid key" }
response.status.should == 404
end
it "should create ssh key" do
key_attrs = attributes_for :key
expect {
post api("/user/keys", user), key_attrs
}.to change{ user.keys.count }.by(1)
end
end
describe "DELETE /user/keys/:id" do
it "should delete existed key" do
user.keys << key
user.save
expect {
delete api("/user/keys/#{key.id}", user)
}.to change{user.keys.count}.by(-1)
end
it "should return 404 Not Found within invalid ID" do
delete api("/user/keys/42", user)
response.status.should == 404
end
end
end
|
