debian-mirror-gitlab/spec/requests/api/session_spec.rb

108 lines
3.5 KiB
Ruby
Raw Normal View History

2014-09-02 18:07:02 +05:30
require 'spec_helper'
2017-08-17 22:00:37 +05:30
describe API::Session do
2014-09-02 18:07:02 +05:30
let(:user) { create(:user) }
describe "POST /session" do
context "when valid password" do
2016-09-13 17:45:13 +05:30
it "returns private token" do
2014-09-02 18:07:02 +05:30
post api("/session"), email: user.email, password: '12345678'
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(201)
2014-09-02 18:07:02 +05:30
2015-04-26 12:48:37 +05:30
expect(json_response['email']).to eq(user.email)
expect(json_response['private_token']).to eq(user.private_token)
2017-08-17 22:00:37 +05:30
expect(json_response['is_admin']).to eq(user.admin?)
2015-04-26 12:48:37 +05:30
expect(json_response['can_create_project']).to eq(user.can_create_project?)
expect(json_response['can_create_group']).to eq(user.can_create_group?)
end
2016-09-13 17:45:13 +05:30
context 'with 2FA enabled' do
it 'rejects sign in attempts' do
user = create(:user, :two_factor)
post api('/session'), email: user.email, password: user.password
expect(response).to have_http_status(401)
expect(response.body).to include('You have 2FA enabled.')
end
end
2015-04-26 12:48:37 +05:30
end
context 'when email has case-typo and password is valid' do
2016-09-13 17:45:13 +05:30
it 'returns private token' do
2015-04-26 12:48:37 +05:30
post api('/session'), email: user.email.upcase, password: '12345678'
expect(response.status).to eq 201
expect(json_response['email']).to eq user.email
expect(json_response['private_token']).to eq user.private_token
2017-08-17 22:00:37 +05:30
expect(json_response['is_admin']).to eq user.admin?
2015-04-26 12:48:37 +05:30
expect(json_response['can_create_project']).to eq user.can_create_project?
expect(json_response['can_create_group']).to eq user.can_create_group?
end
end
context 'when login has case-typo and password is valid' do
2016-09-13 17:45:13 +05:30
it 'returns private token' do
2015-04-26 12:48:37 +05:30
post api('/session'), login: user.username.upcase, password: '12345678'
expect(response.status).to eq 201
expect(json_response['email']).to eq user.email
expect(json_response['private_token']).to eq user.private_token
2017-08-17 22:00:37 +05:30
expect(json_response['is_admin']).to eq user.admin?
2015-04-26 12:48:37 +05:30
expect(json_response['can_create_project']).to eq user.can_create_project?
expect(json_response['can_create_group']).to eq user.can_create_group?
2014-09-02 18:07:02 +05:30
end
end
context "when invalid password" do
2016-09-13 17:45:13 +05:30
it "returns authentication error" do
2014-09-02 18:07:02 +05:30
post api("/session"), email: user.email, password: '123'
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(401)
2014-09-02 18:07:02 +05:30
2015-04-26 12:48:37 +05:30
expect(json_response['email']).to be_nil
expect(json_response['private_token']).to be_nil
2014-09-02 18:07:02 +05:30
end
end
context "when empty password" do
2017-08-17 22:00:37 +05:30
it "returns authentication error with email" do
2014-09-02 18:07:02 +05:30
post api("/session"), email: user.email
2017-08-17 22:00:37 +05:30
expect(response).to have_http_status(400)
end
it "returns authentication error with username" do
post api("/session"), email: user.username
expect(response).to have_http_status(400)
2014-09-02 18:07:02 +05:30
end
end
context "when empty name" do
2016-09-13 17:45:13 +05:30
it "returns authentication error" do
2014-09-02 18:07:02 +05:30
post api("/session"), password: user.password
2017-08-17 22:00:37 +05:30
expect(response).to have_http_status(400)
end
end
context "when user is blocked" do
it "returns authentication error" do
user.block
post api("/session"), email: user.username, password: user.password
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(401)
2017-08-17 22:00:37 +05:30
end
end
2014-09-02 18:07:02 +05:30
2017-08-17 22:00:37 +05:30
context "when user is ldap_blocked" do
it "returns authentication error" do
user.ldap_block
post api("/session"), email: user.username, password: user.password
expect(response).to have_http_status(401)
2014-09-02 18:07:02 +05:30
end
end
end
end