[DEV-160] Add user permission into logout path (#1073)

* fix apidoc

* add user verification into logout.php and update ruby tests
This commit is contained in:
Guillermo Giuliana 2021-11-05 17:06:08 -03:00 committed by GitHub
parent 018863ab3e
commit 9ed4caf202
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
70 changed files with 206 additions and 184 deletions

View File

@ -5,7 +5,7 @@ DataValidator::with('CustomValidations', true);
/**
* @api {post} /ticket/search-authors search authors of tickets
* @apiVersion 4.7
* @apiVersion 4.10.0
*
* @apiName Search authors
*

View File

@ -11,6 +11,8 @@
*
* @apiPermission any
*
* @apiUse NO_PERMISSION
*
* @apiSuccess {Object} data Empty object
*
*/
@ -20,7 +22,7 @@ class LogoutController extends Controller {
public function validations() {
return [
'permission' => 'any',
'permission' => 'user',
'requestData' => []
];
}

View File

@ -18,8 +18,6 @@ DataValidator::with('CustomValidations', true);
* @apiParam {Boolean} staff Indicates if the user is a staff member.
*
* @apiUse INVALID_EMAIL
* @apiUse USER_SYSTEM_DISABLED
* @apiUse INVALID_EMAIL
*
* @apiSuccess {Object} data Empty object.
*

View File

@ -1,5 +1,5 @@
describe 'Article path' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
topic = request('/article/add-topic', {
name: 'Server management',
@ -140,7 +140,7 @@ describe 'Article path' do
end
it 'should retrieve public departments' do
request('/user/logout')
Scripts.logout()
Scripts.login('tyrion@opensupports.com', 'tyrionl')
result = request('/article/get-all', {

View File

@ -1,5 +1,5 @@
describe 'Topic paths' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
it 'should add topic correctly' do
@ -60,7 +60,7 @@ describe 'Topic paths' do
end
it 'should deny permission if it is not logged as staff' do
request('/user/logout')
Scripts.logout()
Scripts.login('tyrion@opensupports.com', 'tyrionl')
result = request('/article/add-topic', {

View File

@ -72,7 +72,6 @@ class Scripts
end
def self.login(email = 'steve@jobs.com', password = 'custompassword', staff = false)
request('/user/logout')
response = request('/user/login', {
:email => email,
:password => password,
@ -88,7 +87,10 @@ class Scripts
end
def self.logout()
request('/user/logout')
request('/user/logout', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
end
def self.createTicket(title = 'Winter is coming',content = 'The north remembers', department = 1)

View File

@ -1,5 +1,5 @@
describe '/staff/assign-ticket' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
Scripts.createTicket('ticket_to_assing_1')

View File

@ -1,5 +1,5 @@
describe'/staff/delete' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
@staffId = $database.getRow('staff','littlelannister@opensupports.com','email')['id']

View File

@ -1,5 +1,5 @@
describe'/staff/edit' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
it 'should edit another staff member' do
@ -93,7 +93,7 @@ describe'/staff/edit' do
it 'should fail if is not staff logged' do
request('/user/logout')
Scripts.logout()
result = request('/staff/edit', {
csrf_userid: $csrf_userid,

View File

@ -37,7 +37,7 @@ describe 'Retrieve all tickets' do
createTicket('placerat id velit')
createTicket('Quisque egestas ipsum')
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
response = request('/staff/get-all-tickets', {
page: 1,

View File

@ -1,5 +1,5 @@
describe'/staff/get-all' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
it 'should get all staff member' do

View File

@ -1,5 +1,5 @@
describe '/staff/get-new-tickets' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
it 'should get new tickets' do

View File

@ -1,5 +1,5 @@
describe '/staff/get-tickets' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
it 'should get ticket list' do

View File

@ -1,5 +1,5 @@
describe '/staff/get/' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
it 'should return staff member data' do

View File

@ -1,5 +1,5 @@
describe'/staff/invite' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
it 'should if data is wrong' do

View File

@ -1,5 +1,5 @@
describe '/staff/last-events' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
it 'should get last events' do

View File

@ -1,5 +1,5 @@
describe'/staff/resend-invite-staff' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
it 'should if data is wrong' do

View File

@ -1,5 +1,5 @@
describe'system/add-api-key' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
it 'should add API key' do

View File

@ -1,5 +1,5 @@
describe'system/add-department' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
it 'should add department with alphanumeric characters' do

View File

@ -1,5 +1,5 @@
describe '/system/apikey-permissions' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
@ -18,7 +18,7 @@ describe '/system/apikey-permissions' do
"csrf_token" => $csrf_token,
"recaptcha-private" => "THISISVALID"
})
request('/user/logout')
Scripts.logout()
it 'should fail ticket create if the apikey does not have create ticket permission' do
result = request('/ticket/create', {
@ -148,7 +148,7 @@ describe '/system/apikey-permissions' do
it 'should fail signing up user if the apikey permission is wrong' do
request('/user/logout')
Scripts.logout()
result = request('/user/signup', {
name: 'Petyr Baelish',
email: 'littlefinger@got.com',
@ -200,6 +200,6 @@ describe '/system/apikey-permissions' do
"csrf_token" => $csrf_token,
"recaptcha-private" => ""
})
request('/user/logout')
Scripts.logout()
end
end

View File

@ -1,5 +1,5 @@
describe'system/csv-import' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
it 'should create user with csv-import' do

View File

@ -1,5 +1,5 @@
describe 'CustomField' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
describe '/system/add-custom field' do

View File

@ -1,5 +1,5 @@
describe 'Custom fields' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
describe '/system/add-custom-field' do

View File

@ -1,9 +1,9 @@
describe '/system/default-department' do
request('/user/logout')
Scripts.logout()
Scripts.login('staff@opensupports.com', 'staff', true)
it 'should fail if try to turn a private department default' do
request('/user/logout')
Scripts.logout()
Scripts.login('staff@opensupports.com', 'staff', true)
privatedepartment = $database.getRow('department', 1, 'private')
@ -32,7 +32,7 @@ describe '/system/default-department' do
end
it 'should fail if default-department-id does not exist' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
result= request('/system/edit-settings', {
@ -46,7 +46,7 @@ describe '/system/default-department' do
end
it 'should set a new default deparment' do
request('/user/logout')
Scripts.logout()
Scripts.login('staff@opensupports.com', 'staff', true)
publicdepartment = $database.getRow('department', 'Suggestions', 'name')
@ -61,7 +61,7 @@ describe '/system/default-department' do
end
it 'should fail if try to delete the default department' do
request('/user/logout')
Scripts.logout()
Scripts.login('staff@opensupports.com', 'staff', true)
defaultDepartment = $database.getRow('setting', 'default-department-id', 'name')
@ -79,7 +79,7 @@ describe '/system/default-department' do
end
it 'should fail if try to edit default department into private' do
request('/user/logout')
Scripts.logout()
Scripts.login('staff@opensupports.com', 'staff', true)
defaultDepartmentId = $database.getRow('setting', 'default-department-id', 'name')
department = $database.getRow('department',defaultDepartmentId['value'],'id')
@ -97,7 +97,7 @@ describe '/system/default-department' do
end
it 'should create ticket in default department if Staff does not give department with locked on' do
request('/user/logout')
Scripts.logout()
Scripts.login('staff@opensupports.com', 'staff', true)
Scripts.updateLockedDepartmentSetting(1)
@ -116,7 +116,7 @@ describe '/system/default-department' do
end
it 'should create ticket in default department if staff does not give department with locked off'do
request('/user/logout')
Scripts.logout()
Scripts.login('staff@opensupports.com', 'staff', true)
Scripts.updateLockedDepartmentSetting(0)
@ -135,7 +135,7 @@ describe '/system/default-department' do
end
it 'should create ticket in selected department if staff give department and lockd is off'do
request('/user/logout')
Scripts.logout()
Scripts.login('staff@opensupports.com', 'staff', true)
Scripts.updateLockedDepartmentSetting(0)
@ -154,7 +154,7 @@ describe '/system/default-department' do
end
it 'should create ticket in selected department if staff give department and locked is on' do
request('/user/logout')
Scripts.logout()
Scripts.login('staff@opensupports.com', 'staff', true)
Scripts.updateLockedDepartmentSetting(1)
@ -174,11 +174,11 @@ describe '/system/default-department' do
it 'should create ticket on default department if user does not give department and locked is on' do
request('/user/logout')
Scripts.logout()
Scripts.login('staff@opensupports.com', 'staff', true)
Scripts.updateLockedDepartmentSetting(1)
request('/user/logout')
Scripts.logout()
Scripts.login('user@os4.com', 'loginpass')
result = request('/ticket/create', {
@ -199,11 +199,11 @@ describe '/system/default-department' do
it 'should create ticket on default department if user does not give department and locked is off'do
request('/user/logout')
Scripts.logout()
Scripts.login('staff@opensupports.com', 'staff', true)
Scripts.updateLockedDepartmentSetting(0)
request('/user/logout')
Scripts.logout()
Scripts.login('user@os4.com', 'loginpass')
result = request('/ticket/create', {
@ -222,11 +222,11 @@ describe '/system/default-department' do
it 'should create ticket on selected department if user give department and locked is off'do
request('/user/logout')
Scripts.logout()
Scripts.login('staff@opensupports.com', 'staff', true)
Scripts.updateLockedDepartmentSetting(0)
request('/user/logout')
Scripts.logout()
Scripts.login('user@os4.com', 'loginpass')
result = request('/ticket/create', {
@ -246,7 +246,7 @@ describe '/system/default-department' do
it 'should create ticket on default language if user does not pass language'do
$database.query('update setting set value="ru" where name="language";')
request('/user/logout')
Scripts.logout()
Scripts.login('user@os4.com', 'loginpass')
result = request('/ticket/create', {

View File

@ -1,5 +1,5 @@
describe'system/delete-api-key' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
it 'should not delete API key' do

View File

@ -1,5 +1,5 @@
describe 'system/delete-department' do
request('/user/logout')
Scripts.logout()
Scripts.createUser('tranferguy@opensupports.com', 'transfer', 'Transfer Guy')
Scripts.login('tranferguy@opensupports.com', 'transfer')
$apikey = $database.getRow('apikey',1,'id')
@ -35,7 +35,7 @@ describe 'system/delete-department' do
ticket2 = ticket2['data']['ticketNumber']
ticket3 = ticket3['data']['ticketNumber']
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
request('/staff/edit', {
csrf_userid: $csrf_userid,

View File

@ -1,5 +1,5 @@
describe'/system/disable-registration' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
api_key = Scripts.createAPIKey('registrationKey', canCreateUsers = 1)['data']

View File

@ -1,5 +1,5 @@
describe'system/edit-department' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
it 'should edit department' do

View File

@ -1,5 +1,5 @@
describe'system/edit-settings' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
it 'should edit settings' do
@ -33,10 +33,10 @@ describe'system/edit-settings' do
(row['value']).should.equal('testemail@hotmail.com')
row = $database.getRow('setting', 'default-is-locked', 'name')
(row['value']).should.equal('1')
request('/user/logout')
Scripts.logout()
end
it 'should fail if supported languages are invalid' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
result= request('/system/edit-settings', {
@ -50,7 +50,7 @@ describe'system/edit-settings' do
(result['message']).should.equal('INVALID_SUPPORTED_LANGUAGES')
end
it 'should change allowed and supported languages' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
result= request('/system/edit-settings', {
@ -94,11 +94,11 @@ describe'system/edit-settings' do
Scripts.updateLockedDepartmentSetting(0);
request('/user/logout')
Scripts.logout()
end
it 'should delete ticket when user table is not created' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
Scripts.createTicket('TicketToDeleteWithoutUsersCreated')

View File

@ -1,5 +1,5 @@
describe'/system/enable-registration' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
it 'should not enable registration if password is not correct' do

View File

@ -1,5 +1,5 @@
describe 'File Upload and Download' do
request('/user/logout')
Scripts.logout()
Scripts.login('creator@os4.com', 'creator')
it 'should upload file when creating ticket' do
@ -39,7 +39,7 @@ describe 'File Upload and Download' do
end
it 'should download if department owner is logged' do
request('/user/logout')
Scripts.logout()
Scripts.login('staff@opensupports.com', 'staff', true)
ticket = $database.getLastRow('ticket')
@ -79,7 +79,7 @@ describe 'File Upload and Download' do
end
it 'should add images to ticket content when creating a new ticket' do
request('/user/logout')
Scripts.logout()
Scripts.login('creator@os4.com', 'creator')
file = File.open( "../server/files/profile.jpg")

View File

@ -1,5 +1,5 @@
describe'system/get-api-keys' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
it 'should get all API keys' do

View File

@ -2,12 +2,12 @@ describe '/system/get-stats/' do
Scripts.createUser('statsuser@os4.com', 'StatsUser', 'StatsUser')
def asUser()
request('/user/logout')
Scripts.logout()
Scripts.login('statsuser@os4.com', 'StatsUser')
end
def asStaff()
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
end

View File

@ -1,5 +1,5 @@
describe 'Mail templates' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
describe 'system/get-mail-template' do

View File

@ -14,7 +14,7 @@ describe'system/mandatory-login' do
(result['message']).should.equal('NO_PERMISSION')
end
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
it 'should fail trying to disable mandatory login when registration is off' do
@ -98,7 +98,7 @@ describe'system/mandatory-login' do
end
it 'should allow a creator creates a ticket and create him a user' do
request('/user/logout')
Scripts.logout()
result = request('/ticket/create', {
email: 'nonuser@os4.com',
language: 'en',
@ -283,7 +283,7 @@ describe'system/mandatory-login' do
(result['status']).should.equal('fail')
(result['message']).should.equal('INVALID_CREDENTIALS')
request('/user/logout')
Scripts.logout()
result = request('/user/login', {
email: 'nonuser@os4.com'
@ -294,7 +294,7 @@ describe'system/mandatory-login' do
end
it 'should allow the creator sign up' do
request('/user/logout')
Scripts.logout()
Scripts.createUser('nonuser@os4.com', 'customPassword', 'nonuser')
$userRow = $database.getRow('user','nonuser@os4.com','email')
($userRow['never_logged']).should.equal(nil)
@ -302,7 +302,7 @@ describe'system/mandatory-login' do
end
it 'should allow the creator login and get more than 1 own ticket' do
request('/user/logout')
Scripts.logout()
result = request('/user/login', {
email: 'nonuser@os4.com',
password: 'customPassword'
@ -338,7 +338,7 @@ describe'system/mandatory-login' do
(result['status']).should.equal('success')
end
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
it 'should allow staff enable the mandatory login' do

View File

@ -1,5 +1,5 @@
describe '/ticket/add-tag' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
Scripts.createTag('test tag', 'orange')
@ -72,12 +72,12 @@ describe '/ticket/add-tag' do
end
it 'should fail if staff member does not serve to the department of the ticket and he is not the author' do
request('/user/logout')
Scripts.logout()
Scripts.createUser('pepito@pepito.com', 'pepito12345','pepito')
Scripts.login('pepito@pepito.com', 'pepito12345')
Scripts.createTicket('title70','contentoftheticket70',3)
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
ticket = $database.getRow('ticket','title70', 'title')

View File

@ -1,11 +1,11 @@
describe '/ticket/change-department' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
Scripts.createTicket('Stafftitle','This ticket was made by an staff',1)
request('/user/logout')
Scripts.logout()
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
request('/system/add-department', {
@ -32,7 +32,7 @@ describe '/ticket/change-department' do
it 'should change department if staff has same department as ticket' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
ticket = $database.getRow('ticket', 'Should we pay?', 'title')
@ -104,7 +104,7 @@ describe '/ticket/change-department' do
})
end
it 'should not unassing ticket if owner has the new ticket department and staff does not have it' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
result = request('/staff/edit', {
@ -184,7 +184,7 @@ describe '/ticket/change-department' do
Scripts.deleteStaff(staff['id'])
end
it 'should unassing ticket if owner has not the new ticket department' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
result = request('/staff/edit', {

View File

@ -1,14 +1,14 @@
describe '/ticket/close' do
it 'should close ticket if staff member has the same department as ticket' do
request('/user/logout')
Scripts.logout()
Scripts.createUser('closer@os4.com','closer','Closer')
Scripts.login('closer@os4.com','closer')
Scripts.createTicket('tickettoclose','thecontentoftickettoclose',1)
Scripts.createTicket('tickettoclose2','thecontentoftickettoclose2',3)
Scripts.createTicket('tickettoclose3','thecontentoftickettoclose3',3)
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
ticket = $database.getRow('ticket', 'tickettoclose', 'title')
@ -81,7 +81,7 @@ describe '/ticket/close' do
})
end
it 'should close ticket if User is the author' do
request('/user/logout')
Scripts.logout()
Scripts.login('closer@os4.com','closer')
ticket = $database.getRow('ticket', 'tickettoclose3', 'title')
@ -100,6 +100,6 @@ describe '/ticket/close' do
lastLog = $database.getLastRow('log')
(lastLog['type']).should.equal('CLOSE')
request('/user/logout')
Scripts.logout()
end
end

View File

@ -52,7 +52,7 @@ describe '/ticket/comment/' do
end
it 'should add comment if staff member serves to the same department as the ticket' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
result = request('/ticket/comment', {
content: 'some comment content',
@ -73,10 +73,10 @@ describe '/ticket/comment/' do
lastLog = $database.getLastRow('log')
(lastLog['type']).should.equal('COMMENT')
request('/user/logout')
Scripts.logout()
end
it 'should comment the ticket if staff member does not serve the deparment of the ticket and he is author' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
Scripts.createTicket('ticketttobecommented', 'tickettobecommentedbytheauthor', 2)
request('/staff/edit', {
@ -114,10 +114,10 @@ describe '/ticket/comment/' do
staffId: 1
})
request('/user/logout')
Scripts.logout()
Scripts.login('commenter@os4.com', 'commenter')
Scripts.createTicket('title138','commentofthetitkect138', 1)
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
ticket = $database.getRow('ticket', 'title138' , 'title')
@ -153,7 +153,7 @@ describe '/ticket/comment/' do
(result['status']).should.equal('fail')
(result['message']).should.equal('NO_PERMISSION')
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
result = request('/staff/invite', {
@ -168,7 +168,7 @@ describe '/ticket/comment/' do
(result['status'].should.equal('success'))
request('/user/logout')
Scripts.logout()
recoverpassword = $database.getRow('recoverpassword', 'jorah@opensupports.com', 'email')
request('/user/recover-password', {
@ -202,12 +202,12 @@ describe '/ticket/comment/' do
(result['status']).should.equal('success')
comment = $database.getRow('ticketevent', 'this is not a private comment', 'content')
(comment['private']).should.equal(0)
request('/user/logout')
Scripts.logout()
end
it 'should change private to 1 if a staff creates a private comment' do
request('/user/logout')
Scripts.logout()
Scripts.login('jorah@opensupports.com', 'testpassword', true)

View File

@ -1,5 +1,5 @@
describe '/ticket/create-tag' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
it 'should add a tag' do

View File

@ -1,5 +1,5 @@
describe '/ticket/create' do
request('/user/logout')
Scripts.logout()
Scripts.createUser('creator@os4.com','creator','Creator')
Scripts.login('creator@os4.com','creator')
@ -78,7 +78,7 @@ describe '/ticket/create' do
end
it 'should fail if an user tries to create a ticket with a private department' do
request('/user/logout')
Scripts.logout()
Scripts.login('staff@opensupports.com', 'staff', true)
result = request('/system/add-department', {
@ -90,7 +90,7 @@ describe '/ticket/create' do
row = $database.getRow('department', 'useless private deapartment', 'name')
request('/user/logout')
Scripts.logout()
Scripts.createUser('user@os4.com', 'loginpass')
Scripts.login('user@os4.com', 'loginpass')
@ -106,7 +106,7 @@ describe '/ticket/create' do
(result['status']).should.equal('fail')
(result['message']).should.equal('INVALID_DEPARTMENT')
request('/user/logout')
Scripts.logout()
end
it 'should create ticket if pass data is valid' do
@ -177,7 +177,7 @@ describe '/ticket/create' do
end
it 'should be able to create a ticket while being staff' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
result = request('/ticket/create', {
title: 'created by staff',
@ -194,6 +194,6 @@ describe '/ticket/create' do
(ticket['author_staff_id']).should.equal(1)
$ticketNumberByStaff = ticket['ticket_number']
request('/user/logout')
Scripts.logout()
end
end

View File

@ -1,7 +1,7 @@
describe '/ticket/delete' do
it 'should delete ticket if it is not assigned and is logged a staff lvl 3 ' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
Scripts.createTicket('ticket_to_delete')
ticket = $database.getRow('ticket', 'ticket_to_delete', 'title')
@ -24,7 +24,7 @@ describe '/ticket/delete' do
token: recoverpassword['token']
})
request('/user/logout')
Scripts.logout()
Scripts.login('ned@opensupports.com', 'headless', true)
result = request('/ticket/delete', {
@ -37,7 +37,7 @@ describe '/ticket/delete' do
end
it 'should delete ticket if it is yours and it is not assigned' do
request('/user/logout')
Scripts.logout()
Scripts.createUser('deleter@opensupports.com', 'deleterpassword', 'Delter')
Scripts.login('deleter@opensupports.com', 'deleterpassword')
@ -52,13 +52,13 @@ describe '/ticket/delete' do
end
it 'should not delete ticket if it is assigned' do
request('/user/logout')
Scripts.logout()
Scripts.login('deleter@opensupports.com', 'deleterpassword')
Scripts.createTicket('ticket_to_delete_3')
ticket = $database.getRow('ticket', 'ticket_to_delete_3', 'title');
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
result = request('/staff/assign-ticket', {
@ -67,7 +67,7 @@ describe '/ticket/delete' do
csrf_token: $csrf_token
})
request('/user/logout')
Scripts.logout()
Scripts.login('deleter@opensupports.com', 'deleterpassword')
result = request('/ticket/delete', {
@ -81,7 +81,7 @@ describe '/ticket/delete' do
end
it 'should not delete ticket if the staff logged is not lvl 3' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
Scripts.createTicket('ticket_to_delete_4')
@ -105,7 +105,7 @@ describe '/ticket/delete' do
token: recoverpassword['token']
})
request('/user/logout')
Scripts.logout()
Scripts.login('uselessstaff@opensupports.com', 'theyaregonnafireme',true)
@ -118,7 +118,7 @@ describe '/ticket/delete' do
(result['status']).should.equal('fail')
(result['message']).should.equal('NO_PERMISSION')
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
staff = $database.getRow('staff', 'ned@opensupports.com', 'email')
Scripts.deleteStaff(staff['id'])

View File

@ -1,6 +1,6 @@
describe '/ticket/edit-comment' do
request('/user/logout')
Scripts.logout()
Scripts.login();
Scripts.createTicket('ticket made by an user','content of the ticket made by an user')
ticket = $database.getRow('ticket', 'ticket made by an user', 'title')
@ -38,7 +38,7 @@ describe '/ticket/edit-comment' do
end
it 'should change the content of a comment and the content of the ticket if the admin is logged' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
ticketevent = $database.getRow('ticketevent', 'comment edited by the user', 'content')
@ -66,11 +66,11 @@ describe '/ticket/edit-comment' do
(result['status']).should.equal('success')
(ticket['content']).should.equal('content edited by a staff')
request('/user/logout')
Scripts.logout()
end
it 'should not change the content of a comment if the user is not the author' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
ticket = $database.getRow('ticket', 'ticket made by an user', 'title')
@ -80,7 +80,7 @@ describe '/ticket/edit-comment' do
ticketevent = $database.getRow('ticketevent', 'this is a new comment of a staff member', 'content')
request('/user/logout')
Scripts.logout()
Scripts.login();
result = request('/ticket/edit-comment', {

View File

@ -1,5 +1,5 @@
describe '/ticket/edit-tag' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
it 'should edit a tag' do

View File

@ -1,6 +1,6 @@
describe '/ticket/edit-title' do
request('/user/logout')
Scripts.logout()
Scripts.login();
Scripts.createTicket('Valar Morghulis','content of the ticket made by an user')
ticket = $database.getRow('ticket', 'Valar Morghulis', 'title')
@ -36,7 +36,7 @@ describe '/ticket/edit-title' do
end
it 'should change the title of the ticket if staff is logged' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
result = request('/ticket/edit-title', {
@ -54,12 +54,12 @@ describe '/ticket/edit-title' do
end
it 'should not change the title if the user is not the author' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
Scripts.createTicket('Winterfell')
ticket = $database.getRow('ticket', 'Winterfell', 'title')
request('/user/logout')
Scripts.logout()
Scripts.login()
result = request('/ticket/edit-title', {

View File

@ -1,5 +1,5 @@
describe 'Ticket Events' do
request('/user/logout')
Scripts.logout()
Scripts.createUser('tyrion@opensupports.com', 'tyrionl', 'Tyrion Lannister')
it 'should add events correctly' do
@ -16,7 +16,7 @@ describe 'Ticket Events' do
ticketNumber = ticket['ticket_number']
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
request('/staff/assign-ticket', {
ticketNumber: ticketNumber,
@ -51,7 +51,7 @@ describe 'Ticket Events' do
csrf_token: $csrf_token
})
request('/user/logout')
Scripts.logout()
Scripts.login('tyrion@opensupports.com', 'tyrionl')
request('/ticket/re-open', {
ticketNumber: ticketNumber,

View File

@ -1,5 +1,5 @@
describe '/ticket/get-authors/' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
Scripts.createUser('userauthor@os4.com', 'passwordofuserauthor', 'userauthorname')

View File

@ -1,5 +1,5 @@
describe '/ticket/get/' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
result= request('/system/add-api-key', {
@ -12,7 +12,7 @@ describe '/ticket/get/' do
(result['status']).should.equal('success')
$token = result['data'];
request('/user/logout')
Scripts.logout()
Scripts.createUser('cersei@os4.com', 'cersei','Cersei Lannister')
Scripts.createUser('not_ticket_getter@os4.com', 'not_ticket_getter','No Author')
@ -51,7 +51,7 @@ describe '/ticket/get/' do
end
it 'should fail if ticket does not belong to user' do
request('/user/logout')
Scripts.logout()
result = Scripts.login('not_ticket_getter@os4.com', 'not_ticket_getter')
$csrf_userid = result['userId']
@ -97,11 +97,11 @@ describe '/ticket/get/' do
(result['data']['events'][0]['content']).should.equal('some valid comment made')
end
it 'should successfully return the ticket information if staff member serves to the department of the ticket' do
request('/user/logout')
Scripts.logout()
Scripts.login('cersei@os4.com', 'cersei')
Scripts.createTicket('titleofticket87','contentoftheticket87',1)
Scripts.createTicket('2titleofticket87','2contentoftheticket87',1)
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
ticket = $database.getRow('ticket','titleofticket87', 'title')
@ -119,7 +119,7 @@ describe '/ticket/get/' do
end
it 'should successfully return the ticket information if staff member does not serve to the deparment of the ticket but is author' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
Scripts.createTicket('titleoftheticket107','contentoftheticket107',1)
@ -145,7 +145,7 @@ describe '/ticket/get/' do
it 'should fail if staff member does not serve to the department of the ticket and is not the author' do
ticket = $database.getRow('ticket','2titleofticket87', 'title')
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
result = request('/ticket/get', {

View File

@ -1,5 +1,5 @@
describe '/ticket/re-open' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
it 'should re open a ticket if staff member has the deparment of the ticket' do
@ -20,7 +20,7 @@ describe '/ticket/re-open' do
lastLog = $database.getLastRow('log')
(lastLog['type']).should.equal('RE_OPEN')
request('/user/logout')
Scripts.logout()
end
it 'Should re-open if staff member does not serve to the department of the ticket and its the author'do
Scripts.login($staff[:email], $staff[:password], true)
@ -81,7 +81,7 @@ describe '/ticket/re-open' do
lastLog = $database.getLastRow('log')
(lastLog['type']).should.equal('RE_OPEN')
request('/user/logout')
Scripts.logout()
end
it 'Should fail re-open the ticket if the staff does not serve to the department and he is not the author' do

View File

@ -1,5 +1,5 @@
describe '/ticket/remove-tag' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
result = $database.getRow('ticket', 'test ticket' , 'title')
@ -75,10 +75,10 @@ describe '/ticket/remove-tag' do
})
end
it 'should fail if staff does not serve to department of the ticket and is not the author' do
request('/user/logout')
Scripts.logout()
Scripts.login('pepito@pepito.com', 'pepito12345')
Scripts.createTicket('title73','contentoftheticket73',3)
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
ticket = $database.getRow('ticket','title73', 'title')

View File

@ -1,7 +1,7 @@
describe '/ticket/search-authors/' do
it 'should fail if a user is loged' do
request('/user/logout')
Scripts.logout()
Scripts.login('tyrion@opensupports.com', 'tyrionl')
result = request('/ticket/search-authors', {
@ -17,7 +17,7 @@ describe '/ticket/search-authors/' do
end
it 'should fail if blackList is invalid' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
Scripts.createUser(email = 'eemilia@jobs.com', password = 'custompassword', name = 'eemilia')

View File

@ -1,5 +1,5 @@
describe '/ticket/search' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
Scripts.createTicket('test ticket1')

View File

@ -1,7 +1,7 @@
describe '/ticket/seen' do
describe 'when a staff is logged' do
request('/user/logout')
Scripts.logout()
ticket = $database.getRow('ticket', 'Should we pay?', 'title')
Scripts.login($staff[:email], $staff[:password], true)
@ -22,7 +22,7 @@ describe '/ticket/seen' do
describe 'when an user is logged' do
request('/user/logout')
Scripts.logout()
Scripts.login()
it 'should fail if user is not author' do
ticket = $database.getRow('ticket', 'Should we pay?', 'title')
@ -36,7 +36,7 @@ describe '/ticket/seen' do
(result['message']).should.equal('NO_PERMISSION')
end
request('/user/logout')
Scripts.logout()
Scripts.login('user_get@os4.com', 'user_get')
it 'should change unread if everything is okey ' do
ticket = $database.getRow('ticket', 'Should we pay?', 'title')

View File

@ -1,6 +1,6 @@
describe '/user/ban' do
request('/user/logout')
Scripts.logout()
result = request('/user/login', {
email: 'staff@opensupports.com',
password: 'staff',

View File

@ -1,12 +1,12 @@
describe '/user/delete' do
request('/user/logout')
Scripts.logout()
it 'should delete user' do
Scripts.createUser('deletable@opensupports.com', 'deletable')
Scripts.login('deletable@opensupports.com', 'deletable')
Scripts.createTicket('Ticket that will be deleted')
request('/user/logout')
Scripts.logout()
Scripts.login('staff@opensupports.com', 'staff', true)
ticket = $database.getLastRow('ticket')
deletable_user = $database.getLastRow('user')

View File

@ -1,6 +1,6 @@
describe '/user/edit-email' do
request('/user/logout')
Scripts.logout()
result = request('/user/login', {
email: 'steve@jobs.com',
password: 'custompassword'

View File

@ -1,6 +1,6 @@
describe '/user/edit-password' do
request('/user/logout')
Scripts.logout()
result = request('/user/login', {
email: 'steve@jobs.com',
password: 'custompassword'
@ -53,7 +53,7 @@ describe '/user/edit-password' do
})
(result['status']).should.equal('success')
request('/user/logout')
Scripts.logout()
Scripts.login('steve@jobs.com','newpassword')

View File

@ -1,5 +1,5 @@
describe '/staff/supervisor-user-list' do
request('/user/logout')
Scripts.logout()
Scripts.createUser('supervisor@opensupports.com', 'passwordOfSupervisor', 'Supervisor Guy')
Scripts.createUser('usersupervised1@opensupports.com', 'usersupervised1', 'supervised Guy1')
@ -32,7 +32,7 @@ describe '/staff/supervisor-user-list' do
ticketuser2 = $database.getRow('ticket', 'titlecreateadbyusersupervised2', 'title')
ticketuser3 = $database.getRow('ticket', 'titlecreateadbyusersupervised3', 'title')
it'should fail if a no-staff tryes to make the request'do
request('/user/logout')
Scripts.logout()
Scripts.login('supervisor@opensupports.com', 'passwordOfSupervisor')
result = request('/user/edit-supervised-list', {
@ -48,7 +48,7 @@ describe '/staff/supervisor-user-list' do
end
it 'should fail if userIdList is wrong' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
result = request('/user/edit-supervised-list', {
@ -83,7 +83,7 @@ describe '/staff/supervisor-user-list' do
end
it'should fail if userId is wrong'do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
result = request('/user/edit-supervised-list', {
@ -98,7 +98,7 @@ describe '/staff/supervisor-user-list' do
end
it'should fail if supervisor is included in user-id-List'do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
result = request('/user/edit-supervised-list', {
@ -113,7 +113,7 @@ describe '/staff/supervisor-user-list' do
end
it'should create supervisor user'do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
result = request('/user/edit-supervised-list', {
@ -128,7 +128,7 @@ describe '/staff/supervisor-user-list' do
end
it 'should allow supervisor to access tickets from supervisated users' do
request('/user/logout')
Scripts.logout()
Scripts.login('supervisor@opensupports.com', 'passwordOfSupervisor')
result = request('/ticket/get', {
ticketNumber: ticketsupervisor['ticket_number'],
@ -160,7 +160,7 @@ describe '/staff/supervisor-user-list' do
end
it 'should allow supervisor see only the new user list' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
request('/user/edit-supervised-list', {
@ -171,7 +171,7 @@ describe '/staff/supervisor-user-list' do
})
request('/user/logout')
Scripts.logout()
Scripts.login('supervisor@opensupports.com', 'passwordOfSupervisor')
result = request('/ticket/get', {

View File

@ -2,7 +2,7 @@ describe 'Enable/disable user' do
user = $database.getRow('user', 'login@os4.com', 'email');
describe '/user/disable' do
request('/user/logout');
Scripts.logout();
Scripts.login('staff@opensupports.com', 'staff', true);
it 'should disable user' do
@ -27,7 +27,7 @@ describe 'Enable/disable user' do
end
it 'should reject login' do
request('/user/logout');
Scripts.logout();
result = request('/user/login', {
email: 'login@os4.com',
password: 'loginpass'
@ -39,7 +39,7 @@ describe 'Enable/disable user' do
end
describe '/user/enable' do
request('/user/logout');
Scripts.logout();
Scripts.login('staff@opensupports.com', 'staff', true);
it 'should enable user' do

View File

@ -1,5 +1,5 @@
describe '/user/get-supervised-tickets' do
request('/user/logout')
Scripts.logout()
supervisor = $database.getRow('user', 'supervisor@opensupports.com', 'email')
user1 = $database.getRow('user', 'usersupervised1@opensupports.com', 'email')
@ -12,7 +12,7 @@ describe '/user/get-supervised-tickets' do
it 'should fail if supervised users are not valid' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
result = request('/user/edit-supervised-list', {
@ -24,7 +24,7 @@ describe '/user/get-supervised-tickets' do
(result['status']).should.equal('success')
request('/user/logout')
Scripts.logout()
Scripts.login('supervisor@opensupports.com', 'passwordOfSupervisor')
result = request('/user/get-supervised-tickets', {
@ -141,7 +141,7 @@ describe '/user/get-supervised-tickets' do
(result['data']).should.equal([])
end
it 'should works propertly if 2 supervisors has the same users' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
Scripts.createUser('supervisor2@opensupports.com', 'usersupervised2', 'supervisor Guy2')
supervisor2 = $database.getRow('user', 'supervisor2@opensupports.com', 'email')
@ -188,7 +188,7 @@ describe '/user/get-supervised-tickets' do
end
it 'should if supervised Users tryes to handle supervisor-ticket' do
request('/user/logout')
Scripts.logout()
Scripts.login('usersupervised1@opensupports.com', 'usersupervised1')
result = request('/user/get-supervised-tickets', {
@ -201,7 +201,7 @@ describe '/user/get-supervised-tickets' do
(result['status']).should.equal('fail')
(result['message']).should.equal('INVALID_SUPERVISED_USERS')
request('/user/logout')
Scripts.logout()
Scripts.login('usersupervised2@opensupports.com', 'usersupervised2')
result = request('/user/get-supervised-tickets', {
@ -214,7 +214,7 @@ describe '/user/get-supervised-tickets' do
(result['status']).should.equal('fail')
(result['message']).should.equal('INVALID_SUPERVISED_USERS')
request('/user/logout')
Scripts.logout()
Scripts.login('usersupervised3@opensupports.com', 'usersupervised3')
result = request('/user/get-supervised-tickets', {

View File

@ -1,6 +1,6 @@
describe '/user/get-user' do
request('/user/logout')
Scripts.logout()
result = request('/user/login', {
email: 'staff@opensupports.com',
password: 'staff',

View File

@ -1,6 +1,6 @@
describe '/user/get-users' do
request('/user/logout')
Scripts.logout()
Scripts.createUser('tests@hotmail.com','passdasdasdas','laasdasd')
Scripts.createUser('tests2@hotmail.com','passfasfasfsa','laeaefae')
Scripts.createUser('tests3@hotmail.com','passfasfasfws','laeczvwaf')

View File

@ -1,5 +1,5 @@
describe '/user/get' do
request('/user/logout')
Scripts.logout()
Scripts.createUser('user_get@os4.com', 'user_get','User Get')
Scripts.login('user_get@os4.com', 'user_get')
@ -17,7 +17,7 @@ describe '/user/get' do
@ticketNumber = ticket['ticket_number']
it 'should fail if not logged' do
request('/user/logout')
Scripts.logout()
result = request('/user/get', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token

View File

@ -1,5 +1,5 @@
describe'/user/invite' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
it 'should if data is wrong' do

View File

@ -29,7 +29,7 @@ describe '/user/login' do
end
it 'should login staff member' do
request('/user/logout', {})
Scripts.logout()
result = request('/user/login', {
email: $staff[:email],
password: $staff[:password],
@ -40,7 +40,7 @@ describe '/user/login' do
end
it 'should work autologin user with remember token' do
request('/user/logout', {})
Scripts.logout()
result = request('/user/login', {
email: @loginEmail,
password: @loginPass,
@ -52,7 +52,7 @@ describe '/user/login' do
@rememberToken = result['data']['rememberToken']
@userId = result['data']['userId']
request('/user/logout', {})
Scripts.logout()
result = request('/user/login', {
userId: @userId,
rememberToken: '12abc',
@ -79,7 +79,7 @@ describe '/user/login' do
end
it 'should work autologin staff with remember token' do
request('/user/logout', {})
Scripts.logout()
result = request('/user/login', {
email: $staff[:email],
password: $staff[:password],
@ -91,7 +91,7 @@ describe '/user/login' do
@rememberToken = result['data']['rememberToken']
@staffId = result['data']['userId']
request('/user/logout', {})
Scripts.logout()
result = request('/user/login', {
userId: @staffId,
rememberToken: '12abc',
@ -115,6 +115,26 @@ describe '/user/login' do
remember: 1
})
(result['status']).should.equal('success')
$csrf_userid = result['data']['userId']
$csrf_token = result['data']['token']
end
it 'should logout if user is logged in'do
result = request('/user/logout', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('success')
end
it 'should fail logout if user is not logged in' do
result = request('/user/logout', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('fail')
(result['message']).should.equal('NO_PERMISSION')
end
end

View File

@ -1,6 +1,6 @@
describe '/user/resend-email-token' do
request('/user/logout')
Scripts.logout()
it 'should fail is data is wrong' do
result = request('/user/resend-email-token', {

View File

@ -1,5 +1,5 @@
describe'/user/resend-invite-user' do
request('/user/logout')
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
it 'should if data is wrong' do

View File

@ -3,7 +3,7 @@ use RedBeanPHP\Facade as RedBean;
/**
* @api {OBJECT} MailTemplate MailTemplate
* @apiVersion 4.7
* @apiVersion 4.10.0
* @apiGroup Data Structures
* @apiParam {String} type The type of the mail template.
* @apiParam {String} subject The subject of the mail template.

View File

@ -1,7 +1,7 @@
<?php
/**
* @api {OBJECT} Ticket Ticket
* @apiVersion 4.7.0
* @apiVersion 4.10.0
* @apiGroup Data Structures
* @apiParam {Number} ticketNumber The number of the ticket.
* @apiParam {String} title The title of the ticket.

View File

@ -3,7 +3,7 @@ use RedBeanPHP\Facade as RedBean;
/**
* @api {OBJECT} User User
* @apiVersion 4.7.0
* @apiVersion 4.10.0
* @apiGroup Data Structures
* @apiParam {String} email The email of the user.
* @apiParam {Number} id The id of the user.