206 lines
7.5 KiB
Ruby
206 lines
7.5 KiB
Ruby
describe '/system/apikey-permissions' do
|
|
request('/user/logout')
|
|
|
|
Scripts.login($staff[:email], $staff[:password], true)
|
|
|
|
apikeycanCreateUsersToken = Scripts.createAPIKey('create users',canCreateUsers=1, canCreateTickets=0, canCheckTickets=0, shouldReturnTicketNumber=0)['data']
|
|
apikeycanCreateTickets = Scripts.createAPIKey('create tickets',canCreateUsers=0, canCreateTickets=1, canCheckTickets=0, shouldReturnTicketNumber=0)['data']
|
|
apikeycanCheckTickets = Scripts.createAPIKey('comment tickets',canCreateUsers=0, canCreateTickets=0, canCheckTickets=1, shouldReturnTicketNumber=0)['data']
|
|
apikeycanReturnTickets = Scripts.createAPIKey('create and return tickets',canCreateUsers=0, canCreateTickets=1, canCheckTickets=0, shouldReturnTicketNumber=1)['data']
|
|
|
|
request('/system/disable-mandatory-login', {
|
|
"csrf_userid" => $csrf_userid,
|
|
"csrf_token" => $csrf_token,
|
|
"password" => "staff"
|
|
})
|
|
request('/system/edit-settings', {
|
|
"csrf_userid" => $csrf_userid,
|
|
"csrf_token" => $csrf_token,
|
|
"recaptcha-private" => "THISISVALID"
|
|
})
|
|
request('/user/logout')
|
|
|
|
it 'should fail ticket create if the apikey does not have create ticket permission' do
|
|
result = request('/ticket/create', {
|
|
language: 'en',
|
|
email: 'valid@os4.com',
|
|
name: 'validname',
|
|
title: 'try of title Ticket',
|
|
content: 'try of content Ticket',
|
|
departmentId: 1,
|
|
captcha: 'invalid captcha',
|
|
csrf_userid: $csrf_userid,
|
|
csrf_token: $csrf_token
|
|
})
|
|
(result['status']).should.equal('fail')
|
|
(result['message']).should.equal('INVALID_CAPTCHA')
|
|
|
|
result = request('/ticket/create', {
|
|
language: 'en',
|
|
email: 'valid@os4.com',
|
|
name: 'validname',
|
|
title: 'try of title Ticket',
|
|
content: 'try of content Ticket',
|
|
departmentId: 1,
|
|
captcha: 'THISISVALID',
|
|
apiKey: apikeycanCheckTickets,
|
|
csrf_userid: $csrf_userid,
|
|
csrf_token: $csrf_token
|
|
})
|
|
|
|
(result['status']).should.equal('fail')
|
|
(result['message']).should.equal('INVALID_CAPTCHA')
|
|
end
|
|
|
|
it 'should create ticket if the apikey has the correct permission' do
|
|
result = request('/ticket/create', {
|
|
language: 'en',
|
|
email: 'valid@os4.com',
|
|
title: 'ticket created with apikeycanCreateTickets',
|
|
name: 'validname',
|
|
content: 'content of Ticket apikeycanCreateTickets',
|
|
departmentId: 1,
|
|
captcha: 'INVALID',
|
|
apiKey: apikeycanCreateTickets,
|
|
csrf_userid: $csrf_userid,
|
|
csrf_token: $csrf_token
|
|
})
|
|
(result['status']).should.equal('success')
|
|
(result['data']).should.equal(nil)
|
|
|
|
result = request('/ticket/create', {
|
|
language: 'en',
|
|
email: 'valid@os4.com',
|
|
title: 'ticket created with apikeycanReturnTickets',
|
|
name: 'validname',
|
|
content: 'content of Ticket apikeycanReturnTickets',
|
|
departmentId: 1,
|
|
csrf_userid: $csrf_userid,
|
|
csrf_token: $csrf_token,
|
|
captcha: 'INVALID',
|
|
apiKey: apikeycanReturnTickets
|
|
})
|
|
ticket = $database.getRow('ticket','ticket created with apikeycanReturnTickets','title')
|
|
|
|
(result['status']).should.equal('success')
|
|
(result['data']['ticketNumber']).should.equal(ticket['ticket_number'])
|
|
end
|
|
|
|
it 'should fail comment ticket if the apikey permission is wrong' do
|
|
ticket = $database.getRow('ticket','ticket created with apikeycanReturnTickets','title')
|
|
author = $database.getRow('user',ticket['author_id'],'id')
|
|
|
|
result = request('/ticket/check', {
|
|
email: author['email'],
|
|
content: 'some comment content',
|
|
ticketNumber: ticket['ticket_number'],
|
|
captcha: 'INVALID',
|
|
apiKey: apikeycanReturnTickets
|
|
})
|
|
|
|
(result['status']).should.equal('fail')
|
|
(result['message']).should.equal('INVALID_CAPTCHA')
|
|
|
|
result = request('/ticket/check', {
|
|
email: author['email'],
|
|
content: 'some comment content',
|
|
ticketNumber: ticket['ticket_number'],
|
|
csrf_userid: $csrf_userid,
|
|
csrf_token: $csrf_token,
|
|
captcha: 'INVALID',
|
|
apiKey: apikeycanCreateUsersToken
|
|
})
|
|
|
|
(result['status']).should.equal('fail')
|
|
(result['message']).should.equal('INVALID_CAPTCHA')
|
|
|
|
|
|
result = request('/ticket/check', {
|
|
email: author['email'],
|
|
content: 'some comment content',
|
|
ticketNumber: ticket['ticket_number'],
|
|
csrf_userid: $csrf_userid,
|
|
csrf_token: $csrf_token,
|
|
captcha: 'INVALID',
|
|
apiKey: apikeycanCreateTickets
|
|
})
|
|
|
|
(result['status']).should.equal('fail')
|
|
(result['message']).should.equal('INVALID_CAPTCHA')
|
|
end
|
|
|
|
it 'should success comment ticket if the apikey permission is correct' do
|
|
ticket = $database.getRow('ticket','ticket created with apikeycanReturnTickets','title')
|
|
author = $database.getRow('user',ticket['author_id'],'id')
|
|
|
|
result = request('/ticket/check', {
|
|
email: author['email'],
|
|
content: 'some comment content',
|
|
ticketNumber: ticket['ticket_number'],
|
|
csrf_userid: $csrf_userid,
|
|
csrf_token: $csrf_token,
|
|
captcha: 'INVALID',
|
|
apiKey: apikeycanCheckTickets
|
|
})
|
|
|
|
(result['status']).should.equal('success')
|
|
end
|
|
|
|
it 'should fail signing up user if the apikey permission is wrong' do
|
|
|
|
request('/user/logout')
|
|
result = request('/user/signup', {
|
|
name: 'Petyr Baelish',
|
|
email: 'littlefinger@got.com',
|
|
password: 'Catelyn<3',
|
|
captcha: 'INVALID',
|
|
apiKey: apikeycanCreateTickets
|
|
})
|
|
|
|
(result['status']).should.equal('fail')
|
|
(result['message']).should.equal('INVALID_CAPTCHA')
|
|
|
|
result = request('/user/signup', {
|
|
name: 'Petyr Baelish',
|
|
email: 'littlefinger@got.com',
|
|
password: 'Catelyn<3',
|
|
captcha: 'INVALID',
|
|
apiKey: apikeycanCheckTickets
|
|
})
|
|
|
|
(result['status']).should.equal('fail')
|
|
(result['message']).should.equal('INVALID_CAPTCHA')
|
|
|
|
result = request('/user/signup', {
|
|
name: 'Petyr Baelish',
|
|
email: 'littlefinger@got.com',
|
|
password: 'Catelyn<3',
|
|
captcha: 'INVALID',
|
|
apiKey: apikeycanReturnTickets
|
|
})
|
|
|
|
(result['status']).should.equal('fail')
|
|
(result['message']).should.equal('INVALID_CAPTCHA')
|
|
end
|
|
|
|
it 'should success signing up user if the apikey permission is correct' do
|
|
result = request('/user/signup', {
|
|
name: 'Petyr Baelish',
|
|
email: 'littlefinger@got.com',
|
|
password: 'Catelyn<3',
|
|
captcha: 'INVALID',
|
|
apiKey: apikeycanCreateUsersToken
|
|
})
|
|
|
|
(result['status']).should.equal('success')
|
|
|
|
Scripts.login($staff[:email], $staff[:password], true)
|
|
request('/system/edit-settings', {
|
|
"csrf_userid" => $csrf_userid,
|
|
"csrf_token" => $csrf_token,
|
|
"recaptcha-private" => ""
|
|
})
|
|
request('/user/logout')
|
|
end
|
|
end
|