cirandas.net

ref: master

test/api/helpers_test.rb

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292

require_relative 'test_helper'
require 'base64'

class Api::HelpersTest < ActiveSupport::TestCase

  include Api::Helpers

  def setup
    create_and_activate_user
    @headers = {}
  end

  attr_accessor :headers

  should 'get the current user with valid token' do
    login_api
    self.params = {:private_token => user.private_token}
    assert_equal user, current_user
  end

  should 'get the current user with valid token in header' do
    login_api
    headers['Private-Token'] = user.private_token
    assert_equal user, current_user
  end

  should 'get the current user even with expired token' do
    login_api
    user.private_token_generated_at = DateTime.now.prev_year
    user.save
    self.params = {:private_token => user.private_token}
    assert_equal user, current_user
  end

  should 'get the person of current user' do
    login_api
    self.params = {:private_token => user.private_token}
    assert_equal user.person, current_person
  end

  should 'get the current user from plugins' do

    class CoolPlugin < Noosfero::Plugin
      def api_custom_login request
        user = User.create!(:login => 'zombie', :password => 'zombie', :password_confirmation => 'zombie', :email => 'zombie@brains.org', :environment => environment)
        user.activate
        user
      end
    end

    Noosfero::Plugin.stubs(:all).returns([CoolPlugin.name])
    Environment.default.enable_plugin(CoolPlugin)

    get "/api/v1/people/me"

    json = JSON.parse(last_response.body)
    assert_equal "zombie", json['name']
  end

  should 'limit be defined as the params limit value' do
    local_limit = 30
    self.params= {:limit => local_limit}
    assert_equal local_limit, limit
  end

  should 'return default limit if the limit parameter is minor than zero' do
    self.params= {:limit => -1}
    assert_equal 20, limit
  end

  should 'the default limit be 20' do
    assert_equal 20, limit
  end

  should 'the beginning of the period be the first existent date if no from date is passsed as parameter' do
    assert_equal Time.at(0).to_datetime, period(nil, nil).to_a[0]
  end

  should 'the beginning of the period be from date passsed as parameter' do
    from = DateTime.now
    assert_equal from, period(from, nil).min
  end

  should 'the end of the period be now if no until date is passsed as parameter' do
    assert_in_delta DateTime.now, period(nil, nil).max
  end

  should 'the end of the period be until date passsed as parameter' do
    until_date = DateTime.now
    assert_equal until_date, period(nil, until_date).max
  end

  should 'parse_content_type return nil if its blank' do
    assert_nil parse_content_type("")
  end

  should 'parse_content_type be an array' do
    assert_kind_of Array, parse_content_type("text_article")
  end

  should 'parse_content_type return all content types as an array' do
    assert_equivalent ['Event','TextArticle'], parse_content_type("Event,TextArticle")
  end

  should 'find_article return article by id in list passed for user with permission' do
    login_api
    a = fast_create(Article, :profile_id => user.person.id)
    fast_create(Article, :profile_id => user.person.id)
    fast_create(Article, :profile_id => user.person.id)

    self.params = {private_token: user.private_token}
    User.expects(:find_by).with(private_token: user.private_token).returns(user)
    assert_equal a, find_article(user.person.articles,{:id => a.id})
  end

  should 'find_article return forbidden when a user try to access an article without permission' do
    login_api
    p = fast_create(Profile)
    a = fast_create(Article, :published => false, :profile_id => p.id)
    fast_create(Article, :profile_id => p.id)

    self.params = {private_token: user.private_token}
    User.expects(:find_by).with(private_token: user.private_token).returns(user)
    assert_equal 403, find_article(p.articles, {:id => a.id}).last
  end

  should 'make_conditions_with_parameter return no created at parameter if it was not defined from or until parameters' do
    assert_nil make_conditions_with_parameter[:created_at]
  end

  should 'make_conditions_with_parameter return created_at parameter if from period is defined' do
    assert_not_nil make_conditions_with_parameter(:from => '2010-10-10')[:created_at]
  end

  should 'make_conditions_with_parameter return created_at parameter if from period is defined as string' do
    assert_not_nil make_conditions_with_parameter('from' => '2010-10-10')[:created_at]
  end

  should 'make_conditions_with_parameter return created_at parameter if until period is defined' do
    assert_not_nil make_conditions_with_parameter(:until => '2010-10-10')[:created_at]
  end

  should 'make_conditions_with_parameter return created_at parameter if until period is defined as string' do
    assert_not_nil make_conditions_with_parameter('until' => '2010-10-10')[:created_at]
  end

  should 'make_conditions_with_parameter return created_at as the first existent date as parameter if only until is defined' do
    assert_equal Time.at(0).to_datetime, make_conditions_with_parameter(:until => '2010-10-10')[:created_at].min
  end

  should 'make_conditions_with_parameter: the minimal created_at date be the from date passed as parameter' do
    date = '2010-10-10'
    assert_equal DateTime.parse(date), make_conditions_with_parameter(:from => date)[:created_at].min
  end

  should 'make_conditions_with_parameter: the maximum created_at date be the until date passed as parameter' do
    date = '2010-10-10'
    assert_equal DateTime.parse(date), make_conditions_with_parameter(:until => date)[:created_at].max
  end

  should 'make_conditions_with_parameter return the until date passed as parameter' do
    date = '2010-10-10'
    assert_equal DateTime.parse(date), make_conditions_with_parameter(:from => '2010-10-10')[:created_at].min
  end

  should 'make_conditions_with_parameter return no type parameter if it was not defined any content type' do
    assert_nil make_conditions_with_parameter[:type]
  end

  should 'make_conditions_with_parameter return archived parameter if archived was defined' do
    assert_not_nil make_conditions_with_parameter('archived' => true)[:archived]
  end

  #test_should_make_order_with_parameters_return_order_if attribute_is_found_at_object_association
  should 'make_order_with_parameters return order if attribute is found at object association' do
    environment = Environment.new
    params = {:order => "name ASC"}
    assert_equal "name ASC", make_order_with_parameters(environment, "articles", params)
  end

  # test added to check for eventual sql injection vunerabillity
  #test_should_make_order_with_parameters_return_default_order_if_attributes_not_exists
  should 'make_order_with_parameters return default order if attributes not exists' do
    environment = Environment.new
    params = {:order => "CRAZY_FIELD ASC"} # quote used to check sql injection vunerabillity
    assert_equal "created_at DESC", make_order_with_parameters(environment, "articles", params)
  end

  should 'make_order_with_parameters return default order if sql injection detected' do
    environment = Environment.new
    params = {:order => "name' ASC"} # quote used to check sql injection vunerabillity
    assert_equal "created_at DESC", make_order_with_parameters(environment, "articles", params)
  end

  should 'make_order_with_parameters return RANDOM() if random is passed' do
    environment = Environment.new
    params = {:order => "random"} # quote used to check sql injection vunerabillity
    assert_equal "RANDOM()", make_order_with_parameters(environment, "articles", params)
  end

  should 'make_order_with_parameters return RANDOM() if random function is passed' do
    environment = Environment.new
    params = {:order => "random()"} # quote used to check sql injection vunerabillity
    assert_equal "RANDOM()", make_order_with_parameters(environment, "articles", params)
  end

  should 'render not_found if endpoint is unavailable' do
    Api::App.stubs(:endpoint_unavailable?).returns(true)
    self.expects(:not_found!)

    filter_disabled_plugins_endpoints
  end

  should 'not touch in options when no fields parameter is passed' do
    model = mock
    expects(:present).with(model, {})
    present_partial(model, {})
  end

  should 'fallback to array when fields parameter is not a json when calling present partial' do
    model = mock
    params[:fields] = ['name']
    expects(:present).with(model, {:only => ['name']})
    present_partial(model, {})
  end

  should 'fallback to comma separated string when fields parameter is not an array when calling present partial' do
    model = mock
    params[:fields] = 'name,description'
    expects(:present).with(model, {:only => ['name', 'description']})
    present_partial(model, {})
  end

  should 'accept json as fields parameter when calling present partial' do
    model = mock
    params[:fields] = {only: [:name, {user: [:login]}]}
    expects(:present).with(model, {:only => ['name', {'user' => ['login']}]})
    present_partial(model, {})
  end

  should 'create a :uploaded_data hash, expected by image_builder ' do
    base64_image = create_base64_image
    uploadedfile = base64_to_uploadedfile base64_image
    assert uploadedfile.has_key? :uploaded_data
    assert_equal uploadedfile[:uploaded_data].original_filename, base64_image[:filename]
    assert_equal uploadedfile[:uploaded_data].content_type, base64_image[:type]
    assert uploadedfile[:uploaded_data].tempfile
  end

  should 'return a params copy with a UploadedFile object' do
    base64_image = create_base64_image
    params = {}
    params.merge!({image_builder: base64_image})
    asset_params = asset_with_image params
    assert !asset_params[:image_builder][:uploaded_data].nil?
    assert asset_params[:image_builder][:uploaded_data].is_a? ActionDispatch::Http::UploadedFile
  end

  should 'parse_parent_id return nil' do
    assert_nil parse_parent_id("")
  end

  should 'parse_parent_id return number' do
    assert 2, parse_parent_id(2)
  end

  should 'return errors with full messages' do
    object = Person.new
    object.valid?
    hash = render_model_errors!(object.errors)
    expected = [
      {error: :blank, full_message: "Identifier can't be blank"},
      {error: :not_available, full_message: "Identifier is not available."}
    ]
    assert_equal expected, hash.first[:errors][:identifier]
  end

  protected

  def error!(info, status)
    [info, status]
  end

  def params
    @params ||= {}
  end

  def params= value
    @params = value
  end

end