fab-manager/test/integration/auth_providers_test.rb

# frozen_string_literal: true

require 'test_helper'
require 'helpers/auth_provider_helper'

class AuthProvidersTest < ActionDispatch::IntegrationTest
  include AuthProviderHelper

  def setup
    @admin = User.find_by(username: 'admin')
    login_as(@admin, scope: :user)
    FabManager::Application.load_tasks if Rake::Task.tasks.empty?
  end

  test 'create an auth external provider and activate it' do
    # clean any existing auth provider config
    FileUtils.rm('config/auth_provider.yml', force: true)

    name = 'GitHub'
    post '/api/auth_providers',
         params: {
           auth_provider: github_provider_params(name)
         }.to_json,
         headers: default_headers

    # Check response format & status
    assert_equal 201, response.status, response.body
    assert_match Mime[:json].to_s, response.content_type

    # Check the provider was correctly created
    db_provider = OAuth2Provider.includes(:auth_provider).where('auth_providers.name': name).first&.auth_provider
    assert_not_nil db_provider

    provider = json_response(response.body)
    assert_equal name, provider[:name]
    assert_equal db_provider&.id, provider[:id]
    assert_equal 'pending', provider[:status]
    assert_equal 2, provider[:auth_provider_mappings_attributes].length

    # now let's activate this new provider
    Rake::Task['fablab:auth:switch_provider'].execute(Rake::TaskArguments.new([:provider], [name]))

    db_provider&.reload
    assert_equal 'active', db_provider&.status
    assert_equal AuthProvider.active.id, db_provider&.id
    User.find_each do |u|
      assert_not_nil u.auth_token
    end

    # Check the configuration file
    assert File.exist?('config/auth_provider.yml')
    config = ProviderConfig.new
    assert_equal 'OAuth2Provider', config.providable_type
    assert_equal name, config.name

    # clean test provider config
    FileUtils.rm('config/auth_provider.yml', force: true)
  end

  test 'update an authentication provider' do
    provider = AuthProvider.create!(github_provider_params('GitHub'))
    patch "/api/auth_providers/#{provider.id}",
          params: {
            auth_provider: {
              providable_type: 'OAuth2Provider',
              auth_provider_mappings_attributes: [
                { api_data_type: 'json', api_endpoint: 'https://api.github.com/user',
                  api_field: 'avatar_url', local_field: 'avatar', local_model: 'profile' }
              ]
            }
          }.to_json,
          headers: default_headers

    # Check response format & status
    assert_equal 200, response.status, response.body
    assert_match Mime[:json].to_s, response.content_type

    provider.reload

    # Check the provider was updated
    res = json_response(response.body)
    assert_equal provider.id, res[:id]
    assert_equal 3, provider.auth_provider_mappings.count
    assert_not_nil provider.auth_provider_mappings.find_by(api_field: 'avatar_url')
  end

  test 'build an oauth2 strategy name' do
    get '/api/auth_providers/strategy_name?providable_type=OAuth2Provider&name=Sleede'

    assert_response :success
    assert_equal 'oauth2-sleede', response.body
  end

  test 'build an openid strategy name' do
    get '/api/auth_providers/strategy_name?providable_type=OpenIdConnectProvider&name=Sleede'

    assert_response :success
    assert_equal 'openidconnect-sleede', response.body
  end

  test 'list all authentication providers' do
    get '/api/auth_providers'

    # Check response format & status
    assert_equal 200, response.status, response.body
    assert_match Mime[:json].to_s, response.content_type

    # Check the answer
    res = json_response(response.body)
    assert_equal AuthProvider.count, res.length
  end

  test 'show an authentication provider' do
    provider = AuthProvider.first
    get "/api/auth_providers/#{provider.id}"

    # Check response format & status
    assert_equal 200, response.status, response.body
    assert_match Mime[:json].to_s, response.content_type

    # Check the provider
    res = json_response(response.body)
    assert_equal provider.id, res[:id]
    assert_equal provider.providable_type, res[:providable_type]
  end

  test 'show fields available for mapping' do
    get '/api/auth_providers/mapping_fields'

    assert_equal 200, response.status, response.body
    assert_match Mime[:json].to_s, response.content_type

    # Check the returned fields
    res = json_response(response.body)
    assert_not_empty res[:user]
    assert_not_empty res[:profile]
    assert_not res[:user].map(&:first).include?('encrypted_password')
    assert(res[:user].map(&:last).all? { |type| %w[string boolean integer datetime].include?(type) })
  end

  test 'get the current active provider' do
    get '/api/auth_providers/active'

    assert_equal 200, response.status, response.body
    assert_match Mime[:json].to_s, response.content_type

    # Check the returned fields
    res = json_response(response.body)
    assert_equal AuthProvider.active.id, res[:id]
    assert_nil res[:previous_provider]
  end

  test 'send auth migration token' do
    # create an enable an oauth2 provider
    name = 'TokenTest'
    AuthProvider.create!(github_provider_params(name))
    Rake::Task['fablab:auth:switch_provider'].execute(Rake::TaskArguments.new([:provider], [name]))

    # send the migration token
    user = User.find(10)
    post '/api/auth_providers/send_code',
         params: {
           email: user.email
         }.to_json,
         headers: default_headers

    assert_equal 200, response.status, response.body
    assert_match Mime[:json].to_s, response.content_type

    # check resulting notification
    notification = Notification.find_by(
      notification_type_id: NotificationType.find_by(name: 'notify_user_auth_migration'),
      attached_object_type: 'User',
      attached_object_id: user.id
    )
    assert_not_nil notification, 'user notification was not created'
  end
end