]> git.openstreetmap.org Git - rails.git/blob - test/controllers/api/messages_controller_test.rb
Drop support for OAuth 1
[rails.git] / test / controllers / api / messages_controller_test.rb
1 require "test_helper"
2
3 module Api
4   class MessagesControllerTest < ActionDispatch::IntegrationTest
5     ##
6     # test all routes which lead to this controller
7     def test_routes
8       assert_routing(
9         { :path => "/api/0.6/user/messages/inbox", :method => :get },
10         { :controller => "api/messages", :action => "inbox" }
11       )
12       assert_routing(
13         { :path => "/api/0.6/user/messages/inbox.xml", :method => :get },
14         { :controller => "api/messages", :action => "inbox", :format => "xml" }
15       )
16       assert_routing(
17         { :path => "/api/0.6/user/messages/inbox.json", :method => :get },
18         { :controller => "api/messages", :action => "inbox", :format => "json" }
19       )
20       assert_routing(
21         { :path => "/api/0.6/user/messages/outbox", :method => :get },
22         { :controller => "api/messages", :action => "outbox" }
23       )
24       assert_routing(
25         { :path => "/api/0.6/user/messages/outbox.xml", :method => :get },
26         { :controller => "api/messages", :action => "outbox", :format => "xml" }
27       )
28       assert_routing(
29         { :path => "/api/0.6/user/messages/outbox.json", :method => :get },
30         { :controller => "api/messages", :action => "outbox", :format => "json" }
31       )
32       assert_routing(
33         { :path => "/api/0.6/user/messages/1", :method => :get },
34         { :controller => "api/messages", :action => "show", :id => "1" }
35       )
36       assert_routing(
37         { :path => "/api/0.6/user/messages/1.xml", :method => :get },
38         { :controller => "api/messages", :action => "show", :id => "1", :format => "xml" }
39       )
40       assert_routing(
41         { :path => "/api/0.6/user/messages/1.json", :method => :get },
42         { :controller => "api/messages", :action => "show", :id => "1", :format => "json" }
43       )
44       assert_routing(
45         { :path => "/api/0.6/user/messages", :method => :post },
46         { :controller => "api/messages", :action => "create" }
47       )
48       assert_routing(
49         { :path => "/api/0.6/user/messages/1", :method => :post },
50         { :controller => "api/messages", :action => "update", :id => "1" }
51       )
52       assert_routing(
53         { :path => "/api/0.6/user/messages/1", :method => :delete },
54         { :controller => "api/messages", :action => "destroy", :id => "1" }
55       )
56     end
57
58     def test_create_success
59       recipient = create(:user)
60       sender = create(:user)
61
62       sender_token = create(:oauth_access_token,
63                             :resource_owner_id => sender.id,
64                             :scopes => %w[send_messages consume_messages])
65       sender_auth = bearer_authorization_header(sender_token.token)
66
67       msg = build(:message)
68
69       assert_difference "Message.count", 1 do
70         assert_difference "ActionMailer::Base.deliveries.size", 1 do
71           perform_enqueued_jobs do
72             post api_messages_path,
73                  :params => { :title => msg.title,
74                               :recipient_id => recipient.id,
75                               :body => msg.body,
76                               :format => "json" },
77                  :headers => sender_auth
78             assert_response :success
79           end
80         end
81       end
82
83       assert_equal "application/json", response.media_type
84       js = ActiveSupport::JSON.decode(@response.body)
85       jsm = js["message"]
86       assert_not_nil jsm
87       assert_not_nil jsm["id"]
88       assert_equal sender.id, jsm["from_user_id"]
89       assert_equal sender.display_name, jsm["from_display_name"]
90       assert_equal recipient.id, jsm["to_user_id"]
91       assert_equal recipient.display_name, jsm["to_display_name"]
92       assert_equal msg.title, jsm["title"]
93       assert_not_nil jsm["sent_on"]
94       assert_equal !msg.from_user_visible, jsm["deleted"]
95       assert_not jsm.key?("message_read")
96       assert_equal "markdown", jsm["body_format"]
97       assert_equal msg.body, jsm["body"]
98     end
99
100     def test_create_fail
101       recipient = create(:user)
102
103       sender = create(:user)
104       sender_token = create(:oauth_access_token,
105                             :resource_owner_id => sender.id,
106                             :scopes => %w[send_messages consume_messages])
107       sender_auth = bearer_authorization_header(sender_token.token)
108
109       assert_no_difference "Message.count" do
110         assert_no_difference "ActionMailer::Base.deliveries.size" do
111           perform_enqueued_jobs do
112             post api_messages_path,
113                  :params => { :title => "Title",
114                               :recipient_id => recipient.id,
115                               :body => "body" }
116           end
117         end
118       end
119       assert_response :unauthorized
120
121       assert_no_difference "Message.count" do
122         assert_no_difference "ActionMailer::Base.deliveries.size" do
123           perform_enqueued_jobs do
124             post api_messages_path,
125                  :params => { :recipient_id => recipient.id,
126                               :body => "body" },
127                  :headers => sender_auth
128           end
129         end
130       end
131       assert_response :bad_request
132
133       assert_no_difference "Message.count" do
134         assert_no_difference "ActionMailer::Base.deliveries.size" do
135           perform_enqueued_jobs do
136             post api_messages_path,
137                  :params => { :title => "Title",
138                               :body => "body" },
139                  :headers => sender_auth
140           end
141         end
142       end
143       assert_response :bad_request
144
145       assert_no_difference "Message.count" do
146         assert_no_difference "ActionMailer::Base.deliveries.size" do
147           perform_enqueued_jobs do
148             post api_messages_path,
149                  :params => { :title => "Title",
150                               :recipient_id => recipient.id },
151                  :headers => sender_auth
152           end
153         end
154       end
155       assert_response :bad_request
156     end
157
158     def test_show
159       recipient = create(:user)
160       sender = create(:user)
161       user3 = create(:user)
162
163       sender_token = create(:oauth_access_token,
164                             :resource_owner_id => sender.id,
165                             :scopes => %w[consume_messages])
166       sender_auth = bearer_authorization_header(sender_token.token)
167
168       recipient_token = create(:oauth_access_token,
169                                :resource_owner_id => recipient.id,
170                                :scopes => %w[consume_messages])
171       recipient_auth = bearer_authorization_header(recipient_token.token)
172
173       user3_token = create(:oauth_access_token,
174                            :resource_owner_id => user3.id,
175                            :scopes => %w[send_messages consume_messages])
176       user3_auth = bearer_authorization_header(user3_token.token)
177
178       msg = create(:message, :unread, :sender => sender, :recipient => recipient)
179
180       # fail if not authorized
181       get api_message_path(:id => msg.id)
182       assert_response :unauthorized
183
184       # only recipient and sender can read the message
185       get api_message_path(:id => msg.id), :headers => user3_auth
186       assert_response :forbidden
187
188       # message does not exist
189       get api_message_path(:id => 99999), :headers => user3_auth
190       assert_response :not_found
191
192       # verify xml output
193       get api_message_path(:id => msg.id), :headers => recipient_auth
194       assert_equal "application/xml", response.media_type
195       assert_select "message", :count => 1 do
196         assert_select "[id='#{msg.id}']"
197         assert_select "[from_user_id='#{sender.id}']"
198         assert_select "[from_display_name='#{sender.display_name}']"
199         assert_select "[to_user_id='#{recipient.id}']"
200         assert_select "[to_display_name='#{recipient.display_name}']"
201         assert_select "[sent_on]"
202         assert_select "[deleted='#{!msg.to_user_visible}']"
203         assert_select "[message_read='#{msg.message_read}']"
204         assert_select "[body_format='markdown']"
205         assert_select "title", msg.title
206         assert_select "body", msg.body
207       end
208
209       # verify json output
210       get api_message_path(:id => msg.id, :format => "json"), :headers => recipient_auth
211       assert_equal "application/json", response.media_type
212       js = ActiveSupport::JSON.decode(@response.body)
213       jsm = js["message"]
214       assert_not_nil jsm
215       assert_equal msg.id, jsm["id"]
216       assert_equal sender.id, jsm["from_user_id"]
217       assert_equal sender.display_name, jsm["from_display_name"]
218       assert_equal recipient.id, jsm["to_user_id"]
219       assert_equal recipient.display_name, jsm["to_display_name"]
220       assert_equal msg.title, jsm["title"]
221       assert_not_nil jsm["sent_on"]
222       assert_equal msg.message_read, jsm["message_read"]
223       assert_equal !msg.to_user_visible, jsm["deleted"]
224       assert_equal "markdown", jsm["body_format"]
225       assert_equal msg.body, jsm["body"]
226
227       get api_message_path(:id => msg.id), :headers => sender_auth
228       assert_equal "application/xml", response.media_type
229       assert_select "message", :count => 1 do
230         assert_select "[id='#{msg.id}']"
231         assert_select "[from_user_id='#{sender.id}']"
232         assert_select "[from_display_name='#{sender.display_name}']"
233         assert_select "[to_user_id='#{recipient.id}']"
234         assert_select "[to_display_name='#{recipient.display_name}']"
235         assert_select "[sent_on]"
236         assert_select "[deleted='#{!msg.from_user_visible}']"
237         assert_select "[message_read='#{msg.message_read}']", 0
238         assert_select "[body_format='markdown']"
239         assert_select "title", msg.title
240         assert_select "body", msg.body
241       end
242
243       # verify json output
244       get api_message_path(:id => msg.id, :format => "json"), :headers => sender_auth
245       assert_equal "application/json", response.media_type
246       js = ActiveSupport::JSON.decode(@response.body)
247       jsm = js["message"]
248       assert_not_nil jsm
249       assert_equal msg.id, jsm["id"]
250       assert_equal sender.id, jsm["from_user_id"]
251       assert_equal sender.display_name, jsm["from_display_name"]
252       assert_equal recipient.id, jsm["to_user_id"]
253       assert_equal recipient.display_name, jsm["to_display_name"]
254       assert_equal msg.title, jsm["title"]
255       assert_not_nil jsm["sent_on"]
256       assert_equal !msg.from_user_visible, jsm["deleted"]
257       assert_not jsm.key?("message_read")
258       assert_equal "markdown", jsm["body_format"]
259       assert_equal msg.body, jsm["body"]
260     end
261
262     def test_update_status
263       recipient = create(:user)
264       sender = create(:user)
265       user3 = create(:user)
266
267       recipient_token = create(:oauth_access_token,
268                                :resource_owner_id => recipient.id,
269                                :scopes => %w[consume_messages])
270       recipient_auth = bearer_authorization_header(recipient_token.token)
271
272       user3_token = create(:oauth_access_token,
273                            :resource_owner_id => user3.id,
274                            :scopes => %w[send_messages consume_messages])
275       user3_auth = bearer_authorization_header(user3_token.token)
276
277       msg = create(:message, :unread, :sender => sender, :recipient => recipient)
278
279       # attempt to mark message as read by recipient, not authenticated
280       post api_message_path(:id => msg.id), :params => { :read_status => true }
281       assert_response :unauthorized
282
283       # attempt to mark message as read by recipient, not allowed
284       post api_message_path(:id => msg.id), :params => { :read_status => true }, :headers => user3_auth
285       assert_response :forbidden
286
287       # missing parameter
288       post api_message_path(:id => msg.id), :headers => recipient_auth
289       assert_response :bad_request
290
291       # wrong type of parameter
292       post api_message_path(:id => msg.id),
293            :params => { :read_status => "not a boolean" },
294            :headers => recipient_auth
295       assert_response :bad_request
296
297       # mark message as read by recipient
298       post api_message_path(:id => msg.id, :format => "json"),
299            :params => { :read_status => true },
300            :headers => recipient_auth
301       assert_response :success
302       assert_equal "application/json", response.media_type
303       js = ActiveSupport::JSON.decode(@response.body)
304       jsm = js["message"]
305       assert_not_nil jsm
306       assert_equal msg.id, jsm["id"]
307       assert_equal sender.id, jsm["from_user_id"]
308       assert_equal sender.display_name, jsm["from_display_name"]
309       assert_equal recipient.id, jsm["to_user_id"]
310       assert_equal recipient.display_name, jsm["to_display_name"]
311       assert_equal msg.title, jsm["title"]
312       assert_not_nil jsm["sent_on"]
313       assert jsm["message_read"]
314       assert_equal !msg.to_user_visible, jsm["deleted"]
315       assert_equal "markdown", jsm["body_format"]
316       assert_equal msg.body, jsm["body"]
317
318       # mark message as unread by recipient
319       post api_message_path(:id => msg.id, :format => "json"),
320            :params => { :read_status => false },
321            :headers => recipient_auth
322       assert_response :success
323       assert_equal "application/json", response.media_type
324       js = ActiveSupport::JSON.decode(@response.body)
325       jsm = js["message"]
326       assert_not_nil jsm
327       assert_equal msg.id, jsm["id"]
328       assert_equal sender.id, jsm["from_user_id"]
329       assert_equal sender.display_name, jsm["from_display_name"]
330       assert_equal recipient.id, jsm["to_user_id"]
331       assert_equal recipient.display_name, jsm["to_display_name"]
332       assert_equal msg.title, jsm["title"]
333       assert_not_nil jsm["sent_on"]
334       assert_not jsm["message_read"]
335       assert_equal !msg.to_user_visible, jsm["deleted"]
336       assert_equal "markdown", jsm["body_format"]
337       assert_equal msg.body, jsm["body"]
338     end
339
340     def test_delete
341       recipient = create(:user)
342       recipient_token = create(:oauth_access_token,
343                                :resource_owner_id => recipient.id,
344                                :scopes => %w[consume_messages])
345       recipient_auth = bearer_authorization_header(recipient_token.token)
346
347       sender = create(:user)
348       sender_token = create(:oauth_access_token,
349                             :resource_owner_id => sender.id,
350                             :scopes => %w[send_messages consume_messages])
351       sender_auth = bearer_authorization_header(sender_token.token)
352
353       user3 = create(:user)
354       user3_token = create(:oauth_access_token,
355                            :resource_owner_id => user3.id,
356                            :scopes => %w[send_messages consume_messages])
357       user3_auth = bearer_authorization_header(user3_token.token)
358
359       msg = create(:message, :read, :sender => sender, :recipient => recipient)
360
361       # attempt to delete message, not authenticated
362       delete api_message_path(:id => msg.id)
363       assert_response :unauthorized
364
365       # attempt to delete message, by user3
366       delete api_message_path(:id => msg.id), :headers => user3_auth
367       assert_response :forbidden
368
369       # delete message by recipient
370       delete api_message_path(:id => msg.id, :format => "json"), :headers => recipient_auth
371       assert_response :success
372       assert_equal "application/json", response.media_type
373       js = ActiveSupport::JSON.decode(@response.body)
374       jsm = js["message"]
375       assert_not_nil jsm
376       assert_equal msg.id, jsm["id"]
377       assert_equal sender.id, jsm["from_user_id"]
378       assert_equal sender.display_name, jsm["from_display_name"]
379       assert_equal recipient.id, jsm["to_user_id"]
380       assert_equal recipient.display_name, jsm["to_display_name"]
381       assert_equal msg.title, jsm["title"]
382       assert_not_nil jsm["sent_on"]
383       assert_equal msg.message_read, jsm["message_read"]
384       assert jsm["deleted"]
385       assert_equal "markdown", jsm["body_format"]
386       assert_equal msg.body, jsm["body"]
387
388       # delete message by sender
389       delete api_message_path(:id => msg.id, :format => "json"), :headers => sender_auth
390       assert_response :success
391       assert_equal "application/json", response.media_type
392       js = ActiveSupport::JSON.decode(@response.body)
393       jsm = js["message"]
394       assert_not_nil jsm
395       assert_equal msg.id, jsm["id"]
396       assert_equal sender.id, jsm["from_user_id"]
397       assert_equal sender.display_name, jsm["from_display_name"]
398       assert_equal recipient.id, jsm["to_user_id"]
399       assert_equal recipient.display_name, jsm["to_display_name"]
400       assert_equal msg.title, jsm["title"]
401       assert_not_nil jsm["sent_on"]
402       assert jsm["deleted"]
403       assert_not jsm.key?("message_read")
404       assert_equal "markdown", jsm["body_format"]
405       assert_equal msg.body, jsm["body"]
406     end
407
408     def test_list_messages
409       user1 = create(:user)
410       user1_token = create(:oauth_access_token,
411                            :resource_owner_id => user1.id,
412                            :scopes => %w[send_messages consume_messages])
413       user1_auth = bearer_authorization_header(user1_token.token)
414
415       user2 = create(:user)
416       user2_token = create(:oauth_access_token,
417                            :resource_owner_id => user2.id,
418                            :scopes => %w[send_messages consume_messages])
419       user2_auth = bearer_authorization_header(user2_token.token)
420
421       user3 = create(:user)
422       user3_token = create(:oauth_access_token,
423                            :resource_owner_id => user3.id,
424                            :scopes => %w[send_messages consume_messages])
425       user3_auth = bearer_authorization_header(user3_token.token)
426
427       # create some messages between users
428       # user | inbox | outbox
429       #   1  |   0   |   3
430       #   2  |   2   |   1
431       #   3  |   2   |   0
432       create(:message, :unread, :sender => user1, :recipient => user2)
433       create(:message, :unread, :sender => user1, :recipient => user2)
434       create(:message, :unread, :sender => user1, :recipient => user3)
435       create(:message, :unread, :sender => user2, :recipient => user3)
436
437       # only authorized users
438       get inbox_api_messages_path
439       assert_response :unauthorized
440       get outbox_api_messages_path
441       assert_response :unauthorized
442
443       # no messages in user1.inbox
444       get inbox_api_messages_path, :headers => user1_auth
445       assert_response :success
446       assert_equal "application/xml", response.media_type
447       assert_select "message", :count => 0
448
449       # 3 messages in user1.outbox
450       get outbox_api_messages_path, :headers => user1_auth
451       assert_response :success
452       assert_equal "application/xml", response.media_type
453       assert_select "message", :count => 3 do
454         assert_select "[from_user_id='#{user1.id}']"
455         assert_select "[from_display_name='#{user1.display_name}']"
456         assert_select "[to_user_id]"
457         assert_select "[to_display_name]"
458         assert_select "[sent_on]"
459         assert_select "[message_read]", 0
460         assert_select "[deleted='false']"
461         assert_select "[body_format]"
462         assert_select "body", false
463         assert_select "title"
464       end
465
466       # 2 messages in user2.inbox
467       get inbox_api_messages_path, :headers => user2_auth
468       assert_response :success
469       assert_equal "application/xml", response.media_type
470       assert_select "message", :count => 2 do
471         assert_select "[from_user_id]"
472         assert_select "[from_display_name]"
473         assert_select "[to_user_id='#{user2.id}']"
474         assert_select "[to_display_name='#{user2.display_name}']"
475         assert_select "[sent_on]"
476         assert_select "[message_read='false']"
477         assert_select "[deleted='false']"
478         assert_select "[body_format]"
479         assert_select "body", false
480         assert_select "title"
481       end
482
483       # 1 message in user2.outbox
484       get outbox_api_messages_path, :headers => user2_auth
485       assert_response :success
486       assert_equal "application/xml", response.media_type
487       assert_select "message", :count => 1 do
488         assert_select "[from_user_id='#{user2.id}']"
489         assert_select "[from_display_name='#{user2.display_name}']"
490         assert_select "[to_user_id]"
491         assert_select "[to_display_name]"
492         assert_select "[sent_on]"
493         assert_select "[deleted='false']"
494         assert_select "[message_read]", 0
495         assert_select "[body_format]"
496         assert_select "body", false
497         assert_select "title"
498       end
499
500       # 2 messages in user3.inbox
501       get inbox_api_messages_path, :headers => user3_auth
502       assert_response :success
503       assert_equal "application/xml", response.media_type
504       assert_select "message", :count => 2 do
505         assert_select "[from_user_id]"
506         assert_select "[from_display_name]"
507         assert_select "[to_user_id='#{user3.id}']"
508         assert_select "[to_display_name='#{user3.display_name}']"
509         assert_select "[sent_on]"
510         assert_select "[message_read='false']"
511         assert_select "[deleted='false']"
512         assert_select "[body_format]"
513         assert_select "body", false
514         assert_select "title"
515       end
516
517       # 0 messages in user3.outbox
518       get outbox_api_messages_path, :headers => user3_auth
519       assert_response :success
520       assert_equal "application/xml", response.media_type
521       assert_select "message", :count => 0
522     end
523
524     def test_paged_list_messages_asc
525       recipient = create(:user)
526       recipient_token = create(:oauth_access_token,
527                                :resource_owner_id => recipient.id,
528                                :scopes => %w[consume_messages])
529       recipient_auth = bearer_authorization_header(recipient_token.token)
530
531       sender = create(:user)
532
533       create_list(:message, 100, :unread, :sender => sender, :recipient => recipient)
534
535       msgs_read = {}
536       params = { :order => "oldest", :limit => 20 }
537       10.times do
538         get inbox_api_messages_path(:format => "json"),
539             :params => params,
540             :headers => recipient_auth
541         assert_response :success
542         assert_equal "application/json", response.media_type
543         js = ActiveSupport::JSON.decode(@response.body)
544         jsm = js["messages"]
545         assert_operator jsm.count, :<=, 20
546
547         break if jsm.nil? || jsm.count.zero?
548
549         assert_operator(jsm[0]["id"], :>=, params[:from_id]) unless params[:from_id].nil?
550         # ensure ascending order
551         (0..jsm.count - 1).each do |i|
552           assert_operator(jsm[i]["id"], :<, jsm[i + 1]["id"]) unless i == jsm.count - 1
553           msgs_read[jsm[i]["id"]] = jsm[i]
554         end
555         params[:from_id] = jsm[jsm.count - 1]["id"]
556       end
557       assert_equal 100, msgs_read.count
558     end
559
560     def test_paged_list_messages_desc
561       recipient = create(:user)
562       recipient_token = create(:oauth_access_token,
563                                :resource_owner_id => recipient.id,
564                                :scopes => %w[consume_messages])
565       recipient_auth = bearer_authorization_header(recipient_token.token)
566
567       sender = create(:user)
568
569       create_list(:message, 100, :unread, :sender => sender, :recipient => recipient)
570
571       real_max_id = -1
572       msgs_read = {}
573       params = { :order => "newest", :limit => 20 }
574       10.times do
575         get inbox_api_messages_path(:format => "json"),
576             :params => params,
577             :headers => recipient_auth
578         assert_response :success
579         assert_equal "application/json", response.media_type
580         js = ActiveSupport::JSON.decode(@response.body)
581         jsm = js["messages"]
582         assert_operator jsm.count, :<=, 20
583
584         break if jsm.nil? || jsm.count.zero?
585
586         if params[:from_id].nil?
587           real_max_id = jsm[0]["id"]
588         else
589           assert_operator jsm[0]["id"], :<=, params[:from_id]
590         end
591         # ensure descending order
592         (0..jsm.count - 1).each do |i|
593           assert_operator(jsm[i]["id"], :>, jsm[i + 1]["id"]) unless i == jsm.count - 1
594           msgs_read[jsm[i]["id"]] = jsm[i]
595         end
596         params[:from_id] = jsm[jsm.count - 1]["id"]
597       end
598       assert_equal 100, msgs_read.count
599       assert_not_equal(-1, real_max_id)
600
601       # invoke without min_id/max_id parameters, verify that we get the last batch
602       get inbox_api_messages_path(:format => "json"), :params => { :limit => 20 }, :headers => recipient_auth
603       assert_response :success
604       assert_equal "application/json", response.media_type
605       js = ActiveSupport::JSON.decode(@response.body)
606       jsm = js["messages"]
607       assert_not_nil jsm
608       assert_equal real_max_id, jsm[0]["id"]
609     end
610   end
611 end