Covered with tests api users and white ips

app/controllers/repp/v1/api_users_controller.rb

@@ -61,7 +61,7 @@ module Repp
       private
 
       def api_user_params
-        params.require(:api_user).permit(:id, :username, :plain_text_password, :active,
+        params.require(:api_user).permit(:username, :plain_text_password, :active,
                                          :identity_code, { roles: [] })
       end
 

app/controllers/repp/v1/white_ips_controller.rb

@@ -3,7 +3,7 @@ module Repp
     class WhiteIpsController < BaseController
       load_and_authorize_resource
 
-      THROTTLED_ACTIONS = %i[index create update destroy].freeze
+      THROTTLED_ACTIONS = %i[index show create update destroy].freeze
       include Shunter::Integration::Throttle
 
       api :GET, '/repp/v1/white_ips'
@@ -58,7 +58,7 @@ module Repp
       private
 
       def white_ip_params
-        params.require(:white_ip).permit(:id, :ipv4, :ipv6, interfaces: [])
+        params.require(:white_ip).permit(:ipv4, :ipv6, interfaces: [])
       end
     end
   end

test/fixtures/users.yml

@@ -8,6 +8,16 @@ api_bestnames:
   roles:
     - super
 
+api_bestnames_epp:
+  username: test_bestnames_epp
+  plain_text_password: testtest
+  identity_code: 
+  type: ApiUser
+  registrar: bestnames
+  active: true
+  roles:
+    - epp
+
 api_goodnames:
   username: test_goodnames
   plain_text_password: testtest

test/fixtures/white_ips.yml

@@ -4,3 +4,10 @@ one:
   interfaces:
     - <%= WhiteIp::REGISTRAR %>
     - <%= WhiteIp::API %>
+
+two:
+  registrar: bestnames
+  ipv6: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
+  interfaces:
+    - <%= WhiteIp::REGISTRAR %>
+    - <%= WhiteIp::API %>

test/integration/repp/v1/api_users/create_test.rb

@@ -0,0 +1,82 @@
+require 'test_helper'
+
+class ReppV1ApiUsersCreateTest < ActionDispatch::IntegrationTest
+  def setup
+    @user = users(:api_bestnames)
+    token = Base64.encode64("#{@user.username}:#{@user.plain_text_password}")
+    token = "Basic #{token}"
+
+    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV['shunter_default_adapter'].constantize.new
+    adapter&.clear!
+  end
+
+  def test_creates_new_api_user
+    request_body = {
+      api_user: {
+        username: 'username',
+        plain_text_password: 'password',
+        active: true,
+        identity_code: '123',
+        roles: ['super'],
+      },
+    }
+
+    post '/repp/v1/api_users', headers: @auth_headers, params: request_body
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :ok
+    assert_equal 1000, json[:code]
+    assert_equal 'Command completed successfully', json[:message]
+
+    api_user = ApiUser.find(json[:data][:api_user][:id])
+    assert api_user.present?
+    assert api_user.active
+
+    assert_equal(request_body[:api_user][:username], api_user.username)
+  end
+
+  def test_validates_identity_code_per_registrar
+    request_body = {
+      api_user: {
+        username: 'username',
+        plain_text_password: 'password',
+        active: true,
+        identity_code: @user.identity_code,
+        roles: ['super'],
+      },
+    }
+
+    post '/repp/v1/api_users', headers: @auth_headers, params: request_body
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert json[:message].include? 'Identity code already exists'
+  end
+
+  def test_returns_error_response_if_throttled
+    ENV['shunter_default_threshold'] = '1'
+    ENV['shunter_enabled'] = 'true'
+
+    request_body = {
+      api_user: {
+        username: 'username',
+        plain_text_password: 'password',
+        active: true,
+        identity_code: '123',
+        roles: ['super'],
+      },
+    }
+
+    post '/repp/v1/api_users', headers: @auth_headers, params: request_body
+    post '/repp/v1/api_users', headers: @auth_headers, params: request_body
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV['shunter_default_threshold'] = '10000'
+    ENV['shunter_enabled'] = 'false'
+  end
+end

test/integration/repp/v1/api_users/delete_test.rb

@@ -0,0 +1,49 @@
+require 'test_helper'
+
+class ReppV1ApiUsersDeleteTest < ActionDispatch::IntegrationTest
+  def setup
+    @user = users(:api_bestnames)
+    token = Base64.encode64("#{@user.username}:#{@user.plain_text_password}")
+    token = "Basic #{token}"
+
+    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV['shunter_default_adapter'].constantize.new
+    adapter&.clear!
+  end
+
+  def test_deletes_api_user
+    epp_user = users(:api_bestnames_epp)
+    delete "/repp/v1/api_users/#{epp_user.id}", headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :ok
+    assert_equal 1000, json[:code]
+    assert_equal 'Command completed successfully', json[:message]
+    refute ApiUser.exists?(epp_user.id)
+  end
+
+  def test_cannot_delete_api_user
+    delete '/repp/v1/api_users/wrong_id', headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :not_found
+    assert_equal 2303, json[:code]
+    assert_equal 'Object does not exist', json[:message]
+  end
+
+  def test_returns_error_response_if_throttled
+    ENV['shunter_default_threshold'] = '1'
+    ENV['shunter_enabled'] = 'true'
+
+    delete "/repp/v1/api_users/#{users(:api_bestnames_epp).id}", headers: @auth_headers
+    delete "/repp/v1/api_users/#{users(:api_bestnames).id}", headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV['shunter_default_threshold'] = '10000'
+    ENV['shunter_enabled'] = 'false'
+  end
+end

test/integration/repp/v1/api_users/list_test.rb

@@ -0,0 +1,39 @@
+require 'test_helper'
+
+class ReppV1ApiUsersListTest < ActionDispatch::IntegrationTest
+  def setup
+    @user = users(:api_bestnames)
+    token = Base64.encode64("#{@user.username}:#{@user.plain_text_password}")
+    token = "Basic #{token}"
+
+    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV['shunter_default_adapter'].constantize.new
+    adapter&.clear!
+  end
+
+  def test_returns_api_users
+    get repp_v1_api_users_url, headers: @auth_headers
+    assert_response :success
+
+    response_json = JSON.parse(response.body, symbolize_names: true)
+    assert_equal @user.registrar.api_users.count, response_json[:data][:count]
+    assert_equal @user.registrar.api_users.count, response_json[:data][:users].length
+    assert response_json[:data][:users][0].is_a? Hash
+  end
+
+  def test_returns_error_response_if_throttled
+    ENV['shunter_default_threshold'] = '1'
+    ENV['shunter_enabled'] = 'true'
+
+    get repp_v1_api_users_path, headers: @auth_headers
+    get repp_v1_api_users_path, headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV['shunter_default_threshold'] = '10000'
+    ENV['shunter_enabled'] = 'false'
+  end
+end

test/integration/repp/v1/api_users/show_test.rb

@@ -0,0 +1,54 @@
+require 'test_helper'
+
+class ReppV1ApiUsersShowTest < ActionDispatch::IntegrationTest
+  def setup
+    @user = users(:api_bestnames)
+    token = Base64.encode64("#{@user.username}:#{@user.plain_text_password}")
+    token = "Basic #{token}"
+
+    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV['shunter_default_adapter'].constantize.new
+    adapter&.clear!
+  end
+
+  def test_returns_error_when_not_found
+    get repp_v1_api_user_path(id: 'definitelynotexistant'), headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :not_found
+    assert_equal 2303, json[:code]
+    assert_equal 'Object does not exist', json[:message]
+  end
+
+  def test_shows_existing_api_user
+    user = @user.registrar.api_users.first
+
+    get repp_v1_api_user_path(id: user.id), headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :ok
+    assert_equal 1000, json[:code]
+    assert_equal 'Command completed successfully', json[:message]
+
+    assert_equal user.id, json[:data][:user][:id]
+    assert_equal ApiUser::ROLES, json[:data][:roles]
+  end
+
+  def test_returns_error_response_if_throttled
+    ENV['shunter_default_threshold'] = '1'
+    ENV['shunter_enabled'] = 'true'
+
+    user = @user.registrar.api_users.first
+
+    get repp_v1_api_user_path(id: user.id), headers: @auth_headers
+    get repp_v1_api_user_path(id: user.id), headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV['shunter_default_threshold'] = '10000'
+    ENV['shunter_enabled'] = 'false'
+  end
+end

test/integration/repp/v1/api_users/update_test.rb

@@ -0,0 +1,83 @@
+require 'test_helper'
+
+class ReppV1ApiUsersUpdateTest < ActionDispatch::IntegrationTest
+  def setup
+    @user = users(:api_bestnames)
+    token = Base64.encode64("#{@user.username}:#{@user.plain_text_password}")
+    token = "Basic #{token}"
+
+    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV['shunter_default_adapter'].constantize.new
+    adapter&.clear!
+  end
+
+  def test_updates_api_user
+    request_body = {
+      api_user: {
+        active: false,
+      },
+    }
+
+    put "/repp/v1/api_users/#{@user.id}", headers: @auth_headers, params: request_body
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :ok
+    assert_equal 1000, json[:code]
+    assert_equal 'Command completed successfully', json[:message]
+
+    api_user = ApiUser.find(json[:data][:api_user][:id])
+    assert_equal api_user.username, @user.username
+    refute api_user.active
+  end
+
+  def test_can_not_change_identity_code_if_already_exists_per_registrar
+    epp_user = users(:api_bestnames_epp)
+    request_body = {
+      api_user: {
+        identity_code: @user.identity_code,
+      },
+    }
+
+    put "/repp/v1/api_users/#{epp_user.id}", headers: @auth_headers, params: request_body
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert json[:message].include? 'Identity code already exists'
+  end
+
+  def test_returns_error_if_password_wrong_format
+    request_body = {
+      api_user: {
+        plain_text_password: '123',
+      },
+    }
+
+    put "/repp/v1/api_users/#{@user.id}", headers: @auth_headers, params: request_body
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert json[:message].include? 'Password is too short'
+  end
+
+  def test_returns_error_response_if_throttled
+    ENV['shunter_default_threshold'] = '1'
+    ENV['shunter_enabled'] = 'true'
+
+    request_body = {
+      api_user: {
+        active: true,
+      },
+    }
+
+    put "/repp/v1/api_users/#{@user.id}", headers: @auth_headers, params: request_body
+    put "/repp/v1/api_users/#{@user.id}", headers: @auth_headers, params: request_body
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV['shunter_default_threshold'] = '10000'
+    ENV['shunter_enabled'] = 'false'
+  end
+end

test/integration/repp/v1/white_ips/create_test.rb

@@ -0,0 +1,75 @@
+require 'test_helper'
+
+class ReppV1WhiteIpsCreateTest < ActionDispatch::IntegrationTest
+  def setup
+    @user = users(:api_bestnames)
+    token = Base64.encode64("#{@user.username}:#{@user.plain_text_password}")
+    token = "Basic #{token}"
+
+    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV['shunter_default_adapter'].constantize.new
+    adapter&.clear!
+  end
+
+  def test_creates_new_white_ip
+    request_body = {
+      white_ip: {
+        ipv4: '127.0.0.1',
+        ipv6: '',
+        interfaces: ['API'],
+      },
+    }
+
+    post '/repp/v1/white_ips', headers: @auth_headers, params: request_body
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :ok
+    assert_equal 1000, json[:code]
+    assert_equal 'Command completed successfully', json[:message]
+
+    white_ip = WhiteIp.find(json[:data][:ip][:id])
+    assert white_ip.present?
+
+    assert_equal(request_body[:white_ip][:ipv4], white_ip.ipv4)
+  end
+
+  def test_validates_ip_max_count
+    request_body = {
+      white_ip: {
+        ipv4: '',
+        ipv6: '2001:db8::/120',
+        interfaces: ['API'],
+      },
+    }
+
+    post '/repp/v1/white_ips', headers: @auth_headers, params: request_body
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert json[:message].include? 'IP address limit exceeded'
+  end
+
+  def test_returns_error_response_if_throttled
+    ENV['shunter_default_threshold'] = '1'
+    ENV['shunter_enabled'] = 'true'
+
+    request_body = {
+      white_ip: {
+        ipv4: '127.0.0.1',
+        ipv6: '',
+        interfaces: ['API'],
+      },
+    }
+
+    post '/repp/v1/white_ips', headers: @auth_headers, params: request_body
+    post '/repp/v1/white_ips', headers: @auth_headers, params: request_body
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV['shunter_default_threshold'] = '10000'
+    ENV['shunter_enabled'] = 'false'
+  end
+end

test/integration/repp/v1/white_ips/delete_test.rb

@@ -0,0 +1,40 @@
+require 'test_helper'
+
+class ReppV1WhiteIpsDeleteTest < ActionDispatch::IntegrationTest
+  def setup
+    @user = users(:api_bestnames)
+    token = Base64.encode64("#{@user.username}:#{@user.plain_text_password}")
+    token = "Basic #{token}"
+
+    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV['shunter_default_adapter'].constantize.new
+    adapter&.clear!
+  end
+
+  def test_deletes_white_ip
+    ip = white_ips(:one)
+    delete "/repp/v1/white_ips/#{ip.id}", headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :ok
+    assert_equal 1000, json[:code]
+    assert_equal 'Command completed successfully', json[:message]
+    refute WhiteIp.exists?(ip.id)
+  end
+
+  def test_returns_error_response_if_throttled
+    ENV['shunter_default_threshold'] = '1'
+    ENV['shunter_enabled'] = 'true'
+
+    delete "/repp/v1/white_ips/#{white_ips(:one).id}", headers: @auth_headers
+    delete "/repp/v1/white_ips/#{white_ips(:two).id}", headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV['shunter_default_threshold'] = '10000'
+    ENV['shunter_enabled'] = 'false'
+  end
+end

test/integration/repp/v1/white_ips/list_test.rb

@@ -0,0 +1,39 @@
+require 'test_helper'
+
+class ReppV1ApiWhiteIpsListTest < ActionDispatch::IntegrationTest
+  def setup
+    @user = users(:api_bestnames)
+    token = Base64.encode64("#{@user.username}:#{@user.plain_text_password}")
+    token = "Basic #{token}"
+
+    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV['shunter_default_adapter'].constantize.new
+    adapter&.clear!
+  end
+
+  def test_returns_white_ips
+    get repp_v1_white_ips_url, headers: @auth_headers
+    assert_response :success
+
+    response_json = JSON.parse(response.body, symbolize_names: true)
+    assert_equal @user.registrar.white_ips.count, response_json[:data][:count]
+    assert_equal @user.registrar.white_ips.count, response_json[:data][:ips].length
+    assert response_json[:data][:ips][0].is_a? Hash
+  end
+
+  def test_returns_error_response_if_throttled
+    ENV['shunter_default_threshold'] = '1'
+    ENV['shunter_enabled'] = 'true'
+
+    get repp_v1_white_ips_path, headers: @auth_headers
+    get repp_v1_white_ips_path, headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV['shunter_default_threshold'] = '10000'
+    ENV['shunter_enabled'] = 'false'
+  end
+end

test/integration/repp/v1/white_ips/show_test.rb

@@ -0,0 +1,54 @@
+require 'test_helper'
+
+class ReppV1ApiWhiteIpsShowTest < ActionDispatch::IntegrationTest
+  def setup
+    @user = users(:api_bestnames)
+    token = Base64.encode64("#{@user.username}:#{@user.plain_text_password}")
+    token = "Basic #{token}"
+
+    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV['shunter_default_adapter'].constantize.new
+    adapter&.clear!
+  end
+
+  def test_returns_error_when_not_found
+    get repp_v1_white_ip_path(id: 'definitelynotexistant'), headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :not_found
+    assert_equal 2303, json[:code]
+    assert_equal 'Object does not exist', json[:message]
+  end
+
+  def test_shows_existing_white_ip
+    white_ip = @user.registrar.white_ips.first
+
+    get repp_v1_white_ip_path(id: white_ip.id), headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :ok
+    assert_equal 1000, json[:code]
+    assert_equal 'Command completed successfully', json[:message]
+
+    assert_equal white_ip.id, json[:data][:ip][:id]
+    assert_equal WhiteIp::INTERFACES, json[:data][:interfaces]
+  end
+
+  def test_returns_error_response_if_throttled
+    ENV['shunter_default_threshold'] = '1'
+    ENV['shunter_enabled'] = 'true'
+
+    white_ip = @user.registrar.white_ips.first
+
+    get repp_v1_white_ip_path(id: white_ip.id), headers: @auth_headers
+    get repp_v1_white_ip_path(id: white_ip.id), headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV['shunter_default_threshold'] = '10000'
+    ENV['shunter_enabled'] = 'false'
+  end
+end

test/integration/repp/v1/white_ips/update_test.rb

@@ -0,0 +1,82 @@
+require 'test_helper'
+
+class ReppV1ApiWhiteIpsUpdateTest < ActionDispatch::IntegrationTest
+  def setup
+    @user = users(:api_bestnames)
+    @white_ip = white_ips(:one)
+    token = Base64.encode64("#{@user.username}:#{@user.plain_text_password}")
+    token = "Basic #{token}"
+
+    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV['shunter_default_adapter'].constantize.new
+    adapter&.clear!
+  end
+
+  def test_updates_white_ip
+    request_body = {
+      white_ip: {
+        ipv4: '127.0.0.1',
+      },
+    }
+
+    put "/repp/v1/white_ips/#{@white_ip.id}", headers: @auth_headers, params: request_body
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :ok
+    assert_equal 1000, json[:code]
+    assert_equal 'Command completed successfully', json[:message]
+
+    ip = WhiteIp.find(json[:data][:ip][:id])
+    assert_equal ip.ipv4, @white_ip.ipv4
+  end
+
+  def test_returns_error_if_ipv4_wrong_format
+    request_body = {
+      white_ip: {
+        ipv4: 'wrongip',
+      },
+    }
+
+    put "/repp/v1/white_ips/#{@white_ip.id}", headers: @auth_headers, params: request_body
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert json[:message].include? 'IPv4 is invalid'
+  end
+
+  def test_returns_error_if_both_ips
+    request_body = {
+      white_ip: {
+        ipv6: '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
+      },
+    }
+
+    put "/repp/v1/white_ips/#{@white_ip.id}", headers: @auth_headers, params: request_body
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert json[:message].include? 'Please enter only one IP address'
+  end
+
+  def test_returns_error_response_if_throttled
+    ENV['shunter_default_threshold'] = '1'
+    ENV['shunter_enabled'] = 'true'
+
+    request_body = {
+      white_ip: {
+        ipv4: '127.0.0.1',
+      },
+    }
+
+    put "/repp/v1/white_ips/#{@white_ip.id}", headers: @auth_headers, params: request_body
+    put "/repp/v1/white_ips/#{@white_ip.id}", headers: @auth_headers, params: request_body
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV['shunter_default_threshold'] = '10000'
+    ENV['shunter_enabled'] = 'false'
+  end
+end