-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathuser_spec.rb
More file actions
257 lines (231 loc) · 9.83 KB
/
user_spec.rb
File metadata and controls
257 lines (231 loc) · 9.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
require 'rails_helper'
describe User do
attr_reader :student_id
attr_reader :student_record
attr_reader :employee_id
attr_reader :employee_record
attr_reader :cs_id
attr_reader :cs_record
attr_reader :ucpath_id
attr_reader :ucpath_record
attr_reader :uid
before do
allow(Alma::User).to receive(:find).and_raise(Error::PatronNotFoundError)
end
describe :from_omniauth do
it 'rejects invalid providers' do
auth = { 'provider' => 'not calnet' }
expect { User.from_omniauth(auth) }.to raise_error(Error::InvalidAuthProviderError)
end
it 'logs a warning when a required schema attribute is missing or renamed' do
auth = {
'provider' => 'calnet',
'extra' => {
'berkeleyEduAffiliations' => 'expected affiliation',
'berkeleyEduCSID' => 'expected cs id',
'berkeleyEduIsMemberOf' => [],
'berkeleyEduUCPathID' => 'expected UC Path ID',
'berkeleyEduAlternatid' => 'expected email', # intentionally wrong case to simulate wrong attribute
'departmentNumber' => 'expected dept. number',
'displayName' => 'expected display name',
'employeeNumber' => 'expected employee ID',
'givenName' => 'expected given name',
'surname' => 'expected surname',
'uid' => 'expected UID'
}
}
missing = %w[berkeleyEduAlternateID berkeleyEduAlternateId]
actual = %w[berkeleyEduAffiliations berkeleyEduAlternatid berkeleyEduCSID berkeleyEduIsMemberOf berkeleyEduUCPathID departmentNumber
displayName employeeNumber givenName surname uid]
# rubocop:disable Layout/LineLength
msg = "Expected CalNet attribute(s) not found (case-sensitive): #{missing.join(', ')}. The actual CalNet attributes: #{actual.join(', ')}. The user is expected UID"
# rubocop:enable Layout/LineLength
expect(Rails.logger).to receive(:info).with(msg)
User.from_omniauth(auth)
end
it 'populates a User object' do
framework_admin_ldap = 'cn=edu:berkeley:org:libr:framework:LIBR-framework-admins,ou=campus groups,dc=berkeley,dc=edu'
auth = {
'provider' => 'calnet',
'extra' => {
'berkeleyEduAffiliations' => 'expected affiliation',
'departmentNumber' => 'expected dept. number',
'displayName' => 'expected display name',
'berkeleyEduAlternateID' => 'expected email',
'employeeNumber' => 'expected employee ID',
'givenName' => 'expected given name',
'berkeleyEduCSID' => 'expected cs id',
'surname' => 'expected surname',
'berkeleyEduUCPathID' => 'expected UC Path ID',
'uid' => 'expected UID',
'berkeleyEduIsMemberOf' => framework_admin_ldap
}
}
[true, false].each do |is_framework_admin|
auth['extra']['berkeleyEduIsMemberOf'] = is_framework_admin ? framework_admin_ldap : ''
user = User.from_omniauth(auth)
expect(user.affiliations).to eq('expected affiliation')
expect(user.department_number).to eq('expected dept. number')
expect(user.display_name).to eq('expected display name')
expect(user.email).to eq('expected email')
expect(user.employee_id).to eq('expected employee ID')
expect(user.given_name).to eq('expected given name')
expect(user.student_id).to eq(nil)
expect(user.surname).to eq('expected surname')
expect(user.ucpath_id).to eq('expected UC Path ID')
expect(user.uid).to eq('expected UID')
expect(user.framework_admin).to eq(is_framework_admin)
end
end
it 'handles a user without CalGroups' do
auth = {
'provider' => 'calnet',
'extra' => {
'berkeleyEduAffiliations' => 'expected affiliation',
'departmentNumber' => 'expected dept. number',
'displayName' => 'expected display name',
'berkeleyEduAlternateID' => 'expected email',
'employeeNumber' => 'expected employee ID',
'givenName' => 'expected given name',
'berkeleyEduCSID' => 'expected cs id',
'surname' => 'expected surname',
'berkeleyEduUCPathID' => 'expected UC Path ID',
'uid' => 'expected UID'
}
}
user = User.from_omniauth(auth)
expect(user.affiliations).to eq('expected affiliation')
expect(user.department_number).to eq('expected dept. number')
expect(user.display_name).to eq('expected display name')
expect(user.email).to eq('expected email')
expect(user.employee_id).to eq('expected employee ID')
expect(user.given_name).to eq('expected given name')
expect(user.student_id).to eq(nil)
expect(user.surname).to eq('expected surname')
expect(user.ucpath_id).to eq('expected UC Path ID')
expect(user.uid).to eq('expected UID')
expect(user.framework_admin).to eq(false)
expect(user.alma_admin).to eq(false)
end
it 'handles a user with old style email attribute' do
auth = {
'provider' => 'calnet',
'extra' => {
'berkeleyEduAffiliations' => 'expected affiliation',
'departmentNumber' => 'expected dept. number',
'displayName' => 'expected display name',
'berkeleyEduAlternateId' => 'expected email',
'employeeNumber' => 'expected employee ID',
'givenName' => 'expected given name',
'berkeleyEduStuID' => 'expected student ID',
'surname' => 'expected surname',
'berkeleyEduUCPathID' => 'expected UC Path ID',
'berkeleyEduCSID' => 'expected cs id',
'uid' => 'expected UID'
}
}
user = User.from_omniauth(auth)
expect(user.affiliations).to eq('expected affiliation')
expect(user.department_number).to eq('expected dept. number')
expect(user.display_name).to eq('expected display name')
expect(user.email).to eq('expected email')
expect(user.employee_id).to eq('expected employee ID')
expect(user.given_name).to eq('expected given name')
expect(user.student_id).to eq('expected student ID')
expect(user.surname).to eq('expected surname')
expect(user.ucpath_id).to eq('expected UC Path ID')
expect(user.uid).to eq('expected UID')
expect(user.framework_admin).to eq(false)
expect(user.alma_admin).to eq(false)
end
end
describe :authenticated? do
it 'returns true if user has an ID' do
user = User.new(uid: '12345')
expect(user.authenticated?).to eq(true)
end
it 'returns false if user ID is nil' do
user = User.new(uid: nil)
expect(user.authenticated?).to eq(false)
end
end
describe :verify_calnet_attributes! do
it 'allows employee-affiliated users without berkeleyEduStuID' do
auth_extra = {
'berkeleyEduAffiliations' => ['EMPLOYEE-TYPE-ACADEMIC'],
'berkeleyEduCSID' => 'cs123',
'berkeleyEduIsMemberOf' => [],
'berkeleyEduUCPathID' => 'ucpath456',
'berkeleyEduAlternateID' => 'email@berkeley.edu',
'departmentNumber' => 'dept1',
'displayName' => 'Test Faculty',
'employeeNumber' => 'emp789',
'givenName' => 'Test',
'surname' => 'Faculty',
'uid' => 'faculty1'
}
expect { User.from_omniauth({ 'provider' => 'calnet', 'extra' => auth_extra }) }.not_to raise_error
end
it 'allows student-affiliated users without employeeNumber and berkeleyEduUCPathID' do
auth_extra = {
'berkeleyEduAffiliations' => ['STUDENT-TYPE-REGISTERED'],
'berkeleyEduCSID' => 'cs123',
'berkeleyEduIsMemberOf' => [],
'berkeleyEduStuID' => 'stu456',
'berkeleyEduAlternateID' => 'email@berkeley.edu',
'departmentNumber' => 'dept1',
'displayName' => 'Test Student',
'givenName' => 'Test',
'surname' => 'Student',
'uid' => 'student1'
}
expect { User.from_omniauth({ 'provider' => 'calnet', 'extra' => auth_extra }) }.not_to raise_error
end
it 'logs missing berkeleyEduStuID for student-affiliated users' do
auth_extra = {
'berkeleyEduAffiliations' => ['STUDENT-TYPE-REGISTERED'],
'berkeleyEduCSID' => 'cs123',
'berkeleyEduIsMemberOf' => [],
'berkeleyEduAlternateID' => 'email@berkeley.edu',
'departmentNumber' => 'dept1',
'displayName' => 'Test Student',
'givenName' => 'Test',
'surname' => 'Student',
'uid' => 'student1'
}
expect(Rails.logger).to receive(:info).with(/berkeleyEduStuID/)
User.from_omniauth({ 'provider' => 'calnet', 'extra' => auth_extra })
end
it 'logs missing employeeNumber for employee-affiliated users' do
auth_extra = {
'berkeleyEduAffiliations' => ['EMPLOYEE-TYPE-STAFF'],
'berkeleyEduCSID' => 'cs123',
'berkeleyEduIsMemberOf' => [],
'berkeleyEduUCPathID' => 'ucpath456',
'berkeleyEduAlternateID' => 'email@berkeley.edu',
'departmentNumber' => 'dept1',
'displayName' => 'Test Staff',
'givenName' => 'Test',
'surname' => 'Staff',
'uid' => 'staff1'
}
expect(Rails.logger).to receive(:info).with(/employeeNumber/)
User.from_omniauth({ 'provider' => 'calnet', 'extra' => auth_extra })
end
end
describe :primary_patron_record do
it 'returns nil when active patron lookup returns nil' do
user = User.new(uid: 'does_not_exist')
allow(Alma::User).to receive(:find_if_active).with('does_not_exist')
.and_return(nil)
expect(user.primary_patron_record).to be_nil
end
it 're-raises active patron lookup errors' do
user = User.new(uid: 'fake_uid')
allow(Alma::User).to receive(:find_if_active).with('fake_uid')
.and_raise(Error::AlmaRecordNotFoundError,
'Alma query failed with response: 500')
expect { user.primary_patron_record }.to raise_error(Error::AlmaRecordNotFoundError)
end
end
end