Merge branch 'master' into 14874-protected-collection-properties

[arvados.git] / services / api / test / functional / application_controller_test.rb

diff --git a/services/api/test/functional/application_controller_test.rb b/services/api/test/functional/application_controller_test.rb
index 4144d0a922eb43ade4373cc2d64c54bd044a6504..b5f71acb536aa9bdd2bbf1ba67bbd6aba55560af 100644 (file)
--- a/services/api/test/functional/application_controller_test.rb
+++ b/services/api/test/functional/application_controller_test.rb
@@ -1,3 +1,7 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
 require 'test_helper'
 
 class ApplicationControllerTest < ActionController::TestCase
@@ -30,20 +34,86 @@ class ApplicationControllerTest < ActionController::TestCase
 
   test "requesting nonexistent object returns 404 error" do
     authorize_with :admin
-    get(:show, id: BAD_UUID)
+    get(:show, params: {id: BAD_UUID})
     check_404
   end
 
   test "requesting object without read permission returns 404 error" do
     authorize_with :spectator
-    get(:show, id: specimens(:owned_by_active_user).uuid)
+    get(:show, params: {id: specimens(:owned_by_active_user).uuid})
     check_404
   end
 
   test "submitting bad object returns error" do
     authorize_with :spectator
-    post(:create, specimen: {badattr: "badvalue"})
+    post(:create, params: {specimen: {badattr: "badvalue"}})
     assert_response 422
     check_error_token
   end
+
+  test "X-Request-Id header" do
+    authorize_with :spectator
+    get(:index)
+    assert_match /^req-[0-9a-zA-Z]{20}$/, response.headers['X-Request-Id']
+  end
+
+  # The response header is the one that gets logged, so this test also
+  # ensures we log the ID supplied in the request, if any.
+  test "X-Request-Id given by client" do
+    authorize_with :spectator
+    @request.headers['X-Request-Id'] = 'abcdefG'
+    get(:index)
+    assert_equal 'abcdefG', response.headers['X-Request-Id']
+  end
+
+  test "X-Request-Id given by client is ignored if too long" do
+    authorize_with :spectator
+    @request.headers['X-Request-Id'] = 'abcdefG' * 1000
+    get(:index)
+    assert_match /^req-[0-9a-zA-Z]{20}$/, response.headers['X-Request-Id']
+  end
+
+  ['foo', '', 'FALSE', 'TRUE', nil, [true], {a:true}, '"true"'].each do |bogus|
+    test "bogus boolean parameter #{bogus.inspect} returns error" do
+      @controller = Arvados::V1::GroupsController.new
+      authorize_with :active
+      post :create, params: {
+        group: {},
+        ensure_unique_name: bogus
+      }
+      assert_response 422
+      assert_match(/parameter must be a boolean/, json_response['errors'].first,
+                   'Helpful error message not found')
+    end
+  end
+
+  [[true, [true, 'true', 1, '1']],
+   [false, [false, 'false', 0, '0']]].each do |bool, boolparams|
+    boolparams.each do |boolparam|
+      # Ensure boolparam is acceptable as a boolean
+      test "boolean parameter #{boolparam.inspect} acceptable" do
+        @controller = Arvados::V1::GroupsController.new
+        authorize_with :active
+        post :create, params: {
+          group: {},
+          ensure_unique_name: boolparam
+        }
+        assert_response :success
+      end
+
+      # Ensure boolparam is acceptable as the _intended_ boolean
+      test "boolean parameter #{boolparam.inspect} accepted as #{bool.inspect}" do
+        @controller = Arvados::V1::GroupsController.new
+        authorize_with :active
+        post :create, params: {
+          group: {
+            name: groups(:aproject).name,
+            owner_uuid: groups(:aproject).owner_uuid
+          },
+          ensure_unique_name: boolparam
+        }
+        assert_response (bool ? :success : 422)
+      end
+    end
+  end
 end