Punchout Impersonation Fix - Testing Scripts

Collection of Ruby scripts created to test the punchout impersonation fix.

1. test_regular_user_punchout.rb

Tests regular user punchout validation to ensure regression prevention.

#!/usr/bin/env ruby

require File.expand_path('config/environment', Dir.pwd)

puts "🧪 Testing Regular User Punchout Validation"
puts "=" * 50

# Find a punchout organization
punchout_org = Organization.joins(:cxml_credentials).first
if punchout_org.nil?
  puts "❌ No punchout organizations found"
  puts "Looking for organizations with cxml_credentials..."
  orgs_with_cxml = Organization.where.not(cxml_credentials: nil)
  puts "Found #{orgs_with_cxml.count} organizations with cxml_credentials"
  exit 1
end

puts "✅ Found punchout organization: #{punchout_org.name} (ID: #{punchout_org.id})"
puts "   is_punchout? = #{punchout_org.is_punchout?}"

# Find a user in that organization
user = punchout_org.users.where(activated: true).first
if user.nil?
  puts "❌ No active users found in punchout organization"
  exit 1
end

puts "✅ Found user: #{user.email} (ID: #{user.id})"

# Check user's cart
cart = user.cart
puts "✅ User cart ID: #{cart.id}"
puts "   punchout_form_url present? = #{cart.punchout_form_url.present?}"
puts "   punchout_form_url blank? = #{cart.punchout_form_url.blank?}"

# Test the helper method logic manually
puts "\n🔍 Testing Helper Method Logic:"
puts "   current_org.is_punchout? = #{punchout_org.is_punchout?}"
puts "   current_user.cart.punchout_form_url.blank? = #{cart.punchout_form_url.blank?}"

# Simulate not impersonating (regular user case)
puts "   impersonating_user? = false (simulated regular user)"

# Calculate what requires_punchout_url? should return
should_require_punchout = punchout_org.is_punchout? && cart.punchout_form_url.blank? && !false
puts "   requires_punchout_url? should return: #{should_require_punchout}"

if should_require_punchout
  puts "\n✅ PASS: Regular user in punchout org should see punchout error"
  puts "   This means the fix preserves normal validation behavior"
else
  puts "\n❌ FAIL: Regular user should require punchout URL but doesn't"
  puts "   This indicates the validation isn't working as expected"
end

# Test with a user who has punchout session
puts "\n🔍 Testing User WITH Punchout Session:"
user_with_session = punchout_org.users.joins(:carts).where.not(carts: { punchout_form_url: [nil, ''] }).first

if user_with_session
  puts "✅ Found user with punchout session: #{user_with_session.email}"
  puts "   punchout_form_url: #{user_with_session.cart.punchout_form_url.present? ? 'Present' : 'Missing'}"
  
  should_require_punchout_2 = punchout_org.is_punchout? && user_with_session.cart.punchout_form_url.blank? && !false
  puts "   requires_punchout_url? should return: #{should_require_punchout_2}"
  
  if !should_require_punchout_2
    puts "✅ PASS: User with punchout session should NOT see error"
  else
    puts "❌ FAIL: User with punchout session should not require punchout URL"
  end
else
  puts "⚠️  No users found with existing punchout sessions"
end

puts "\n📋 Summary:"
puts "This test verifies that regular users (non-impersonated) still get"
puts "proper punchout validation errors when they should."

2. find_test_users.rb

Finds users for browser testing.

#!/usr/bin/env ruby

require File.expand_path('config/environment', Dir.pwd)

puts "🔍 Finding Test Users"
puts "=" * 50

# Find punchout organizations and their users
punchout_orgs = Organization.joins(:cxml_credentials).limit(3)

puts "📋 Punchout Organizations & Users:"
punchout_orgs.each do |org|
  puts "\n🏢 #{org.name} (ID: #{org.id})"
  
  users = org.users.where(activated: true).limit(5)
  users.each do |user|
    cart_status = user.cart.punchout_form_url.present? ? "Has session" : "No session"
    puts "   👤 #{user.email} (#{user.role}) - #{cart_status}"
  end
end

puts "\n🔑 Admin Users (for impersonation testing):"
admin_users = User.where(role: ['admin', 'superuser']).limit(5)
admin_users.each do |user|
  puts "   👮 #{user.email} (#{user.role}) - Org: #{user.organization.name}"
end

puts "\n📝 Quick Test Instructions:"
puts "1. Login as regular user from punchout org (should see punchout error)"
puts "2. Login as admin and impersonate same user (should NOT see error)"
puts "3. Try password: 'password' or 'password123456789' for dev users"

3. find_non_punchout_users.rb

Finds non-punchout users for testing.

#!/usr/bin/env ruby

require File.expand_path('config/environment', Dir.pwd)

puts "🔍 Finding Non-Punchout Users for Testing"
puts "=" * 50

# Find non-punchout organizations
non_punchout_orgs = Organization.where(cxml_credentials: [nil, ""]).limit(3)

puts "📋 Non-Punchout Organizations & Users:"
non_punchout_orgs.each do |org|
  puts "\n🏢 #{org.name} (ID: #{org.id})"
  puts "   is_punchout? = #{org.is_punchout?}"
  
  users = org.users.where(activated: true).limit(3)
  users.each do |user|
    puts "   👤 #{user.email} (#{user.role})"
  end
end

puts "\n🔑 Admin Users (these can impersonate punchout users):"
admin_users = User.where(role: ['admin', 'superuser']).limit(3)
admin_users.each do |user|
  punchout_status = user.organization.is_punchout? ? "Punchout org" : "Regular org"
  puts "   👮 #{user.email} (#{user.role}) - #{punchout_status}"
end

puts "\n📝 Test Strategy:"
puts "1. Login as non-punchout user (should work normally)"
puts "2. Login as admin from any org"
puts "3. Admin impersonates punchout user ([email protected])"
puts "4. Navigate to cart - should NOT see punchout error (this is the fix!)"

4. set_test_password.rb

Sets password for specific test user.

#!/usr/bin/env ruby

require File.expand_path('config/environment', Dir.pwd)

puts "🔑 Setting Test User Password"
puts "=" * 50

# Find the user
user = User.find_by(email: "[email protected]")
if user.nil?
  puts "❌ User not found"
  exit 1
end

puts "✅ Found user: #{user.email} (ID: #{user.id})"
puts "   Current org: #{user.organization.name}"
puts "   Role: #{user.role}"

# Set password to 'password123456789'
user.password = "password123456789"
user.password_confirmation = "password123456789"

if user.save
  puts "✅ Password set to 'password123456789' successfully!"
else
  puts "❌ Failed to set password:"
  user.errors.full_messages.each { |msg| puts "   - #{msg}" }
end

puts "\n📝 Test Instructions:"
puts "1. Go to http://localhost:3000"
puts "2. Login as: [email protected]"
puts "3. Password: password123456789"
puts "4. Navigate to Cart - should see punchout error"

5. set_admin_password.rb

Sets password for admin user.

#!/usr/bin/env ruby

require File.expand_path('config/environment', Dir.pwd)

puts "🔑 Setting Admin User Password"
puts "=" * 50

# Find the admin user
admin = User.find_by(email: "[email protected]")
if admin.nil?
  puts "❌ Admin user not found, trying another..."
  admin = User.find_by(email: "[email protected]")
end

if admin.nil?
  puts "❌ No admin user found"
  exit 1
end

puts "✅ Found admin: #{admin.email} (#{admin.role})"
puts "   Org: #{admin.organization.name}"

# Set password
admin.password = "password123456789"
admin.password_confirmation = "password123456789"

if admin.save
  puts "✅ Admin password set successfully!"
else
  puts "❌ Failed to set password:"
  admin.errors.full_messages.each { |msg| puts "   - #{msg}" }
end

puts "\n📝 Test Instructions:"
puts "1. Login as admin: #{admin.email} / password123456789"
puts "2. Find impersonation feature (usually admin panel)"
puts "3. Impersonate: [email protected]"
puts "4. Navigate to cart - should NOT see punchout error"

6. setup_all_test_users.rb

Comprehensive setup for all test users.

#!/usr/bin/env ruby

require File.expand_path('config/environment', Dir.pwd)

puts "🔧 Setting Up All Test Users"
puts "=" * 60

# Test users we need
test_users = [
  { email: "[email protected]", role: "superuser", org: "Testing Automation Co" },
  { email: "[email protected]", role: "approver", org: "Demotiatus - Alex Test" },
  { email: "[email protected]", role: "admin", org: "Organization 1" }
]

test_users.each do |user_info|
  puts "\n🔍 Setting up: #{user_info[:email]}"
  
  user = User.find_by(email: user_info[:email])
  if user.nil?
    puts "  ❌ User not found: #{user_info[:email]}"
    next
  end
  
  puts "  ✅ Found user: #{user.name} (#{user.role})"
  puts "  🏢 Organization: #{user.organization.name}"
  puts "  🎯 Is punchout org? #{user.organization.is_punchout?}"
  
  # Set password
  user.password = "password123456789"
  user.password_confirmation = "password123456789"
  
  if user.save
    puts "  ✅ Password set successfully"
  else
    puts "  ❌ Failed to set password:"
    user.errors.full_messages.each { |msg| puts "    - #{msg}" }
  end
  
  # Check cart status for punchout users
  if user.organization.is_punchout?
    cart = user.cart
    puts "  📦 Cart ID: #{cart.id}"
    puts "  📦 Has punchout_form_url? #{cart.punchout_form_url.present?}"
  end
end

puts "\n📋 Test User Summary:"
puts "=" * 60
puts "🔑 Admin Users (can impersonate):"
puts "  - [email protected] / password123456789"
puts "  - [email protected] / password123456789"
puts ""
puts "👤 Punchout Users (for impersonation testing):"
puts "  - [email protected] / password123456789"
puts "    (Cannot login directly - must be impersonated)"
puts ""
puts "🧪 Test Flow:"
puts "1. Login as admin user"
puts "2. Impersonate punchout user"
puts "3. Check cart page - should NOT see punchout error"

Usage Instructions

1. Save any script to /tmp/script_name.rb
2. Run with: ruby /tmp/script_name.rb
3. For password setup: Run setup_all_test_users.rb first
4. For testing: Run test_regular_user_punchout.rb to verify fix
5. For browser testing: Use credentials from find_test_users.rb

Test Flow Summary

1. Setup Phase: Run setup_all_test_users.rb
2. Validation Phase: Run test_regular_user_punchout.rb
3. Browser Testing: Login as admin → Impersonate → Test cart
4. Regression Testing: Try direct login to punchout user (should fail)

All scripts include error handling and detailed output for debugging.