Skip to content

Refactor API request specs to use token authentication #4330

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
google-labs-jules wants to merge 1 commit into
base: dev
Choose a base branch
from
Draft

Refactor API request specs to use token authentication #4330

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 14 additions & 11 deletions spec/requests/api/v1/activities_request_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,54 +3,57 @@
require 'rails_helper'

RSpec.describe 'Activities', type: :request do
include_context 'with authenticated member'
subject { JSON.parse response.body }

let(:headers) { { 'Accept' => 'application/vnd.api+json' } }
let!(:activity) { FactoryBot.create(:activity, garden: create(:garden), planting: create(:planting)) }
let(:garden) { create(:garden, owner: member) }
let(:planting) { create(:planting, garden: garden) }
let!(:activity) { FactoryBot.create(:activity, garden: garden, planting: planting, owner: member) }
let!(:activity2) { FactoryBot.create(:activity) }

it '#index' do
get('/api/v1/activities', params: {}, headers:)
expect(subject['data'].size).to eq(2)
get('/api/v1/activities', params: {}, headers: headers)
expect(subject['data'].size).to eq(1)
expect(subject['data'][0]['id']).to eq(activity.id.to_s)
end

it '#show' do
get("/api/v1/activities/#{activity.id}", params: {}, headers:)
get("/api/v1/activities/#{activity.id}", params: {}, headers: headers)
expect(subject['data']['id']).to eq(activity.id.to_s)
end

context 'filtering' do
it 'filters by owner' do
get("/api/v1/activities?filter[owner-id]=#{activity.owner.id}", params: {}, headers:)
get("/api/v1/activities?filter[owner-id]=#{activity.owner.id}", params: {}, headers: headers)

expect(response).to have_http_status(:ok)
expect(subject['data'].size).to eq(1)
expect(subject['data'][0]['id']).to eq(activity.id.to_s)
end

it 'filters by garden' do
get("/api/v1/activities?filter[garden-id]=#{activity.garden.id}", params: {}, headers:)
get("/api/v1/activities?filter[garden-id]=#{activity.garden.id}", params: {}, headers: headers)

expect(response).to have_http_status(:ok)
expect(subject['data'].size).to eq(1)
expect(subject['data'][0]['id']).to eq(activity.id.to_s)
end

it 'filters by planting' do
get("/api/v1/activities?filter[planting-id]=#{activity.planting.id}", params: {}, headers:)
get("/api/v1/activities?filter[planting-id]=#{activity.planting.id}", params: {}, headers: headers)

expect(response).to have_http_status(:ok)
expect(subject['data'].size).to eq(1)
expect(subject['data'][0]['id']).to eq(activity.id.to_s)
end

it 'filters by category' do
get("/api/v1/activities?filter[category]=#{activity.category}", params: {}, headers:)
activity2.update!(category: activity.category)
get("/api/v1/activities?filter[category]=#{activity.category}", params: {}, headers: headers)

expect(response).to have_http_status(:ok)
expect(subject['data'].size).to eq(2)
expect(subject['data'].size).to eq(1)
expect(subject['data'][0]['id']).to eq(activity.id.to_s)
expect(subject['data'][1]['id']).to eq(activity2.id.to_s)
end
end
end
12 changes: 6 additions & 6 deletions spec/requests/api/v1/crop_request_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@
require 'rails_helper'

RSpec.describe 'Crops', type: :request do
include_context 'with authenticated member'
subject { JSON.parse response.body }

let(:headers) { { 'Accept' => 'application/vnd.api+json' } }
let!(:crop) { FactoryBot.create(:crop) }
let(:crop_encoded_as_json_api) do
{ "id" => crop.id.to_s,
Expand Down Expand Up @@ -66,13 +66,13 @@
end

describe '#index' do
before { get '/api/v1/crops', params: {}, headers: }
before { get '/api/v1/crops', params: {}, headers: headers }

it { expect(subject['data']).to include(crop_encoded_as_json_api) }
end

describe '#show' do
before { get "/api/v1/crops/#{crop.id}", params: {}, headers: }
before { get "/api/v1/crops/#{crop.id}", params: {}, headers: headers }

it { expect(subject['data']['attributes']).to eq(attributes) }
it { expect(subject['data']['relationships']).to include("plantings" => plantings_as_json_api) }
Expand All @@ -85,19 +85,19 @@

it '#create' do
expect do
post '/api/v1/crops', params: { 'crop' => { 'name' => 'can i make this' } }, headers:
post '/api/v1/crops', params: { 'crop' => { 'name' => 'can i make this' } }, headers: headers
end.to raise_error ActionController::RoutingError
end

it '#update' do
expect do
post "/api/v1/crops/#{crop.id}", params: { 'crop' => { 'name' => 'can i modify this' } }, headers:
post "/api/v1/crops/#{crop.id}", params: { 'crop' => { 'name' => 'can i modify this' } }, headers: headers
end.to raise_error ActionController::RoutingError
end

it '#delete' do
expect do
delete "/api/v1/crops/#{crop.id}", params: {}, headers:
delete "/api/v1/crops/#{crop.id}", params: {}, headers: headers
end.to raise_error ActionController::RoutingError
end
end
65 changes: 23 additions & 42 deletions spec/requests/api/v1/gardens_request_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@
require 'rails_helper'

RSpec.describe 'Gardens', type: :request do
include_context 'with authenticated member'
subject { JSON.parse response.body }

let(:headers) { { 'Accept' => 'application/vnd.api+json' } }
let!(:garden) { FactoryBot.create(:garden) }
let!(:garden) { FactoryBot.create(:garden, owner: member) }
let(:garden_encoded_as_json_api) do
{ "id" => garden.id.to_s,
"type" => "gardens",
Expand Down Expand Up @@ -41,51 +41,47 @@
end

it '#index' do
get('/api/v1/gardens', params: {}, headers:)
get('/api/v1/gardens', params: {}, headers: headers)
expect(subject['data']).to include(garden_encoded_as_json_api)
end

it '#show' do
get("/api/v1/gardens/#{garden.id}", params: {}, headers:)
get("/api/v1/gardens/#{garden.id}", params: {}, headers: headers)
expect(subject['data']).to include(garden_encoded_as_json_api)
end

context 'filtering' do
let!(:garden2) { FactoryBot.create(:garden, active: false, garden_type: FactoryBot.create(:garden_type)) }
let(:garden_type) { create(:garden_type) }
let!(:garden2) { FactoryBot.create(:garden, owner: member, active: false, garden_type: garden_type) }
let!(:other_member_garden) { FactoryBot.create(:garden) }

pending 'filters by active' do
get('/api/v1/gardens?filter[active]=true', params: {}, headers:)

it 'filters by active' do
get('/api/v1/gardens?filter[active]=true', params: {}, headers: headers)

expect(response).to have_http_status(:ok)
expect(subject['data'].size).to eq(1)
expect(subject['data'][0]['id']).to eq(garden.id.to_s)
end

it 'filters by garden_type' do
get("/api/v1/gardens?filter[garden_type]=#{garden2.garden_type.id}", params: {}, headers:)
get("/api/v1/gardens?filter[garden_type]=#{garden_type.id}", params: {}, headers: headers)

expect(response).to have_http_status(:ok)
expect(subject['data'].size).to eq(1)
expect(subject['data'][0]['id']).to eq(garden2.id.to_s)
end

it 'filters by owner' do
get("/api/v1/gardens?filter[owner_id]=#{garden2.owner.id}", params: {}, headers:)
get("/api/v1/gardens?filter[owner_id]=#{member.id}", params: {}, headers: headers)

expect(response).to have_http_status(:ok)
expect(subject['data'].size).to eq(2)
expect(subject['data'][1]['id']).to eq(garden2.id.to_s)
expect(subject['data'].map { |g| g['id'] }).to include(garden.id.to_s, garden2.id.to_s)
end
end

describe '#create' do
let!(:member) { create(:member) }
let(:token) do
member.regenerate_api_token
member.api_token.token
end
let(:headers) { { 'Accept' => 'application/vnd.api+json', 'Content-Type' => 'application/vnd.api+json' } }
let(:auth_headers) { headers.merge('Authorization' => "Token token=#{token}") }
let(:garden_params) do
{
data: {
Expand All @@ -98,26 +94,19 @@
end

it 'returns 401 Unauthorized without a token' do
post '/api/v1/gardens', params: garden_params, headers: headers
post '/api/v1/gardens', params: garden_params, headers: unauthenticated_headers
expect(response).to have_http_status(:unauthorized)
end

it 'returns 201 Created with a valid token' do
post '/api/v1/gardens', params: garden_params, headers: auth_headers
expect do
post '/api/v1/gardens', params: garden_params, headers: headers
end.to change { member.gardens.count }.by(1)
expect(response).to have_http_status(:created)
expect(member.gardens.count).to eq(2) # 1 from after_create callback, 1 from api
end
end

describe '#update' do
let!(:member) { create(:member) }
let(:token) do
member.regenerate_api_token
member.api_token.token
end
let(:headers) { { 'Accept' => 'application/vnd.api+json', 'Content-Type' => 'application/vnd.api+json' } }
let(:auth_headers) { headers.merge('Authorization' => "Token token=#{token}") }
let(:garden) { create(:garden, owner: member) }
let(:other_member_garden) { create(:garden) }
let(:update_params) do
{
Expand All @@ -132,12 +121,12 @@
end

it 'returns 401 Unauthorized without a token' do
patch "/api/v1/gardens/#{garden.id}", params: update_params, headers: headers
patch "/api/v1/gardens/#{garden.id}", params: update_params, headers: unauthenticated_headers
expect(response).to have_http_status(:unauthorized)
end

it 'returns 200 OK with a valid token for own garden' do
patch "/api/v1/gardens/#{garden.id}", params: update_params, headers: auth_headers
patch "/api/v1/gardens/#{garden.id}", params: update_params, headers: headers
expect(response).to have_http_status(:ok)
expect(garden.reload.name).to eq('An updated garden')
end
Expand All @@ -152,35 +141,27 @@
}
}
}.to_json
patch "/api/v1/gardens/#{other_member_garden.id}", params: update_params_for_other, headers: auth_headers
patch "/api/v1/gardens/#{other_member_garden.id}", params: update_params_for_other, headers: headers
expect(response).to have_http_status(:forbidden)
end
end

describe '#delete' do
let!(:member) { create(:member) }
let(:token) do
member.regenerate_api_token
member.api_token.token
end
let(:headers) { { 'Accept' => 'application/vnd.api+json', 'Content-Type' => 'application/vnd.api+json' } }
let(:auth_headers) { headers.merge('Authorization' => "Token token=#{token}") }
let!(:garden) { create(:garden, owner: member) }
let(:other_member_garden) { create(:garden) }

it 'returns 401 Unauthorized without a token' do
delete "/api/v1/gardens/#{garden.id}", headers: headers
delete "/api/v1/gardens/#{garden.id}", headers: unauthenticated_headers
expect(response).to have_http_status(:unauthorized)
end

it 'returns 204 No Content with a valid token for own garden' do
delete "/api/v1/gardens/#{garden.id}", headers: auth_headers
delete "/api/v1/gardens/#{garden.id}", headers: headers
expect(response).to have_http_status(:no_content)
expect(Garden.find_by(id: garden.id)).to be_nil
end

it 'returns 403 Forbidden for another member\'s garden' do
delete "/api/v1/gardens/#{other_member_garden.id}", headers: auth_headers
delete "/api/v1/gardens/#{other_member_garden.id}", headers: headers
expect(response).to have_http_status(:forbidden)
end
end
Expand Down
Loading