Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

REFACTOR: user api keys contoller specs to request

This commit is contained in:
OsamaSayegh 2018-06-04 06:00:08 +03:00 committed by Sam
parent 807223deef
commit 1f8805d3af
1 changed files with 30 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
spec/controllers/user_api_keys_controller_spec.rb → spec/requests/user_api_keys_controller_spec.rb
View File

@ -46,8 +46,8 @@ describe UserApiKeysController do
context 'new' do context 'new' do
it "supports a head request cleanly" do it "supports a head request cleanly" do
head :new head "/user-api-key/new"
expect(response.code).to eq("200") expect(response.status).to eq(200)
expect(response.headers["Auth-Api-Version"]).to eq("2") expect(response.headers["Auth-Api-Version"]).to eq("2")
end end
end end
@ -55,14 +55,14 @@ describe UserApiKeysController do
context 'create' do context 'create' do
it "does not allow anon" do it "does not allow anon" do
post :create, params: args, format: :json post "/user-api-key.json", params: args
expect(response.status).to eq(403) expect(response.status).to eq(403)
end end
it "refuses to redirect to disallowed place" do it "refuses to redirect to disallowed place" do
log_in_user(Fabricate(:user)) sign_in(Fabricate(:user))
post :create, params: args, format: :json post "/user-api-key.json", params: args
expect(response.code).to eq("403") expect(response.status).to eq(403)
end end
it "will allow tokens for staff without TL" do it "will allow tokens for staff without TL" do
@ -71,10 +71,10 @@ describe UserApiKeysController do
user = Fabricate(:user, trust_level: 1, moderator: true) user = Fabricate(:user, trust_level: 1, moderator: true)
log_in_user(user) sign_in(user)
post :create, params: args, format: :json post "/user-api-key.json", params: args
expect(response.code).to eq("302") expect(response.status).to eq(302)
end end
it "will not create token unless TL is met" do it "will not create token unless TL is met" do
@ -82,36 +82,29 @@ describe UserApiKeysController do
SiteSetting.allowed_user_api_auth_redirects = args[:auth_redirect] SiteSetting.allowed_user_api_auth_redirects = args[:auth_redirect]
user = Fabricate(:user, trust_level: 1) user = Fabricate(:user, trust_level: 1)
sign_in(user)
log_in_user(user) post "/user-api-key.json", params: args
expect(response.status).to eq(403)
post :create, params: args, format: :json
expect(response.code).to eq("403")
end end
it "will deny access if requesting more rights than allowed" do it "will deny access if requesting more rights than allowed" do
SiteSetting.min_trust_level_for_user_api_key = 0 SiteSetting.min_trust_level_for_user_api_key = 0
SiteSetting.allowed_user_api_auth_redirects = args[:auth_redirect] SiteSetting.allowed_user_api_auth_redirects = args[:auth_redirect]
SiteSetting.allow_user_api_key_scopes = "write" SiteSetting.allow_user_api_key_scopes = "write"
user = Fabricate(:user, trust_level: 0) user = Fabricate(:user, trust_level: 0)
sign_in(user)
log_in_user(user) post "/user-api-key.json", params: args
expect(response.status).to eq(403)
post :create, params: args, format: :json
expect(response.code).to eq("403")
end end
it "allows for a revoke with no id" do it "allows for a revoke with no id" do
key = Fabricate(:readonly_user_api_key) key = Fabricate(:readonly_user_api_key)
request.env['HTTP_USER_API_KEY'] = key.key post "/user-api-key/revoke.json", headers: { HTTP_USER_API_KEY: key.key }
post :revoke, format: :json
expect(response.status).to eq(200) expect(response.status).to eq(200)
key.reload key.reload
expect(key.revoked_at).not_to eq(nil) expect(key.revoked_at).not_to eq(nil)
end end
@ -120,19 +113,20 @@ describe UserApiKeysController do
key1 = Fabricate(:readonly_user_api_key) key1 = Fabricate(:readonly_user_api_key)
key2 = Fabricate(:readonly_user_api_key) key2 = Fabricate(:readonly_user_api_key)
request.env['HTTP_USER_API_KEY'] = key1.key post "/user-api-key/revoke.json",
post :revoke, params: { id: key2.id }, format: :json params: { id: key2.id },
headers: { HTTP_USER_API_KEY: key1.key }
expect(response.status).to eq(403) expect(response.status).to eq(403)
end end
it "will allow readonly api keys to revoke self" do it "will allow readonly api keys to revoke self" do
key = Fabricate(:readonly_user_api_key) key = Fabricate(:readonly_user_api_key)
request.env['HTTP_USER_API_KEY'] = key.key post "/user-api-key/revoke.json",
post :revoke, params: { id: key.id }, format: :json params: { id: key.id },
headers: { HTTP_USER_API_KEY: key.key }
expect(response.status).to eq(200) expect(response.status).to eq(200)
key.reload key.reload
expect(key.revoked_at).not_to eq(nil) expect(key.revoked_at).not_to eq(nil)
end end
@ -145,11 +139,10 @@ describe UserApiKeysController do
args[:push_url] = "https://push.it/here" args[:push_url] = "https://push.it/here"
user = Fabricate(:user, trust_level: 0) user = Fabricate(:user, trust_level: 0)
sign_in(user)
log_in_user(user) post "/user-api-key.json", params: args
expect(response.status).to eq(302)
post :create, params: args, format: :json
expect(response.code).to eq("302")
uri = URI.parse(response.redirect_url) uri = URI.parse(response.redirect_url)
@ -168,7 +161,6 @@ describe UserApiKeysController do
key = user.user_api_keys.first key = user.user_api_keys.first
expect(key.scopes).to include("push") expect(key.scopes).to include("push")
expect(key.push_url).to eq("https://push.it/here") expect(key.push_url).to eq("https://push.it/here")
end end
it "will redirect correctly with valid token" do it "will redirect correctly with valid token" do
@ -180,11 +172,10 @@ describe UserApiKeysController do
args[:push_url] = "https://push.it/here" args[:push_url] = "https://push.it/here"
user = Fabricate(:user, trust_level: 0) user = Fabricate(:user, trust_level: 0)
sign_in(user)
log_in_user(user) post "/user-api-key.json", params: args
expect(response.status).to eq(302)
post :create, params: args, format: :json
expect(response.code).to eq("302")
uri = URI.parse(response.redirect_url) uri = URI.parse(response.redirect_url)
@ -210,10 +201,9 @@ describe UserApiKeysController do
# should overwrite if needed # should overwrite if needed
args["access"] = "pr" args["access"] = "pr"
post :create, params: args, format: :json post "/user-api-key.json", params: args
expect(response.code).to eq("302")
end
expect(response.status).to eq(302)
end
end end
end end