38 lines
1.1 KiB
Ruby
38 lines
1.1 KiB
Ruby
require 'spec_helper'
|
|
|
|
describe 'api' do
|
|
before do
|
|
fake_key = SecureRandom.hex(32)
|
|
SiteSetting.stubs(:api_key).returns(fake_key)
|
|
end
|
|
|
|
describe PostsController do
|
|
let(:user) do
|
|
Fabricate(:user)
|
|
end
|
|
|
|
let(:post) do
|
|
Fabricate(:post)
|
|
end
|
|
|
|
# choosing an arbitrarily easy to mock trusted activity
|
|
it 'allows users with api key to bookmark posts' do
|
|
PostAction.expects(:act).with(user,post,PostActionType.types[:bookmark]).returns(true)
|
|
put :bookmark, bookmarked: "true" ,post_id: post.id , api_key: SiteSetting.api_key, api_username: user.username
|
|
end
|
|
|
|
it 'disallows phonies to bookmark posts' do
|
|
lambda do
|
|
put :bookmark, bookmarked: "true" ,post_id: post.id , api_key: SecureRandom.hex(32), api_username: user.username
|
|
end.should raise_error Discourse::NotLoggedIn
|
|
end
|
|
|
|
it 'disallows blank api' do
|
|
SiteSetting.stubs(:api_key).returns("")
|
|
lambda do
|
|
put :bookmark, bookmarked: "true" ,post_id: post.id , api_key: "", api_username: user.username
|
|
end.should raise_error Discourse::NotLoggedIn
|
|
end
|
|
end
|
|
end
|