demarches-normaliennes/spec/controllers/api_controller_spec.rb

describe APIController, type: :controller do
  describe 'authenticate_from_token' do
    let(:procedure) { create(:procedure) }
    let(:admin) { procedure.administrateurs.first }

    subject do
      controller.send(:authenticate_from_token)
      assigns(:api_token)
    end

    context 'when the admin has not any token' do
      context 'and the token is not given' do
        it { is_expected.to be nil }
      end
    end

    context 'when the admin has a token' do
      let(:token_bearer_couple) { APIToken.generate(admin) }
      let(:token) { token_bearer_couple[0] }
      let(:bearer) { token_bearer_couple[1] }

      context 'and the token is given by params' do
        before { controller.params[:token] = bearer }

        it { is_expected.to eq(token) }
      end

      context 'and the token is given by header' do
        before do
          valid_headers = { 'Authorization' => "Bearer token=#{bearer}" }
          request.headers.merge!(valid_headers)
        end

        it { is_expected.to eq(token) }
      end

      context 'and the token is not given' do
        it { is_expected.to be nil }
      end
    end
  end

  describe 'ensure_authorized_network' do
    let(:admin) { create(:administrateur) }
    let(:token_bearer_couple) { APIToken.generate(admin) }
    let(:token) { token_bearer_couple[0] }
    let(:bearer) { token_bearer_couple[1] }
    let(:remote_ip) { '0.0.0.0' }

    controller(APIController) { def fake_action = render(plain: 'Hello, World!') }

    before do
      routes.draw { get 'fake_action' => 'api#fake_action' }
      valid_headers = { 'Authorization' => "Bearer token=#{bearer}" }
      request.headers.merge!(valid_headers)
      request.remote_ip = remote_ip
    end

    describe 'GET #index' do
      subject { get :fake_action }

      context 'when no authorized networks are defined' do
        it { is_expected.to have_http_status(:ok) }
      end

      context 'when a single authorized network is defined' do
        before do
          token.update!(authorized_networks: [IPAddr.new('192.168.1.0/24')])
        end

        context 'and the request comes from it' do
          let(:remote_ip) { '192.168.1.23' }

          it { is_expected.to have_http_status(:ok) }
        end

        context 'and the request does not come from it' do
          let(:remote_ip) { '192.168.2.2' }

          it { is_expected.to have_http_status(:forbidden) }
        end
      end
    end
  end
end
add api v1 procedure controller 2015-12-21 17:51:49 +01:00			`describe APIController, type: :controller do`
refactor api_controller 2023-09-20 09:28:03 +02:00			`describe 'authenticate_from_token' do`
Update specs to use multiple administrateurs 2019-02-26 16:57:04 +01:00			`let(:procedure) { create(:procedure) }`
			`let(:admin) { procedure.administrateurs.first }`
Api Token: do not generate one token by default 2018-08-24 15:53:57 +02:00
refactor api_controller 2023-09-20 09:28:03 +02:00			`subject do`
			`controller.send(:authenticate_from_token)`
			`assigns(:api_token)`
			`end`
Api Token: do not generate one token by default 2018-08-24 15:53:57 +02:00
ApiController: check token validity for a given admin 2018-09-26 15:39:45 +02:00			`context 'when the admin has not any token' do`
			`context 'and the token is not given' do`
refactor api_controller 2023-09-20 09:28:03 +02:00			`it { is_expected.to be nil }`
ApiController: check token validity for a given admin 2018-09-26 15:39:45 +02:00			`end`
add api v1 procedure controller 2015-12-21 17:51:49 +01:00			`end`
Api Token: do not generate one token by default 2018-08-24 15:53:57 +02:00
ApiController: check token validity for a given admin 2018-09-26 15:39:45 +02:00			`context 'when the admin has a token' do`
refactor api_controller 2023-09-20 09:28:03 +02:00			`let(:token_bearer_couple) { APIToken.generate(admin) }`
			`let(:token) { token_bearer_couple[0] }`
			`let(:bearer) { token_bearer_couple[1] }`
Api Token: do not generate one token by default 2018-08-24 15:53:57 +02:00
ApiController: check token validity for a given admin 2018-09-26 15:39:45 +02:00			`context 'and the token is given by params' do`
refactor api_controller 2023-09-20 09:28:03 +02:00			`before { controller.params[:token] = bearer }`
Api Token: do not generate one token by default 2018-08-24 15:53:57 +02:00
refactor api_controller 2023-09-20 09:28:03 +02:00			`it { is_expected.to eq(token) }`
ApiController: check token validity for a given admin 2018-09-26 15:39:45 +02:00			`end`
Api Token: do not generate one token by default 2018-08-24 15:53:57 +02:00
ApiController: check token validity for a given admin 2018-09-26 15:39:45 +02:00			`context 'and the token is given by header' do`
			`before do`
refactor api_controller 2023-09-20 09:28:03 +02:00			`valid_headers = { 'Authorization' => "Bearer token=#{bearer}" }`
ApiController: check token validity for a given admin 2018-09-26 15:39:45 +02:00			`request.headers.merge!(valid_headers)`
			`end`
Api Token: do not generate one token by default 2018-08-24 15:53:57 +02:00
refactor api_controller 2023-09-20 09:28:03 +02:00			`it { is_expected.to eq(token) }`
Api Token: do not generate one token by default 2018-08-24 15:53:57 +02:00			`end`

ApiController: check token validity for a given admin 2018-09-26 15:39:45 +02:00			`context 'and the token is not given' do`
refactor api_controller 2023-09-20 09:28:03 +02:00			`it { is_expected.to be nil }`
ApiController: check token validity for a given admin 2018-09-26 15:39:45 +02:00			`end`
add api v1 procedure controller 2015-12-21 17:51:49 +01:00			`end`
			`end`
feature(api): add ensure_authorized_network for api_controller v1 and v2 2023-12-21 14:00:07 +01:00
			`describe 'ensure_authorized_network' do`
			`let(:admin) { create(:administrateur) }`
			`let(:token_bearer_couple) { APIToken.generate(admin) }`
			`let(:token) { token_bearer_couple[0] }`
			`let(:bearer) { token_bearer_couple[1] }`
			`let(:remote_ip) { '0.0.0.0' }`

			`controller(APIController) { def fake_action = render(plain: 'Hello, World!') }`

			`before do`
			`routes.draw { get 'fake_action' => 'api#fake_action' }`
			`valid_headers = { 'Authorization' => "Bearer token=#{bearer}" }`
			`request.headers.merge!(valid_headers)`
			`request.remote_ip = remote_ip`
			`end`

			`describe 'GET #index' do`
			`subject { get :fake_action }`

			`context 'when no authorized networks are defined' do`
			`it { is_expected.to have_http_status(:ok) }`
			`end`

			`context 'when a single authorized network is defined' do`
			`before do`
			`token.update!(authorized_networks: [IPAddr.new('192.168.1.0/24')])`
			`end`

			`context 'and the request comes from it' do`
			`let(:remote_ip) { '192.168.1.23' }`

			`it { is_expected.to have_http_status(:ok) }`
			`end`

			`context 'and the request does not come from it' do`
			`let(:remote_ip) { '192.168.2.2' }`

			`it { is_expected.to have_http_status(:forbidden) }`
			`end`
			`end`
			`end`
			`end`
Files should end with a new line 2017-04-04 15:27:04 +02:00			`end`