demarches-normaliennes/spec/controllers/new_administrateur/jeton_particulier_controller_spec.rb

describe NewAdministrateur::JetonParticulierController, type: :controller do
  let(:admin) { create(:administrateur) }
  let(:procedure) { create(:procedure, administrateur: admin) }

  before do
    stub_const("API_PARTICULIER_URL", "https://particulier.api.gouv.fr/api")

    sign_in(admin.user)
  end

  describe "GET #api_particulier" do
    render_views

    subject { get :api_particulier, params: { procedure_id: procedure.id } }

    it do
      is_expected.to have_http_status(:success)
      expect(subject.body).to have_content('Jeton API particulier')
    end
  end

  describe "GET #show" do
    subject { get :show, params: { procedure_id: procedure.id } }

    it { is_expected.to have_http_status(:success) }
  end

  describe "PATCH #update" do
    let(:params) { { procedure_id: procedure.id, procedure: { api_particulier_token: token } } }

    subject { patch :update, params: params }

    context "when jeton has a valid shape" do
      let(:token) { "d7e9c9f4c3ca00caadde31f50fd4521a" }
      before do
        VCR.use_cassette(cassette) do
          subject
        end
      end

      context "and the api response is a success" do
        let(:cassette) { "api_particulier/success/introspect" }
        let(:procedure) { create(:procedure, administrateur: admin, api_particulier_sources: { cnaf: { allocataires: ['noms_prenoms'] } }) }

        it 'saves the jeton' do
          expect(flash.alert).to be_nil
          expect(flash.notice).to eq("Le jeton a bien été mis à jour")
          expect(procedure.reload.api_particulier_token).to eql(token)
          expect(procedure.reload.api_particulier_scopes).to contain_exactly("dgfip_avis_imposition", "dgfip_adresse", "cnaf_allocataires", "cnaf_enfants", "cnaf_adresse", "cnaf_quotient_familial", "mesri_statut_etudiant")
          expect(procedure.reload.api_particulier_sources).to be_empty
        end
      end

      context "and the api response is a success but with an empty scopes" do
        let(:cassette) { "api_particulier/success/introspect_empty_scopes" }

        it 'rejects the jeton' do
          expect(flash.alert).to include("le jeton n'a pas acces aux données")
          expect(flash.notice).to be_nil
          expect(procedure.reload.api_particulier_token).not_to eql(token)
        end
      end

      context "and the api response is not unauthorized" do
        let(:cassette) { "api_particulier/unauthorized/introspect" }

        it 'rejects the jeton' do
          expect(flash.alert).to include("Mise à jour impossible : le jeton n'a pas été trouvé ou n'est pas actif")
          expect(flash.notice).to be_nil
          expect(procedure.reload.api_particulier_token).not_to eql(token)
        end
      end
    end

    context "when jeton is invalid and no network call is made" do
      let(:token) { "jet0n 1nvalide" }

      before { subject }

      it 'rejects the jeton' do
        expect(flash.alert.first).to include("pas le bon format")
        expect(flash.notice).to be_nil
        expect(procedure.reload.api_particulier_token).not_to eql(token)
      end
    end
  end
end
add jetons particulier index page Co-authored-by: François VANTOMME <akarzim@gmail.com> 2021-09-15 11:10:28 +02:00			`describe NewAdministrateur::JetonParticulierController, type: :controller do`
			`let(:admin) { create(:administrateur) }`
			`let(:procedure) { create(:procedure, administrateur: admin) }`

			`before do`
an admin can save it's api particulier token Co-authored-by: François VANTOMME <akarzim@gmail.com> 2021-09-15 10:53:09 +02:00			`stub_const("API_PARTICULIER_URL", "https://particulier.api.gouv.fr/api")`

add jetons particulier index page Co-authored-by: François VANTOMME <akarzim@gmail.com> 2021-09-15 11:10:28 +02:00			`sign_in(admin.user)`
			`end`

			`describe "GET #api_particulier" do`
			`render_views`

			`subject { get :api_particulier, params: { procedure_id: procedure.id } }`

faster jeton_particulier_controller_spec 2021-09-17 13:43:23 +02:00			`it do`
			`is_expected.to have_http_status(:success)`
			`expect(subject.body).to have_content('Jeton API particulier')`
			`end`
add jetons particulier index page Co-authored-by: François VANTOMME <akarzim@gmail.com> 2021-09-15 11:10:28 +02:00			`end`
an admin can save it's api particulier token Co-authored-by: François VANTOMME <akarzim@gmail.com> 2021-09-15 10:53:09 +02:00
			`describe "GET #show" do`
			`subject { get :show, params: { procedure_id: procedure.id } }`

			`it { is_expected.to have_http_status(:success) }`
			`end`

			`describe "PATCH #update" do`
			`let(:params) { { procedure_id: procedure.id, procedure: { api_particulier_token: token } } }`

			`subject { patch :update, params: params }`

			`context "when jeton has a valid shape" do`
			`let(:token) { "d7e9c9f4c3ca00caadde31f50fd4521a" }`
			`before do`
			`VCR.use_cassette(cassette) do`
			`subject`
			`end`
			`end`

			`context "and the api response is a success" do`
			`let(:cassette) { "api_particulier/success/introspect" }`
an api_particulier_token change erases previous api_particulier_sources 2021-09-17 13:48:12 +02:00			`let(:procedure) { create(:procedure, administrateur: admin, api_particulier_sources: { cnaf: { allocataires: ['noms_prenoms'] } }) }`
an admin can save it's api particulier token Co-authored-by: François VANTOMME <akarzim@gmail.com> 2021-09-15 10:53:09 +02:00
faster jeton_particulier_controller_spec 2021-09-17 13:43:23 +02:00			`it 'saves the jeton' do`
			`expect(flash.alert).to be_nil`
			`expect(flash.notice).to eq("Le jeton a bien été mis à jour")`
			`expect(procedure.reload.api_particulier_token).to eql(token)`
			`expect(procedure.reload.api_particulier_scopes).to contain_exactly("dgfip_avis_imposition", "dgfip_adresse", "cnaf_allocataires", "cnaf_enfants", "cnaf_adresse", "cnaf_quotient_familial", "mesri_statut_etudiant")`
an api_particulier_token change erases previous api_particulier_sources 2021-09-17 13:48:12 +02:00			`expect(procedure.reload.api_particulier_sources).to be_empty`
faster jeton_particulier_controller_spec 2021-09-17 13:43:23 +02:00			`end`
an admin can save it's api particulier token Co-authored-by: François VANTOMME <akarzim@gmail.com> 2021-09-15 10:53:09 +02:00			`end`

add logic to detect empty scopes 2021-09-16 09:09:26 +02:00			`context "and the api response is a success but with an empty scopes" do`
			`let(:cassette) { "api_particulier/success/introspect_empty_scopes" }`

faster jeton_particulier_controller_spec 2021-09-17 13:43:23 +02:00			`it 'rejects the jeton' do`
			`expect(flash.alert).to include("le jeton n'a pas acces aux données")`
			`expect(flash.notice).to be_nil`
			`expect(procedure.reload.api_particulier_token).not_to eql(token)`
			`end`
add logic to detect empty scopes 2021-09-16 09:09:26 +02:00			`end`

an admin can save it's api particulier token Co-authored-by: François VANTOMME <akarzim@gmail.com> 2021-09-15 10:53:09 +02:00			`context "and the api response is not unauthorized" do`
			`let(:cassette) { "api_particulier/unauthorized/introspect" }`

faster jeton_particulier_controller_spec 2021-09-17 13:43:23 +02:00			`it 'rejects the jeton' do`
			`expect(flash.alert).to include("Mise à jour impossible : le jeton n'a pas été trouvé ou n'est pas actif")`
			`expect(flash.notice).to be_nil`
			`expect(procedure.reload.api_particulier_token).not_to eql(token)`
			`end`
an admin can save it's api particulier token Co-authored-by: François VANTOMME <akarzim@gmail.com> 2021-09-15 10:53:09 +02:00			`end`
			`end`

add logic to detect empty scopes 2021-09-16 09:09:26 +02:00			`context "when jeton is invalid and no network call is made" do`
an admin can save it's api particulier token Co-authored-by: François VANTOMME <akarzim@gmail.com> 2021-09-15 10:53:09 +02:00			`let(:token) { "jet0n 1nvalide" }`

			`before { subject }`

faster jeton_particulier_controller_spec 2021-09-17 13:43:23 +02:00			`it 'rejects the jeton' do`
			`expect(flash.alert.first).to include("pas le bon format")`
			`expect(flash.notice).to be_nil`
			`expect(procedure.reload.api_particulier_token).not_to eql(token)`
			`end`
an admin can save it's api particulier token Co-authored-by: François VANTOMME <akarzim@gmail.com> 2021-09-15 10:53:09 +02:00			`end`
			`end`
add jetons particulier index page Co-authored-by: François VANTOMME <akarzim@gmail.com> 2021-09-15 11:10:28 +02:00			`end`