refactor api_controller

2023-09-20 09:28:03 +02:00 · 2023-09-20 09:28:03 +02:00 · 118242dbd2
commit 118242dbd2
parent 2664c3671f
3 changed files with 38 additions and 30 deletions
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@ -1,15 +1,6 @@
 class APIController < ApplicationController
  before_action :default_format_json
-
+  before_action :authenticate_from_token
  protected
  def find_administrateur_for_token(procedure)
    api_token = APIToken.authenticate(authorization_bearer_token)
    if api_token.present? && api_token.context.fetch(:procedure_ids).include?(procedure.id)
      api_token.touch(:last_v1_authenticated_at)
      api_token.administrateur
    end
  end
  private
@ -17,19 +8,24 @@ class APIController < ApplicationController
    request.format = "json" if !request.params[:format]
  end
-  def authorization_bearer_token
+  def check_api_token
-    params_token.presence || header_token
+    if @api_token.nil?
      render json: {}, status: :unauthorized
    end
  end
-  def header_token
+  def authenticate_from_token
-    received_token = nil
+    @api_token = authenticate_with_http_token { |t, _o| APIToken.authenticate(t) }
-    authenticate_with_http_token do |token, _options|
+
-      received_token = token
+    # legacy way of sending the token by url
-    end
+    # not available in api v2
-    received_token
+    if @api_token.nil?
      @api_token = APIToken.authenticate(params[:token])
    end
-  def params_token
+    if @api_token.present?
-    params[:token]
+      @api_token.touch(:last_v1_authenticated_at)
      @current_user = @api_token.administrateur.user
    end
  end
 end
--- a/spec/controllers/api/v1/procedures_controller_spec.rb
+++ b/spec/controllers/api/v1/procedures_controller_spec.rb
@ -19,6 +19,13 @@ describe API::V1::ProceduresController, type: :controller do
      it { is_expected.to have_http_status(401) }
    end
    context 'when procedure exist but bad token' do
      let(:token) { 'bad' }
      let(:procedure_id) { create(:procedure, administrateur: admin).id }
      it { is_expected.to have_http_status(401) }
    end
    context 'when procedure exist' do
      let(:procedure_id) { create(:procedure, administrateur: admin).id }
--- a/spec/controllers/api_controller_spec.rb
+++ b/spec/controllers/api_controller_spec.rb
@ -1,36 +1,41 @@
 describe APIController, type: :controller do
-  describe 'valid_token_for_procedure?' do
+  describe 'authenticate_from_token' do
    let(:procedure) { create(:procedure) }
    let(:admin) { procedure.administrateurs.first }
-    subject { !!controller.send(:find_administrateur_for_token, procedure) }
+    subject do
      controller.send(:authenticate_from_token)
      assigns(:api_token)
    end
    context 'when the admin has not any token' do
      context 'and the token is not given' do
-        it { is_expected.to be false }
+        it { is_expected.to be nil }
      end
    end
    context 'when the admin has a token' do
-      let!(:token) { APIToken.generate(admin)[1] }
+      let(:token_bearer_couple) { APIToken.generate(admin) }
      let(:token) { token_bearer_couple[0] }
      let(:bearer) { token_bearer_couple[1] }
      context 'and the token is given by params' do
-        before { controller.params[:token] = token }
+        before { controller.params[:token] = bearer }
-        it { is_expected.to be true }
+        it { is_expected.to eq(token) }
      end
      context 'and the token is given by header' do
        before do
-          valid_headers = { 'Authorization' => "Bearer token=#{token}" }
+          valid_headers = { 'Authorization' => "Bearer token=#{bearer}" }
          request.headers.merge!(valid_headers)
        end
-        it { is_expected.to be true }
+        it { is_expected.to eq(token) }
      end
      context 'and the token is not given' do
-        it { is_expected.to be false }
+        it { is_expected.to be nil }
      end
    end
  end