ApiController: check token validity for a given admin

2018-09-26 15:39:45 +02:00 · 2018-09-26 15:39:45 +02:00 · 4a04f2e59f
commit 4a04f2e59f
parent d576d426f4
3 changed files with 43 additions and 42 deletions
--- a/spec/controllers/api_controller_spec.rb
+++ b/spec/controllers/api_controller_spec.rb
@ -1,55 +1,38 @@
 require 'spec_helper'

 describe APIController, type: :controller do
-  controller(APIController) do
-    def show
-      render json: {}, satus: 200
+  describe 'valid_token_for_administrateur?' do
+    let!(:admin) { create(:administrateur) }
+
+    subject { controller.send(:'valid_token_for_administrateur?', admin) }
+
+    context 'when the admin has not any token' do
+      context 'and the token is not given' do
+        it { is_expected.to be false }
+      end
    end

-    def index
-      render json: {}, satus: 200
-    end
-  end
+    context 'when the admin has a token' do
+      let!(:token) { admin.renew_api_token }

-  describe 'GET index' do
-    let!(:administrateur) { create(:administrateur) }
-    let!(:administrateur_with_token) { create(:administrateur, :with_api_token) }
+      context 'and the token is given by params' do
+        before { controller.params[:token] = token }

-    context 'when token is missing' do
-      subject { get :index }
-
-      it { expect(subject.status).to eq(401) }
-    end
-
-    context 'when token is empty' do
-      subject { get :index, params: { token: nil } }
-
-      it { expect(subject.status).to eq(401) }
-    end
-
-    context 'when token does not exist' do
-      let(:token) { 'invalid_token' }
-
-      subject { get :index, params: { token: token } }
-
-      it { expect(subject.status).to eq(401) }
-    end
-
-    context 'when token exist in the params' do
-      subject { get :index, params: { token: administrateur_with_token.api_token } }
-
-      it { expect(subject.status).to eq(200) }
-    end
-
-    context 'when token exist in the header' do
-      before do
-        valid_headers = { 'Authorization' => "Bearer token=#{administrateur_with_token.api_token}" }
-        request.headers.merge!(valid_headers)
+        it { is_expected.to be true }
      end

-      subject { get(:index) }
+      context 'and the token is given by header' do
+        before do
+          valid_headers = { 'Authorization' => "Bearer token=#{token}" }
+          request.headers.merge!(valid_headers)
+        end

-      it { expect(subject.status).to eq(200) }
+        it { is_expected.to be true }
+      end
+
+      context 'and the token is not given' do
+        it { is_expected.to be false }
+      end
    end
  end
 end