DGNum/demarches-normaliennes
13
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Merge pull request #1642 from betagouv/better-api

Browse source 
Améliorations API′
This commit is contained in:
gregoirenovel 2018-03-15 17:59:40 +01:00 committed by GitHub
commit 74d38221af
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 45 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

8
app/controllers/api/v1/dossiers_controller.rb
View file

@ -1,7 +1,10 @@
class API::V1::DossiersController < APIController class API::V1::DossiersController < APIController
DEFAULT_PAGE_SIZE = 100
api :GET, '/procedures/:procedure_id/dossiers/', 'Liste de tous les dossiers d\'une procédure' api :GET, '/procedures/:procedure_id/dossiers/', 'Liste de tous les dossiers d\'une procédure'
param :procedure_id, Integer, desc: "L'identifiant de la procédure", required: true param :procedure_id, Integer, desc: "L'identifiant de la procédure", required: true
param :token, String, desc: "Token administrateur", required: true param :page, String, desc: "Numéro de la page", required: false
param :resultats_par_page, String, desc: "Nombre de résultats par page (#{DEFAULT_PAGE_SIZE} par défaut, maximum 1 000)", required: false
error code: 401, desc: "Non authorisé" error code: 401, desc: "Non authorisé"
error code: 404, desc: "Procédure inconnue" error code: 404, desc: "Procédure inconnue"
@ -17,7 +20,6 @@ class API::V1::DossiersController < APIController
api :GET, '/procedures/:procedure_id/dossiers/:id', 'Informations du dossier d\'une procédure' api :GET, '/procedures/:procedure_id/dossiers/:id', 'Informations du dossier d\'une procédure'
param :procedure_id, Integer, desc: "L'identifiant de la procédure", required: true param :procedure_id, Integer, desc: "L'identifiant de la procédure", required: true
param :dossier_id, Integer, desc: "L'identifiant du dossier", required: true param :dossier_id, Integer, desc: "L'identifiant du dossier", required: true
param :token, String, desc: "Token administrateur", required: true
error code: 401, desc: "Non authorisé" error code: 401, desc: "Non authorisé"
error code: 404, desc: "Procédure ou dossier inconnu" error code: 404, desc: "Procédure ou dossier inconnu"
@ -41,6 +43,6 @@ class API::V1::DossiersController < APIController
end end
def per_page # inherited value from will_paginate def per_page # inherited value from will_paginate
12 [params[:resultats_par_page] || DEFAULT_PAGE_SIZE, 1000].min
end end
end end

1
app/controllers/api/v1/procedures_controller.rb
View file

@ -1,7 +1,6 @@
class API::V1::ProceduresController < APIController class API::V1::ProceduresController < APIController
api :GET, '/procedures/:id', 'Informations concernant une procédure' api :GET, '/procedures/:id', 'Informations concernant une procédure'
param :id, Integer, desc: "L'identifiant de la procédure", required: true param :id, Integer, desc: "L'identifiant de la procédure", required: true
param :token, String, desc: "Token administrateur", required: true
error code: 401, desc: "Non authorisé" error code: 401, desc: "Non authorisé"
error code: 404, desc: "Procédure inconnue" error code: 404, desc: "Procédure inconnue"

26
app/controllers/api_controller.rb
View file

@ -2,8 +2,20 @@ class APIController < ApplicationController
before_action :authenticate_user before_action :authenticate_user
before_action :default_format_json before_action :default_format_json
resource_description do
description <<-EOS
L'authentification de l'API se fait via un header HTTP :
```
Authorization: Bearer &lt;Token administrateur&gt;
```
EOS
end
def authenticate_user def authenticate_user
render json: {}, status: 401 if !valid_token? if !valid_token?
request_http_token_authentication
end
end end
protected protected
@ -13,7 +25,17 @@ class APIController < ApplicationController
end end
def current_administrateur def current_administrateur
@administrateur ||= Administrateur.find_by(api_token: params[:token]) @administrateur ||= (authenticate_with_bearer_token || authenticate_with_param_token)
end
def authenticate_with_bearer_token
authenticate_with_http_token do |token, options|
Administrateur.find_by(api_token: token)
end
end
def authenticate_with_param_token
Administrateur.find_by(api_token: params[:token])
end end
def default_format_json def default_format_json

17
spec/controllers/api/v1/dossiers_controller_spec.rb
View file

@ -7,6 +7,21 @@ describe API::V1::DossiersController do
it { expect(described_class).to be < APIController } it { expect(described_class).to be < APIController }
describe 'GET index (with bearer token)' do
let(:authorization_header) { ActionController::HttpAuthentication::Token.encode_credentials(admin.api_token) }
let(:retour) do
request.env['HTTP_AUTHORIZATION'] = authorization_header
get :index, params: { procedure_id: procedure_id }
end
subject { retour }
context 'when procedure is not found' do
let(:procedure_id) { 99_999_999 }
it { expect(subject.code).to eq('404') }
end
end
describe 'GET index' do describe 'GET index' do
let(:retour) { get :index, params: { token: admin.api_token, procedure_id: procedure_id } } let(:retour) { get :index, params: { token: admin.api_token, procedure_id: procedure_id } }
@ -41,7 +56,7 @@ describe API::V1::DossiersController do
it { is_expected.to have_key(:page) } it { is_expected.to have_key(:page) }
it { expect(subject[:page]).to eq(1) } it { expect(subject[:page]).to eq(1) }
it { is_expected.to have_key(:resultats_par_page) } it { is_expected.to have_key(:resultats_par_page) }
it { expect(subject[:resultats_par_page]).to eq(12) } it { expect(subject[:resultats_par_page]).to eq(described_class.const_get(:DEFAULT_PAGE_SIZE)) }
it { is_expected.to have_key(:nombre_de_page) } it { is_expected.to have_key(:nombre_de_page) }
it { expect(subject[:nombre_de_page]).to eq(1) } it { expect(subject[:nombre_de_page]).to eq(1) }
end end