DGNum/demarches-normaliennes
15
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

refacto: spec

Browse source
This commit is contained in:
simon lehericey 2023-08-03 10:23:05 +02:00
parent 0b03ba4d68
commit c7afad2a88
2 changed files with 22 additions and 149 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
spec/controllers/api/v2/graphql_controller_spec.rb
View file

@ -3,7 +3,6 @@ describe API::V2::GraphqlController do
let(:generated_token) { APIToken.generate(admin) }
let(:api_token) { generated_token.first }
let(:token) { generated_token.second }
let(:legacy_token) { APIToken.send(:unpack, token)[:plain_token] }
let(:procedure) { create(:procedure, :published, :for_individual, :with_service, administrateurs: [admin]) }
let(:dossier) { create(:dossier, :en_construction, :with_individual, procedure: procedure) }
let(:dossier1) { create(:dossier, :en_construction, :with_individual, procedure: procedure, en_construction_at: 1.day.ago) }
@ -113,20 +112,6 @@ describe API::V2::GraphqlController do
subject { post :execute, params: { query: query, variables: variables, operationName: operation_name, queryId: query_id }.compact, as: :json }
context "when authenticated with legacy token" do
let(:authorization_header) { ActionController::HttpAuthentication::Token.encode_credentials(legacy_token) }
before do
request.env['HTTP_AUTHORIZATION'] = authorization_header
admin.api_tokens.first.update(version: 1)
end
it "returns the demarche" do
expect(gql_errors).to eq(nil)
expect(gql_data[:demarche][:id]).to eq(procedure.to_typed_id)
end
end
context "when authenticated" do
let(:authorization_header) { ActionController::HttpAuthentication::Token.encode_credentials(token) }
@ -164,18 +149,6 @@ describe API::V2::GraphqlController do
expect(gql_errors.first[:message]).to eq("An object of type Demarche was hidden due to permissions")
}
end
context 'v2' do
let(:token) { APIToken.send(:message_verifier).generate([another_administrateur.id, plain_token]) }
it {
expect(gql_errors.first[:message]).to eq("An object of type Demarche was hidden due to permissions")
}
end
context 'v1' do
let(:token) { plain_token }
it {
expect(gql_errors.first[:message]).to eq("An object of type Demarche was hidden due to permissions")
}
end
end
context "when the token is revoked" do
@ -1499,13 +1472,15 @@ describe API::V2::GraphqlController do
message {
body
}
errors {
message
}
}
}"
end
it "should return error" do
expect(gql_data[:dossierEnvoyerMessage]).to eq(nil)
expect(gql_errors).not_to eq(nil)
expect(gql_data[:dossierEnvoyerMessage][:errors].first[:message]).to eq("Le jeton utilisé est configuré seulement en lecture")
end
end
end

138
spec/models/api_token_spec.rb
View file

@ -1,12 +1,11 @@
describe APIToken, type: :model do
let(:administrateur) { create(:administrateur) }
let(:api_token_and_packed_token) { APIToken.generate(administrateur) }
let(:api_token) { api_token_and_packed_token.first }
let(:packed_token) { api_token_and_packed_token.second }
let(:plain_token) { APIToken.send(:unpack, packed_token)[:plain_token] }
let(:packed_token_v2) { APIToken.send(:message_verifier).generate([administrateur.id, plain_token]) }
describe '#generate' do
let(:api_token_and_packed_token) { APIToken.generate(administrateur) }
let(:api_token) { api_token_and_packed_token.first }
let(:packed_token) { api_token_and_packed_token.second }
it do
expect(api_token.administrateur).to eq(administrateur)
expect(api_token.prefix).to eq(packed_token.slice(0, 5))
@ -109,137 +108,36 @@ describe APIToken, type: :model do
end
describe '#find_and_verify' do
let(:result) { APIToken.find_and_verify(token, administrateurs) }
let(:token) { packed_token }
let(:administrateurs) { [administrateur] }
let(:api_token_and_packed_token) { APIToken.generate(administrateur) }
let(:api_token) { api_token_and_packed_token.first }
let(:packed_token) { api_token_and_packed_token.second }
let(:bearer_token) { packed_token }
context 'without administrateur' do
let(:administrateurs) { [] }
subject { APIToken.find_and_verify(bearer_token) }
context 'with packed token' do
it { expect(result).to be_truthy }
end
context 'with packed token v2' do
before { api_token.update(version: 2) }
let(:token) { packed_token_v2 }
it { expect(result).to be_truthy }
end
context 'with plain token' do
before { api_token.update(version: 1) }
let(:token) { plain_token }
it { expect(result).to be_falsey }
end
context 'with the legit packed token' do
it { is_expected.to eq(api_token) }
end
context 'with destroyed token' do
before { api_token.destroy }
context 'with packed token' do
it { expect(result).to be_falsey }
end
context 'with packed token v2' do
let(:token) { packed_token_v2 }
it { expect(result).to be_falsey }
end
context 'with plain token' do
let(:token) { plain_token }
it { expect(result).to be_falsey }
end
it { is_expected.to be_nil }
end
context 'with destroyed administrateur' do
before { api_token.administrateur.destroy }
let(:administrateurs) { [] }
context 'with packed token' do
it { expect(result).to be_falsey }
end
context 'with packed token v2' do
let(:token) { packed_token_v2 }
it { expect(result).to be_falsey }
end
context 'with plain token' do
let(:token) { plain_token }
it { expect(result).to be_falsey }
end
it { is_expected.to be_nil }
end
context 'with other administrateur' do
let(:other_administrateur) { create(:administrateur, :with_api_token) }
let(:administrateurs) { [other_administrateur] }
context 'with packed token' do
it { expect(result).to be_truthy }
context "with a bearer token with the wrong plain_token" do
let(:bearer_token) do
clear_packed = [api_token.id, 'wrong'].join(';')
Base64.urlsafe_encode64(clear_packed)
end
context 'with packed token v2' do
before { api_token.update(version: 2) }
let(:token) { packed_token_v2 }
it { expect(result).to be_truthy }
end
context 'with plain token' do
before { api_token.update(version: 1) }
let(:token) { plain_token }
it { expect(result).to be_falsey }
end
end
context 'with many administrateurs' do
let(:other_administrateur) { create(:administrateur, :with_api_token) }
let(:other_api_token_and_packed_token) { APIToken.generate(other_administrateur) }
let(:other_api_token) { other_api_token_and_packed_token.first }
let(:other_packed_token) { other_api_token_and_packed_token.second }
let(:other_plain_token) { APIToken.send(:unpack, other_packed_token)[:plain_token] }
let(:administrateurs) { [administrateur, other_administrateur] }
context 'with plain token' do
before do
api_token.update(version: 1)
other_api_token.update(version: 1)
end
let(:token) { plain_token }
it { expect(result).to be_truthy }
context 'with other plain token' do
let(:token) { other_plain_token }
it { expect(result).to be_truthy }
end
end
end
context 'with packed token' do
it { expect(result).to be_truthy }
end
context 'with packed token v2' do
before { api_token.update(version: 2) }
let(:token) { packed_token_v2 }
it { expect(result).to be_truthy }
end
context 'with plain token' do
before { api_token.update(version: 1) }
let(:token) { plain_token }
it { expect(result).to be_truthy }
end
context "with valid garbage base64" do
before { api_token.update(version: 1, encrypted_token: BCrypt::Password.create(token)) }
let(:token) { "R5dAqE7nMxfMp93PcuuevDtn" }
it { expect(result).to be_truthy }
it { is_expected.to be_nil }
end
end
end