demarches-normaliennes/spec/controllers/api_controller_spec.rb
2024-07-01 22:36:31 +02:00

93 lines
2.7 KiB
Ruby

describe APIController, type: :controller do
describe 'authenticate_from_token' do
let(:procedure) { create(:procedure) }
let(:admin) { procedure.administrateurs.first }
subject do
controller.send(:authenticate_from_token)
assigns(:api_token)
end
context 'when the admin has not any token' do
context 'and the token is not given' do
it { is_expected.to be nil }
end
end
context 'when the admin has a token' do
let(:token_bearer_couple) { APIToken.generate(admin) }
let(:token) { token_bearer_couple[0] }
let(:bearer) { token_bearer_couple[1] }
context 'and the token is given by params' do
before { controller.params[:token] = bearer }
it { is_expected.to eq(token) }
end
context 'and the token is given by header' do
before do
valid_headers = { 'Authorization' => "Bearer token=#{bearer}" }
request.headers.merge!(valid_headers)
end
it { is_expected.to eq(token) }
end
context 'and the token is not given' do
it { is_expected.to be nil }
end
end
end
describe 'ensure_authorized_network and token is not expired' do
let(:admin) { administrateurs(:default_admin) }
let(:token_bearer_couple) { APIToken.generate(admin) }
let(:token) { token_bearer_couple[0] }
let(:bearer) { token_bearer_couple[1] }
let(:remote_ip) { '0.0.0.0' }
controller(APIController) { def fake_action = render(plain: 'Hello, World!') }
before do
routes.draw { get 'fake_action' => 'api#fake_action' }
valid_headers = { 'Authorization' => "Bearer token=#{bearer}" }
request.headers.merge!(valid_headers)
request.remote_ip = remote_ip
end
describe 'GET #index' do
subject { get :fake_action }
context 'when no authorized networks are defined and the token is not expired' do
it { is_expected.to have_http_status(:ok) }
end
context 'when the token is expired' do
before do
token.update!(expires_at: 1.day.ago)
end
it { is_expected.to have_http_status(:unauthorized) }
end
context 'when a single authorized network is defined' do
before do
token.update!(authorized_networks: [IPAddr.new('192.168.1.0/24')])
end
context 'and the request comes from it' do
let(:remote_ip) { '192.168.1.23' }
it { is_expected.to have_http_status(:ok) }
end
context 'and the request does not come from it' do
let(:remote_ip) { '192.168.2.2' }
it { is_expected.to have_http_status(:forbidden) }
end
end
end
end
end