Allow logged in users to access DFC API

It makes testing in development so much easier.
This commit is contained in:
Maikel Linke
2022-11-03 16:28:24 +11:00
committed by David Cook
parent 96193a27a4
commit 52a98989e0
3 changed files with 27 additions and 9 deletions

View File

@@ -39,12 +39,8 @@ module DfcProvider
@current_user ||= authorization_control.process
end
def access_token
request.headers['Authorization'].to_s.split(' ').last
end
def authorization_control
DfcProvider::AuthorizationControl.new(access_token)
DfcProvider::AuthorizationControl.new(request)
end
def not_found

View File

@@ -4,20 +4,30 @@
# It controls an OICD Access token and an enterprise.
module DfcProvider
class AuthorizationControl
def initialize(access_token)
@access_token = access_token
def initialize(request)
@request = request
end
def process
return unless @access_token
oidc_user || ofn_user
end
private
def oidc_user
return unless access_token
decode_token
find_ofn_user
end
def ofn_user
@request.env['warden'].user
end
def decode_token
data = JWT.decode(
@access_token,
access_token,
nil,
false
)
@@ -26,6 +36,10 @@ module DfcProvider
@payload = data.first
end
def access_token
@request.headers['Authorization'].to_s.split(' ').last
end
def find_ofn_user
Spree::User.where(email: @payload['email']).first
end

View File

@@ -98,6 +98,14 @@ describe DfcProvider::CatalogItemsController, type: :controller do
expect(response).to be_unauthorized
end
end
context "when logged in as app user" do
it "is successful" do
sign_in user
api_get :index, enterprise_id: enterprise.id
expect(response).to be_successful
end
end
end
describe '.show' do