From c90d2c7f9ac80bcf29cc3c83a923a765f55675c2 Mon Sep 17 00:00:00 2001
From: Maikel Linke <maikel@email.org.au>
Date: Tue, 8 Nov 2022 16:41:39 +1100
Subject: [PATCH] Spec DFC authorisation with real token

Our code doesn't actually verify the token yet but at least we are not
mocking it all anymore.
---
 .../catalog_items_controller_spec.rb          | 30 +++++--------------
 engines/dfc_provider/spec/spec_helper.rb      |  2 +-
 .../spec/support/authorization_helper.rb      |  8 +++++
 3 files changed, 17 insertions(+), 23 deletions(-)
 create mode 100644 engines/dfc_provider/spec/support/authorization_helper.rb

diff --git a/engines/dfc_provider/spec/controllers/dfc_provider/catalog_items_controller_spec.rb b/engines/dfc_provider/spec/controllers/dfc_provider/catalog_items_controller_spec.rb
index 90fc66f3e9..b31ec1d9ed 100644
--- a/engines/dfc_provider/spec/controllers/dfc_provider/catalog_items_controller_spec.rb
+++ b/engines/dfc_provider/spec/controllers/dfc_provider/catalog_items_controller_spec.rb
@@ -1,8 +1,10 @@
 # frozen_string_literal: true
 
-require 'spec_helper'
+require DfcProvider::Engine.root.join("spec/spec_helper")
 
 describe DfcProvider::CatalogItemsController, type: :controller do
+  include AuthorizationHelper
+
   render_views
 
   let!(:user) { create(:user) }
@@ -12,17 +14,9 @@ describe DfcProvider::CatalogItemsController, type: :controller do
 
   describe '.index' do
     context 'with authorization token' do
-      before do
-        request.headers['Authorization'] = 'Bearer 123456.abcdef.123456'
-      end
+      before { authorise user.email }
 
       context 'with an authenticated user' do
-        before do
-          allow_any_instance_of(DfcProvider::AuthorizationControl)
-            .to receive(:user)
-            .and_return(user)
-        end
-
         context 'with an enterprise' do
           context 'given with an id' do
             context 'related to the user' do
@@ -81,10 +75,10 @@ describe DfcProvider::CatalogItemsController, type: :controller do
       end
 
       context 'without an authenticated user' do
+        before { authorise "other@user.net" }
+
         it 'returns unauthorized head' do
-          allow_any_instance_of(DfcProvider::AuthorizationControl)
-            .to receive(:user)
-            .and_return(nil)
+          authorise "other@user.net"
 
           api_get :index, enterprise_id: 'default'
           expect(response.response_code).to eq(401)
@@ -110,17 +104,9 @@ describe DfcProvider::CatalogItemsController, type: :controller do
 
   describe '.show' do
     context 'with authorization token' do
-      before do
-        request.headers['Authorization'] = 'Bearer 123456.abcdef.123456'
-      end
+      before { authorise user.email }
 
       context 'with an authenticated user' do
-        before do
-          allow_any_instance_of(DfcProvider::AuthorizationControl)
-            .to receive(:user)
-            .and_return(user)
-        end
-
         context 'with an enterprise' do
           context 'given with an id' do
             before do
diff --git a/engines/dfc_provider/spec/spec_helper.rb b/engines/dfc_provider/spec/spec_helper.rb
index f6b5d7710e..de38a84c63 100644
--- a/engines/dfc_provider/spec/spec_helper.rb
+++ b/engines/dfc_provider/spec/spec_helper.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
-require '../../spec/spec_helper'
+require_relative '../../../spec/spec_helper'
 
 Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].sort.each { |f| require f }
diff --git a/engines/dfc_provider/spec/support/authorization_helper.rb b/engines/dfc_provider/spec/support/authorization_helper.rb
new file mode 100644
index 0000000000..fb453c329e
--- /dev/null
+++ b/engines/dfc_provider/spec/support/authorization_helper.rb
@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+module AuthorizationHelper
+  def authorise(email)
+    token = JWT.encode({ email: email }, nil)
+    request.headers["Authorization"] = "JWT #{token}"
+  end
+end