Convert PersonsController spec request spec

It's much more realistic and also tests the routing and authentication. Besides using real authentication I also improved the matchers.
2026-02-05 22:26:07 +00:00 · 2023-05-10 11:57:27 +10:00
parent 67c29dd38f
commit d338c61d2c
4 changed files with 31 additions and 45 deletions
--- a/engines/dfc_provider/spec/controllers/dfc_provider/persons_controller_spec.rb
+++ b/engines/dfc_provider/spec/controllers/dfc_provider/persons_controller_spec.rb
@@ -1,45 +0,0 @@
-# frozen_string_literal: true
-
-require DfcProvider::Engine.root.join("spec/spec_helper")
-
-describe DfcProvider::PersonsController, type: :controller do
-  render_views
-
-  let!(:user) { create(:user) }
-
-  describe '.show' do
-    context 'with authorization token' do
-      before do
-        request.headers['Authorization'] = 'Bearer 123456.abcdef.123456'
-      end
-
-      context 'with an authenticated user' do
-        before do
-          allow_any_instance_of(AuthorizationControl)
-            .to receive(:user)
-            .and_return(user)
-        end
-
-        context 'given with an accessible id' do
-          before { api_get :show, id: user.id }
-
-          it 'is successful' do
-            expect(response).to be_successful
-          end
-
-          it 'renders the required content' do
-            expect(response.body).to include('dfc-b:Person')
-          end
-        end
-
-        context 'with an other user id' do
-          before { api_get :show, id: create(:user).id }
-
-          it 'is not found' do
-            expect(response).to be_not_found
-          end
-        end
-      end
-    end
-  end
-end
--- a/engines/dfc_provider/spec/requests/persons_spec.rb
+++ b/engines/dfc_provider/spec/requests/persons_spec.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require DfcProvider::Engine.root.join("spec/spec_helper")
+
+describe "Persons", type: :request do
+  let(:user) { create(:oidc_user) }
+  let(:other_user) { create(:oidc_user) }
+
+  describe :show do
+    it "returns the authenticated user" do
+      get person_path(user), headers: auth_header(user.uid)
+      expect(response).to have_http_status :ok
+      expect(response.body).to include "dfc-b:Person"
+      expect(response.body).to include "persons/#{user.id}"
+    end
+
+    it "doesn't find another user" do
+      get person_path(other_user), headers: auth_header(user.uid)
+      expect(response).to have_http_status :not_found
+      expect(response.body).to_not include "dfc-b:Person"
+    end
+  end
+end
--- a/engines/dfc_provider/spec/spec_helper.rb
+++ b/engines/dfc_provider/spec/spec_helper.rb
@@ -5,6 +5,9 @@ require_relative '../../../spec/spec_helper'
 Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].sort.each { |f| require f }

 RSpec.configure do |config|
+  config.include AuthorizationHelper, type: :request
+  config.include DfcProvider::Engine.routes.url_helpers, type: :request
+
  config.around(:each) do |example|
    # The DFC Connector fetches the context when loaded.
    VCR.use_cassette("dfc-context") do
--- a/engines/dfc_provider/spec/support/authorization_helper.rb
+++ b/engines/dfc_provider/spec/support/authorization_helper.rb
@@ -1,6 +1,11 @@
 # frozen_string_literal: true

 module AuthorizationHelper
+  def auth_header(email)
+    token = allow_token_for(email: email)
+    { "Authorization" => "JWT #{token}" }
+  end
+
  def authorise(email)
    token = allow_token_for(email: email)
    request.headers["Authorization"] = "JWT #{token}"