From d338c61d2c96c671d5652e667d61366d0066ca19 Mon Sep 17 00:00:00 2001 From: Maikel Linke Date: Wed, 10 May 2023 11:57:27 +1000 Subject: [PATCH] Convert PersonsController spec request spec It's much more realistic and also tests the routing and authentication. Besides using real authentication I also improved the matchers. --- .../dfc_provider/persons_controller_spec.rb | 45 ------------------- .../spec/requests/persons_spec.rb | 23 ++++++++++ engines/dfc_provider/spec/spec_helper.rb | 3 ++ .../spec/support/authorization_helper.rb | 5 +++ 4 files changed, 31 insertions(+), 45 deletions(-) delete mode 100644 engines/dfc_provider/spec/controllers/dfc_provider/persons_controller_spec.rb create mode 100644 engines/dfc_provider/spec/requests/persons_spec.rb diff --git a/engines/dfc_provider/spec/controllers/dfc_provider/persons_controller_spec.rb b/engines/dfc_provider/spec/controllers/dfc_provider/persons_controller_spec.rb deleted file mode 100644 index fc388f4913..0000000000 --- a/engines/dfc_provider/spec/controllers/dfc_provider/persons_controller_spec.rb +++ /dev/null @@ -1,45 +0,0 @@ -# frozen_string_literal: true - -require DfcProvider::Engine.root.join("spec/spec_helper") - -describe DfcProvider::PersonsController, type: :controller do - render_views - - let!(:user) { create(:user) } - - describe '.show' do - context 'with authorization token' do - before do - request.headers['Authorization'] = 'Bearer 123456.abcdef.123456' - end - - context 'with an authenticated user' do - before do - allow_any_instance_of(AuthorizationControl) - .to receive(:user) - .and_return(user) - end - - context 'given with an accessible id' do - before { api_get :show, id: user.id } - - it 'is successful' do - expect(response).to be_successful - end - - it 'renders the required content' do - expect(response.body).to include('dfc-b:Person') - end - end - - context 'with an other user id' do - before { api_get :show, id: create(:user).id } - - it 'is not found' do - expect(response).to be_not_found - end - end - end - end - end -end diff --git a/engines/dfc_provider/spec/requests/persons_spec.rb b/engines/dfc_provider/spec/requests/persons_spec.rb new file mode 100644 index 0000000000..6acea2d5f0 --- /dev/null +++ b/engines/dfc_provider/spec/requests/persons_spec.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +require DfcProvider::Engine.root.join("spec/spec_helper") + +describe "Persons", type: :request do + let(:user) { create(:oidc_user) } + let(:other_user) { create(:oidc_user) } + + describe :show do + it "returns the authenticated user" do + get person_path(user), headers: auth_header(user.uid) + expect(response).to have_http_status :ok + expect(response.body).to include "dfc-b:Person" + expect(response.body).to include "persons/#{user.id}" + end + + it "doesn't find another user" do + get person_path(other_user), headers: auth_header(user.uid) + expect(response).to have_http_status :not_found + expect(response.body).to_not include "dfc-b:Person" + end + end +end diff --git a/engines/dfc_provider/spec/spec_helper.rb b/engines/dfc_provider/spec/spec_helper.rb index 966c2242e4..6c2b4ea8b0 100644 --- a/engines/dfc_provider/spec/spec_helper.rb +++ b/engines/dfc_provider/spec/spec_helper.rb @@ -5,6 +5,9 @@ require_relative '../../../spec/spec_helper' Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].sort.each { |f| require f } RSpec.configure do |config| + config.include AuthorizationHelper, type: :request + config.include DfcProvider::Engine.routes.url_helpers, type: :request + config.around(:each) do |example| # The DFC Connector fetches the context when loaded. VCR.use_cassette("dfc-context") do diff --git a/engines/dfc_provider/spec/support/authorization_helper.rb b/engines/dfc_provider/spec/support/authorization_helper.rb index 4d8a42fdad..b35cc34860 100644 --- a/engines/dfc_provider/spec/support/authorization_helper.rb +++ b/engines/dfc_provider/spec/support/authorization_helper.rb @@ -1,6 +1,11 @@ # frozen_string_literal: true module AuthorizationHelper + def auth_header(email) + token = allow_token_for(email: email) + { "Authorization" => "JWT #{token}" } + end + def authorise(email) token = allow_token_for(email: email) request.headers["Authorization"] = "JWT #{token}"