2018-10-15 16:47:14 +02:00
|
|
|
module ApiHelper
|
|
|
|
extend ActiveSupport::Concern
|
|
|
|
|
|
|
|
included do
|
|
|
|
let(:user) { create(:user) }
|
2019-02-05 20:53:02 +01:00
|
|
|
let(:api_scopes) { [] } # empty scopes for stricter testing (in reality this would be default_scopes)
|
|
|
|
let(:api_access_token) { create(:oauth2_access_token, resource_owner_id: user.id, scopes: api_scopes&.join(' ')).token }
|
2018-10-15 16:47:14 +02:00
|
|
|
let(:api_authorization) { "Bearer #{api_access_token}" }
|
2019-02-05 20:53:02 +01:00
|
|
|
|
2021-03-01 15:27:26 +01:00
|
|
|
def self.it_handles_invalid_token(method, path, params_block = -> { api_auth })
|
2019-02-05 20:53:02 +01:00
|
|
|
context 'with invalid access token' do
|
|
|
|
let(:api_access_token) { 'abc' }
|
2022-02-20 16:15:22 +01:00
|
|
|
|
2019-02-05 20:53:02 +01:00
|
|
|
it { is_expected.to validate(method, path, 401, instance_exec(¶ms_block)) }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2021-03-01 15:27:26 +01:00
|
|
|
def self.it_handles_invalid_scope(method, path, params_block = -> { api_auth })
|
2019-02-05 20:53:02 +01:00
|
|
|
context 'with invalid scope' do
|
|
|
|
let(:api_scopes) { ['none'] }
|
2022-02-20 16:15:22 +01:00
|
|
|
|
2019-02-05 20:53:02 +01:00
|
|
|
it { is_expected.to validate(method, path, 403, instance_exec(¶ms_block)) }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def self.it_handles_invalid_token_and_scope(*args)
|
|
|
|
it_handles_invalid_token(*args)
|
|
|
|
it_handles_invalid_scope(*args)
|
|
|
|
end
|
2018-10-15 16:47:14 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
# Add authentication to parameters for {Swagger::RspecHelpers#validate}
|
|
|
|
# @param params [Hash] Query parameters
|
|
|
|
# @return Query parameters with authentication header
|
|
|
|
# @see Swagger::RspecHelpers#validate
|
|
|
|
def api_auth(params = {})
|
2021-03-01 15:27:26 +01:00
|
|
|
{ '_headers' => { 'Authorization' => api_authorization } }.deep_merge(params)
|
2018-10-15 16:47:14 +02:00
|
|
|
end
|
|
|
|
end
|