foodsoft/spec/controllers/concerns/auth_concern_spec.rb

# frozen_string_literal: true

require 'spec_helper'

class DummyAuthController < ApplicationController; end

describe 'Auth concern', type: :controller do
  controller DummyAuthController do
    # Defining a dummy action for an anynomous controller which inherits from the described class.
    def authenticate_blank
      authenticate
    end

    def authenticate_unknown_group
      authenticate('nooby')
    end

    def authenticate_pickups
      authenticate('pickups')
      head :ok unless performed?
    end

    def authenticate_finance_or_orders
      authenticate('finance_or_orders')
      head :ok unless performed?
    end

    def try_authenticate_membership_or_admin
      authenticate_membership_or_admin
    end

    def try_authenticate_or_token
      authenticate_or_token('xyz')
      head :ok unless performed?
    end

    def call_deny_access
      deny_access
    end

    def call_current_user
      current_user
    end

    def call_login_and_redirect_to_return_to
      user = User.find(params[:user_id])
      login_and_redirect_to_return_to(user)
    end

    def call_login
      user = User.find(params[:user_id])
      login(user)
    end
  end

  # unit testing protected/private methods
  describe 'protected/private methods' do
    let(:user) { create :user }
    let(:wrong_user) { create :user }

    describe '#current_user' do
      before do
        login user
        routes.draw { get 'call_current_user' => 'dummy_auth#call_current_user' }
      end

      describe 'with valid session' do
        it 'returns current_user' do
          get_with_defaults :call_current_user, params: { user_id: user.id }, format: JSON
          expect(assigns(:current_user)).to eq user
        end
      end

      describe 'with invalid session' do
        it 'not returns current_user' do
          session[:user_id] = nil
          get_with_defaults :call_current_user, params: { user_id: nil }, format: JSON
          expect(assigns(:current_user)).to be_nil
        end
      end
    end

    describe '#deny_access' do
      it 'redirects to root_url' do
        login user
        routes.draw { get 'deny_access' => 'dummy_auth#call_deny_access' }
        get_with_defaults :call_deny_access
        expect(response).to redirect_to(root_url)
      end
    end

    describe '#login' do
      before do
        routes.draw { get 'call_login' => 'dummy_auth#call_login' }
      end

      it 'sets user in session' do
        login wrong_user
        get_with_defaults :call_login, params: { user_id: user.id }, format: JSON
        expect(session[:user_id]).to eq user.id
        expect(session[:scope]).to eq FoodsoftConfig.scope
        expect(session[:locale]).to eq user.locale
      end
    end

    describe '#login_and_redirect_to_return_to' do
      it 'redirects to already set target' do
        login user
        session[:return_to] = my_profile_url
        routes.draw { get 'call_login_and_redirect_to_return_to' => 'dummy_auth#call_login_and_redirect_to_return_to' }
        get_with_defaults :call_login_and_redirect_to_return_to, params: { user_id: user.id }
        expect(session[:return_to]).to be_nil
      end
    end
  end

  describe 'authenticate' do
    describe 'not logged in' do
      it 'does not authenticate' do
        routes.draw { get 'authenticate_blank' => 'dummy_auth#authenticate_blank' }
        get_with_defaults :authenticate_blank
        expect(response).to have_http_status(:redirect)
        expect(response).to redirect_to(login_path)
        expect(flash[:alert]).to match(I18n.t('application.controller.error_authn'))
      end
    end

    describe 'logged in' do
      let(:user) { create :user }
      let(:pickups_user) { create :user, :role_pickups }
      let(:finance_user) { create :user, :role_finance }
      let(:orders_user) { create :user, :role_orders }

      it 'does not authenticate with unknown group' do
        login user
        routes.draw { get 'authenticate_unknown_group' => 'dummy_auth#authenticate_unknown_group' }
        get_with_defaults :authenticate_unknown_group
        expect(response).to have_http_status(:redirect)
        expect(response).to redirect_to(root_path)
        expect(flash[:alert]).to match(I18n.t('application.controller.error_denied', sign_in: ActionController::Base.helpers.link_to(I18n.t('application.controller.error_denied_sign_in'), login_path)))
      end

      it 'does not authenticate with pickups group' do
        login pickups_user
        routes.draw { get 'authenticate_pickups' => 'dummy_auth#authenticate_pickups' }
        get_with_defaults :authenticate_pickups
        expect(response).to have_http_status(:success)
      end

      it 'does not authenticate with finance group' do
        login finance_user
        routes.draw { get 'authenticate_finance_or_orders' => 'dummy_auth#authenticate_finance_or_orders' }
        get_with_defaults :authenticate_finance_or_orders
        expect(response).to have_http_status(:success)
      end

      it 'does not authenticate with orders group' do
        login orders_user
        routes.draw { get 'authenticate_finance_or_orders' => 'dummy_auth#authenticate_finance_or_orders' }
        get_with_defaults :authenticate_finance_or_orders
        expect(response).to have_http_status(:success)
      end
    end
  end

  describe 'authenticate_membership_or_admin' do
    describe 'logged in' do
      let(:pickups_user) { create :user, :role_pickups }
      let(:workgroup) { create :workgroup }

      it 'redirects with not permitted group' do
        group_id = workgroup.id
        login pickups_user
        routes.draw { get 'try_authenticate_membership_or_admin' => 'dummy_auth#try_authenticate_membership_or_admin' }
        get_with_defaults :try_authenticate_membership_or_admin, params: { id: group_id }
        expect(response).to have_http_status(:redirect)
        expect(response).to redirect_to(root_path)
        expect(flash[:alert]).to match(I18n.t('application.controller.error_members_only'))
      end
    end
  end

  describe 'authenticate_or_token' do
    describe 'logged in' do
      let(:token_verifier) { TokenVerifier.new('xyz') }
      let(:token_msg) { token_verifier.generate }
      let(:user) { create :user }

      before { login user }

      it 'authenticates token' do
        routes.draw { get 'try_authenticate_or_token' => 'dummy_auth#try_authenticate_or_token' }
        get_with_defaults :try_authenticate_or_token, params: { token: token_msg }
        expect(response).not_to have_http_status(:redirect)
      end

      it 'redirects on faulty token' do
        routes.draw { get 'try_authenticate_or_token' => 'dummy_auth#try_authenticate_or_token' }
        get_with_defaults :try_authenticate_or_token, params: { token: 'abc' }
        expect(response).to have_http_status(:redirect)
        expect(response).to redirect_to(root_path)
        expect(flash[:alert]).to match(I18n.t('application.controller.error_token'))
      end

      it 'authenticates current user on empty token' do
        routes.draw { get 'try_authenticate_or_token' => 'dummy_auth#try_authenticate_or_token' }
        get_with_defaults :try_authenticate_or_token
        expect(response).to have_http_status(:success)
      end
    end
  end
end
Add controller tests Co-authored-by: viehlieb <pf@pragma-shift.net> Co-authored-by: Tobias Kneuker <tk@pragma-shift.net> seperate expects refactor login user calls add more articles to test sorting with fix: fix test for rails upgrade 2022-11-28 11:30:38 +01:00			`# frozen_string_literal: true`

			`require 'spec_helper'`

			`class DummyAuthController < ApplicationController; end`

			`describe 'Auth concern', type: :controller do`
			`controller DummyAuthController do`
			`# Defining a dummy action for an anynomous controller which inherits from the described class.`
			`def authenticate_blank`
			`authenticate`
			`end`

			`def authenticate_unknown_group`
			`authenticate('nooby')`
			`end`

			`def authenticate_pickups`
			`authenticate('pickups')`
			`head :ok unless performed?`
			`end`

			`def authenticate_finance_or_orders`
			`authenticate('finance_or_orders')`
			`head :ok unless performed?`
			`end`

			`def try_authenticate_membership_or_admin`
			`authenticate_membership_or_admin`
			`end`

			`def try_authenticate_or_token`
			`authenticate_or_token('xyz')`
			`head :ok unless performed?`
			`end`

			`def call_deny_access`
			`deny_access`
			`end`

			`def call_current_user`
			`current_user`
			`end`

			`def call_login_and_redirect_to_return_to`
			`user = User.find(params[:user_id])`
			`login_and_redirect_to_return_to(user)`
			`end`

			`def call_login`
			`user = User.find(params[:user_id])`
			`login(user)`
			`end`
			`end`

			`# unit testing protected/private methods`
			`describe 'protected/private methods' do`
			`let(:user) { create :user }`
			`let(:wrong_user) { create :user }`

			`describe '#current_user' do`
			`before do`
			`login user`
			`routes.draw { get 'call_current_user' => 'dummy_auth#call_current_user' }`
			`end`

			`describe 'with valid session' do`
			`it 'returns current_user' do`
			`get_with_defaults :call_current_user, params: { user_id: user.id }, format: JSON`
			`expect(assigns(:current_user)).to eq user`
			`end`
			`end`

			`describe 'with invalid session' do`
			`it 'not returns current_user' do`
			`session[:user_id] = nil`
			`get_with_defaults :call_current_user, params: { user_id: nil }, format: JSON`
			`expect(assigns(:current_user)).to be_nil`
			`end`
			`end`
			`end`

			`describe '#deny_access' do`
			`it 'redirects to root_url' do`
			`login user`
			`routes.draw { get 'deny_access' => 'dummy_auth#call_deny_access' }`
			`get_with_defaults :call_deny_access`
			`expect(response).to redirect_to(root_url)`
			`end`
			`end`

			`describe '#login' do`
			`before do`
			`routes.draw { get 'call_login' => 'dummy_auth#call_login' }`
			`end`

			`it 'sets user in session' do`
			`login wrong_user`
			`get_with_defaults :call_login, params: { user_id: user.id }, format: JSON`
			`expect(session[:user_id]).to eq user.id`
			`expect(session[:scope]).to eq FoodsoftConfig.scope`
			`expect(session[:locale]).to eq user.locale`
			`end`
			`end`

			`describe '#login_and_redirect_to_return_to' do`
			`it 'redirects to already set target' do`
			`login user`
			`session[:return_to] = my_profile_url`
			`routes.draw { get 'call_login_and_redirect_to_return_to' => 'dummy_auth#call_login_and_redirect_to_return_to' }`
			`get_with_defaults :call_login_and_redirect_to_return_to, params: { user_id: user.id }`
			`expect(session[:return_to]).to be_nil`
			`end`
			`end`
			`end`

			`describe 'authenticate' do`
			`describe 'not logged in' do`
			`it 'does not authenticate' do`
			`routes.draw { get 'authenticate_blank' => 'dummy_auth#authenticate_blank' }`
			`get_with_defaults :authenticate_blank`
			`expect(response).to have_http_status(:redirect)`
			`expect(response).to redirect_to(login_path)`
			`expect(flash[:alert]).to match(I18n.t('application.controller.error_authn'))`
			`end`
			`end`

			`describe 'logged in' do`
			`let(:user) { create :user }`
			`let(:pickups_user) { create :user, :role_pickups }`
			`let(:finance_user) { create :user, :role_finance }`
			`let(:orders_user) { create :user, :role_orders }`

			`it 'does not authenticate with unknown group' do`
			`login user`
			`routes.draw { get 'authenticate_unknown_group' => 'dummy_auth#authenticate_unknown_group' }`
			`get_with_defaults :authenticate_unknown_group`
			`expect(response).to have_http_status(:redirect)`
			`expect(response).to redirect_to(root_path)`
			`expect(flash[:alert]).to match(I18n.t('application.controller.error_denied', sign_in: ActionController::Base.helpers.link_to(I18n.t('application.controller.error_denied_sign_in'), login_path)))`
			`end`

			`it 'does not authenticate with pickups group' do`
			`login pickups_user`
			`routes.draw { get 'authenticate_pickups' => 'dummy_auth#authenticate_pickups' }`
			`get_with_defaults :authenticate_pickups`
			`expect(response).to have_http_status(:success)`
			`end`

			`it 'does not authenticate with finance group' do`
			`login finance_user`
			`routes.draw { get 'authenticate_finance_or_orders' => 'dummy_auth#authenticate_finance_or_orders' }`
			`get_with_defaults :authenticate_finance_or_orders`
			`expect(response).to have_http_status(:success)`
			`end`

			`it 'does not authenticate with orders group' do`
			`login orders_user`
			`routes.draw { get 'authenticate_finance_or_orders' => 'dummy_auth#authenticate_finance_or_orders' }`
			`get_with_defaults :authenticate_finance_or_orders`
			`expect(response).to have_http_status(:success)`
			`end`
			`end`
			`end`

			`describe 'authenticate_membership_or_admin' do`
			`describe 'logged in' do`
			`let(:pickups_user) { create :user, :role_pickups }`
			`let(:workgroup) { create :workgroup }`

			`it 'redirects with not permitted group' do`
			`group_id = workgroup.id`
			`login pickups_user`
			`routes.draw { get 'try_authenticate_membership_or_admin' => 'dummy_auth#try_authenticate_membership_or_admin' }`
			`get_with_defaults :try_authenticate_membership_or_admin, params: { id: group_id }`
			`expect(response).to have_http_status(:redirect)`
			`expect(response).to redirect_to(root_path)`
			`expect(flash[:alert]).to match(I18n.t('application.controller.error_members_only'))`
			`end`
			`end`
			`end`

			`describe 'authenticate_or_token' do`
			`describe 'logged in' do`
			`let(:token_verifier) { TokenVerifier.new('xyz') }`
			`let(:token_msg) { token_verifier.generate }`
			`let(:user) { create :user }`

			`before { login user }`

			`it 'authenticates token' do`
			`routes.draw { get 'try_authenticate_or_token' => 'dummy_auth#try_authenticate_or_token' }`
			`get_with_defaults :try_authenticate_or_token, params: { token: token_msg }`
			`expect(response).not_to have_http_status(:redirect)`
			`end`

			`it 'redirects on faulty token' do`
			`routes.draw { get 'try_authenticate_or_token' => 'dummy_auth#try_authenticate_or_token' }`
			`get_with_defaults :try_authenticate_or_token, params: { token: 'abc' }`
			`expect(response).to have_http_status(:redirect)`
			`expect(response).to redirect_to(root_path)`
			`expect(flash[:alert]).to match(I18n.t('application.controller.error_token'))`
			`end`

			`it 'authenticates current user on empty token' do`
			`routes.draw { get 'try_authenticate_or_token' => 'dummy_auth#try_authenticate_or_token' }`
			`get_with_defaults :try_authenticate_or_token`
			`expect(response).to have_http_status(:success)`
			`end`
			`end`
			`end`
			`end`