2018-10-15 16:47:14 +02:00
|
|
|
module ApiHelper
|
|
|
|
extend ActiveSupport::Concern
|
|
|
|
|
|
|
|
included do
|
|
|
|
let(:user) { create(:user) }
|
2019-02-05 20:53:02 +01:00
|
|
|
let(:api_scopes) { [] } # empty scopes for stricter testing (in reality this would be default_scopes)
|
2023-05-12 13:01:12 +02:00
|
|
|
let(:api_access_token) do
|
|
|
|
create(:oauth2_access_token, resource_owner_id: user.id, scopes: api_scopes&.join(' ')).token
|
|
|
|
end
|
|
|
|
let(:Authorization) { "Bearer #{api_access_token}" } # rubocop:disable RSpec/VariableName
|
2019-02-05 20:53:02 +01:00
|
|
|
|
2023-05-12 11:11:48 +02:00
|
|
|
def self.it_handles_invalid_token
|
2019-02-05 20:53:02 +01:00
|
|
|
context 'with invalid access token' do
|
2023-05-12 13:01:12 +02:00
|
|
|
let(:Authorization) { 'abc' } # rubocop:disable RSpec/VariableName
|
2022-02-20 16:15:22 +01:00
|
|
|
|
2023-05-12 11:11:48 +02:00
|
|
|
response 401, 'not logged-in' do
|
|
|
|
schema '$ref' => '#/components/schemas/Error401'
|
|
|
|
run_test!
|
|
|
|
end
|
2019-02-05 20:53:02 +01:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2023-05-12 11:11:48 +02:00
|
|
|
def self.it_handles_invalid_token_with_id
|
|
|
|
context 'with invalid access token' do
|
2023-05-12 13:01:12 +02:00
|
|
|
let(:Authorization) { 'abc' } # rubocop:disable RSpec/VariableName
|
2023-05-12 11:11:48 +02:00
|
|
|
let(:id) { 42 } # id doesn't matter here
|
|
|
|
|
|
|
|
response 401, 'not logged-in' do
|
|
|
|
schema '$ref' => '#/components/schemas/Error401'
|
|
|
|
run_test!
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def self.it_handles_invalid_scope(description = 'missing scope')
|
|
|
|
context 'with invalid scope' do
|
|
|
|
let(:api_scopes) { ['none'] }
|
|
|
|
|
|
|
|
response 403, description do
|
|
|
|
schema '$ref' => '#/components/schemas/Error403'
|
|
|
|
run_test!
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def self.it_handles_invalid_scope_with_id(description = 'missing scope')
|
2019-02-05 20:53:02 +01:00
|
|
|
context 'with invalid scope' do
|
|
|
|
let(:api_scopes) { ['none'] }
|
2023-05-12 11:11:48 +02:00
|
|
|
let(:id) { 42 } # id doesn't matter here
|
2022-02-20 16:15:22 +01:00
|
|
|
|
2023-05-12 11:11:48 +02:00
|
|
|
response 403, description do
|
|
|
|
schema '$ref' => '#/components/schemas/Error403'
|
|
|
|
run_test!
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def self.it_cannot_find_object(description = 'not found')
|
|
|
|
let(:id) { 'invalid' }
|
|
|
|
|
|
|
|
response 404, description do
|
|
|
|
schema '$ref' => '#/components/schemas/Error404'
|
|
|
|
run_test!
|
2019-02-05 20:53:02 +01:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def self.it_handles_invalid_token_and_scope(*args)
|
|
|
|
it_handles_invalid_token(*args)
|
|
|
|
it_handles_invalid_scope(*args)
|
|
|
|
end
|
2018-10-15 16:47:14 +02:00
|
|
|
|
2023-05-12 11:11:48 +02:00
|
|
|
def self.id_url_param
|
|
|
|
parameter name: :id, in: :path, type: :integer, required: true
|
|
|
|
end
|
|
|
|
|
|
|
|
def self.pagination_param
|
|
|
|
parameter name: :per_page, in: :query, type: :integer, required: false
|
|
|
|
parameter name: :page, in: :query, type: :integer, required: false
|
|
|
|
end
|
|
|
|
|
|
|
|
def self.q_ordered_url_param
|
|
|
|
parameter name: :q, in: :query, required: false,
|
|
|
|
description: "'member' show articles ordered by the user's ordergroup, 'all' by all members, and 'supplier' ordered at the supplier",
|
|
|
|
schema: {
|
|
|
|
type: :object,
|
|
|
|
properties: {
|
|
|
|
ordered: { '$ref' => '#/components/schemas/q_ordered' }
|
|
|
|
}
|
|
|
|
}
|
|
|
|
end
|
2018-10-15 16:47:14 +02:00
|
|
|
end
|
|
|
|
end
|