add authorization to tests

This commit is contained in:
Philipp Rothmann 2022-11-07 13:41:39 +01:00
parent 95deb6a984
commit df3a2c0c48
4 changed files with 16 additions and 7 deletions

View file

@ -3,18 +3,29 @@ require 'swagger_helper'
describe 'Users API', type: :request do describe 'Users API', type: :request do
path '/user' do path '/user' do
get 'info about the currently logged-in user' do get 'info about the currently logged-in user' do
# security [oauth2: []]
tags '1. User' tags '1. User'
produces 'application/json' produces 'application/json'
let(:user) { create(:user) }
let(:api_access_token) { create(:oauth2_access_token, resource_owner_id: user.id, scopes: api_scopes&.join(' ')).token }
let(:Authorization) { "Bearer #{api_access_token}" }
response '200', 'success' do response '200', 'success' do
let(:api_scopes) { ['user:read'] }
run_test! do |response| run_test! do |response|
let(:Authorization) { "Basic #{::Base64.strict_encode64('jsmith:jspass')}" }
data = JSON.parse(response.body) data = JSON.parse(response.body)
# expect(data[]) expect(data['user']['id']).to eq(user.id)
end end
end end
response '403', 'missing scope' do
let(:api_scopes) { [] }
run_test!
end
response '401', 'not logged-in' do response '401', 'not logged-in' do
let(:Authorization) { "" }
run_test! run_test!
end end
end end

View file

@ -1,4 +1,4 @@
RSpec.configure do |config| RSpec.configure do |config|
# load FactoryBot shortcuts create(), etc. # load FactoryBot shortcuts create(), etc.
config.include FactoryBot::Syntax::Methods config.include FactoryBot::Syntax::Methods
end end

View file

@ -26,8 +26,6 @@ RSpec.configure do |config|
securitySchemes: { securitySchemes: {
oauth2: { oauth2: {
type: :oauth2, type: :oauth2,
in: :header,
name: 'Authorization',
flows: { flows: {
implicit: { implicit: {
authorizationUrl: 'http://localhost:3000/f/oauth/authorize', authorizationUrl: 'http://localhost:3000/f/oauth/authorize',

View file

@ -12,14 +12,14 @@ paths:
responses: responses:
'200': '200':
description: success description: success
'403':
description: missing scope
'401': '401':
description: not logged-in description: not logged-in
components: components:
securitySchemes: securitySchemes:
oauth2: oauth2:
type: oauth2 type: oauth2
in: header
name: Authorization
flows: flows:
implicit: implicit:
authorizationUrl: http://localhost:3000/f/oauth/authorize authorizationUrl: http://localhost:3000/f/oauth/authorize