Foodsoft/foodsoft
1
1
Fork 0
Code Issues 36 Pull requests 5 Projects 1 Releases Wiki Activity

28_introduce_rswag #35

Merged
philipp merged 46 commits from 28_introduce_rswag into develop 2023-01-05 13:45:47 +01:00
Conversation 0 Commits 46 Files changed 27 +84 -59
4 changed files with 84 additions and 59 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit dbab0ef12b - Show all commits

68
spec/api/v1/swagger_spec.rb
View file

@ -8,24 +8,24 @@ class SwaggerCheckerFile < Apivore::SwaggerChecker
end end
end end
describe 'API v1', type: :apivore, order: :defined do describe 'API v1', :skip, type: :apivore, order: :defined do
include ApiHelper include ApiHelper
subject { SwaggerCheckerFile.instance_for Rails.root.join('doc', 'swagger.v1.yml') } subject { SwaggerCheckerFile.instance_for Rails.root.join('doc', 'swagger.v1.yml') }
context 'has valid paths' do context 'has valid paths' do
context 'user' do # context 'user' do
let(:api_scopes) { ['user:read'] } # let(:api_scopes) { ['user:read'] }
# create multiple users to make sure we're getting the authenticated user, not just any # # create multiple users to make sure we're getting the authenticated user, not just any
let!(:other_user_1) { create :user } # let!(:other_user_1) { create :user }
let!(:user) { create :user } # let!(:user) { create :user }
let!(:other_user_2) { create :user } # let!(:other_user_2) { create :user }
it { is_expected.to validate(:get, '/user', 200, api_auth) } # it { is_expected.to validate(:get, '/user', 200, api_auth) }
it { is_expected.to validate(:get, '/user', 401) } # it { is_expected.to validate(:get, '/user', 401) }
it_handles_invalid_token_and_scope(:get, '/user') # # it_handles_invalid_token_and_scope(:get, '/user')
end # end
context 'user/financial_overview' do context 'user/financial_overview' do
let(:api_scopes) { ['finance:user'] } let(:api_scopes) { ['finance:user'] }
@ -34,7 +34,7 @@ describe 'API v1', type: :apivore, order: :defined do
it { is_expected.to validate(:get, '/user/financial_overview', 200, api_auth) } it { is_expected.to validate(:get, '/user/financial_overview', 200, api_auth) }
it { is_expected.to validate(:get, '/user/financial_overview', 401) } it { is_expected.to validate(:get, '/user/financial_overview', 401) }
it_handles_invalid_token_and_scope(:get, '/user/financial_overview') # it_handles_invalid_token_and_scope(:get, '/user/financial_overview')
end end
context 'user/financial_transactions' do context 'user/financial_transactions' do
@ -88,9 +88,9 @@ describe 'API v1', type: :apivore, order: :defined do
end end
end end
it_handles_invalid_token_and_scope(:get, '/user/financial_transactions') # it_handles_invalid_token_and_scope(:get, '/user/financial_transactions')
it_handles_invalid_token_and_scope(:post, '/user/financial_transactions', -> { api_auth(create_params) }) # it_handles_invalid_token_and_scope(:post, '/user/financial_transactions', -> { api_auth(create_params) })
it_handles_invalid_token_and_scope(:get, '/user/financial_transactions/{id}', -> { api_auth('id' => ft_2.id) }) # it_handles_invalid_token_and_scope(:get, '/user/financial_transactions/{id}', -> { api_auth('id' => ft_2.id) })
end end
end end
@ -165,11 +165,11 @@ describe 'API v1', type: :apivore, order: :defined do
it { is_expected.to validate(:delete, '/user/group_order_articles/{id}', 200, api_auth({ 'id' => goa.id })) } it { is_expected.to validate(:delete, '/user/group_order_articles/{id}', 200, api_auth({ 'id' => goa.id })) }
end end
it_handles_invalid_token_and_scope(:get, '/user/group_order_articles') # it_handles_invalid_token_and_scope(:get, '/user/group_order_articles')
it_handles_invalid_token_and_scope(:post, '/user/group_order_articles', -> { api_auth(create_params) }) # it_handles_invalid_token_and_scope(:post, '/user/group_order_articles', -> { api_auth(create_params) })
it_handles_invalid_token_and_scope(:get, '/user/group_order_articles/{id}', -> { api_auth({ 'id' => goa.id }) }) # it_handles_invalid_token_and_scope(:get, '/user/group_order_articles/{id}', -> { api_auth({ 'id' => goa.id }) })
it_handles_invalid_token_and_scope(:patch, '/user/group_order_articles/{id}', -> { api_auth(update_params) }) # it_handles_invalid_token_and_scope(:patch, '/user/group_order_articles/{id}', -> { api_auth(update_params) })
it_handles_invalid_token_and_scope(:delete, '/user/group_order_articles/{id}', -> { api_auth({ 'id' => goa.id }) }) # it_handles_invalid_token_and_scope(:delete, '/user/group_order_articles/{id}', -> { api_auth({ 'id' => goa.id }) })
end end
end end
@ -179,14 +179,14 @@ describe 'API v1', type: :apivore, order: :defined do
it { is_expected.to validate(:get, '/config', 200, api_auth) } it { is_expected.to validate(:get, '/config', 200, api_auth) }
it { is_expected.to validate(:get, '/config', 401) } it { is_expected.to validate(:get, '/config', 401) }
it_handles_invalid_token_and_scope(:get, '/config') # it_handles_invalid_token_and_scope(:get, '/config')
end end
context 'navigation' do context 'navigation' do
it { is_expected.to validate(:get, '/navigation', 200, api_auth) } it { is_expected.to validate(:get, '/navigation', 200, api_auth) }
it { is_expected.to validate(:get, '/navigation', 401) } it { is_expected.to validate(:get, '/navigation', 401) }
it_handles_invalid_token(:get, '/navigation') # #it_handles_invalid_token(:get, '/navigation')
end end
context 'financial_transactions' do context 'financial_transactions' do
@ -207,8 +207,8 @@ describe 'API v1', type: :apivore, order: :defined do
it { is_expected.to validate(:get, '/financial_transactions/{id}', 403, api_auth({ 'id' => ft_2.id })) } it { is_expected.to validate(:get, '/financial_transactions/{id}', 403, api_auth({ 'id' => ft_2.id })) }
end end
it_handles_invalid_token_and_scope(:get, '/financial_transactions') # it_handles_invalid_token_and_scope(:get, '/financial_transactions')
it_handles_invalid_token_and_scope(:get, '/financial_transactions/{id}', -> { api_auth({ 'id' => ft_2.id }) }) # it_handles_invalid_token_and_scope(:get, '/financial_transactions/{id}', -> { api_auth({ 'id' => ft_2.id }) })
end end
context 'financial_transaction_classes' do context 'financial_transaction_classes' do
@ -219,8 +219,8 @@ describe 'API v1', type: :apivore, order: :defined do
it { is_expected.to validate(:get, '/financial_transaction_classes/{id}', 200, api_auth({ 'id' => cla_2.id })) } it { is_expected.to validate(:get, '/financial_transaction_classes/{id}', 200, api_auth({ 'id' => cla_2.id })) }
it { is_expected.to validate(:get, '/financial_transaction_classes/{id}', 404, api_auth({ 'id' => cla_2.id + 1 })) } it { is_expected.to validate(:get, '/financial_transaction_classes/{id}', 404, api_auth({ 'id' => cla_2.id + 1 })) }
it_handles_invalid_token(:get, '/financial_transaction_classes') #it_handles_invalid_token(:get, '/financial_transaction_classes')
it_handles_invalid_token(:get, '/financial_transaction_classes/{id}', -> { api_auth({ 'id' => cla_1.id }) }) #it_handles_invalid_token(:get, '/financial_transaction_classes/{id}', -> { api_auth({ 'id' => cla_1.id }) })
end end
context 'financial_transaction_types' do context 'financial_transaction_types' do
@ -231,8 +231,8 @@ describe 'API v1', type: :apivore, order: :defined do
it { is_expected.to validate(:get, '/financial_transaction_types/{id}', 200, api_auth({ 'id' => tpy_2.id })) } it { is_expected.to validate(:get, '/financial_transaction_types/{id}', 200, api_auth({ 'id' => tpy_2.id })) }
it { is_expected.to validate(:get, '/financial_transaction_types/{id}', 404, api_auth({ 'id' => tpy_2.id + 1 })) } it { is_expected.to validate(:get, '/financial_transaction_types/{id}', 404, api_auth({ 'id' => tpy_2.id + 1 })) }
it_handles_invalid_token(:get, '/financial_transaction_types') ##it_handles_invalid_token(:get, '/financial_transaction_types')
it_handles_invalid_token(:get, '/financial_transaction_types/{id}', -> { api_auth({ 'id' => tpy_1.id }) }) ##it_handles_invalid_token(:get, '/financial_transaction_types/{id}', -> { api_auth({ 'id' => tpy_1.id }) })
end end
context 'orders' do context 'orders' do
@ -243,8 +243,8 @@ describe 'API v1', type: :apivore, order: :defined do
it { is_expected.to validate(:get, '/orders/{id}', 200, api_auth({ 'id' => order.id })) } it { is_expected.to validate(:get, '/orders/{id}', 200, api_auth({ 'id' => order.id })) }
it { is_expected.to validate(:get, '/orders/{id}', 404, api_auth({ 'id' => Order.last.id + 1 })) } it { is_expected.to validate(:get, '/orders/{id}', 404, api_auth({ 'id' => Order.last.id + 1 })) }
it_handles_invalid_token_and_scope(:get, '/orders') # #it_handles_invalid_token_and_scope(:get, '/orders')
it_handles_invalid_token_and_scope(:get, '/orders/{id}', -> { api_auth({ 'id' => order.id }) }) # #it_handles_invalid_token_and_scope(:get, '/orders/{id}', -> { api_auth({ 'id' => order.id }) })
end end
context 'order_articles' do context 'order_articles' do
@ -258,8 +258,8 @@ describe 'API v1', type: :apivore, order: :defined do
it { is_expected.to validate(:get, '/order_articles/{id}', 200, api_auth({ 'id' => stock_order_article.id })) } it { is_expected.to validate(:get, '/order_articles/{id}', 200, api_auth({ 'id' => stock_order_article.id })) }
it { is_expected.to validate(:get, '/order_articles/{id}', 404, api_auth({ 'id' => Article.last.id + 1 })) } it { is_expected.to validate(:get, '/order_articles/{id}', 404, api_auth({ 'id' => Article.last.id + 1 })) }
it_handles_invalid_token_and_scope(:get, '/order_articles') # it_handles_invalid_token_and_scope(:get, '/order_articles')
it_handles_invalid_token_and_scope(:get, '/order_articles/{id}', -> { api_auth({ 'id' => order_article.id }) }) # it_handles_invalid_token_and_scope(:get, '/order_articles/{id}', -> { api_auth({ 'id' => order_article.id }) })
end end
context 'article_categories' do context 'article_categories' do
@ -270,8 +270,8 @@ describe 'API v1', type: :apivore, order: :defined do
it { is_expected.to validate(:get, '/article_categories/{id}', 200, api_auth({ 'id' => cat_2.id })) } it { is_expected.to validate(:get, '/article_categories/{id}', 200, api_auth({ 'id' => cat_2.id })) }
it { is_expected.to validate(:get, '/article_categories/{id}', 404, api_auth({ 'id' => cat_2.id + 1 })) } it { is_expected.to validate(:get, '/article_categories/{id}', 404, api_auth({ 'id' => cat_2.id + 1 })) }
it_handles_invalid_token(:get, '/article_categories') #it_handles_invalid_token(:get, '/article_categories')
it_handles_invalid_token(:get, '/article_categories/{id}', -> { api_auth({ 'id' => cat_1.id }) }) #it_handles_invalid_token(:get, '/article_categories/{id}', -> { api_auth({ 'id' => cat_1.id }) })
end end
end end

32
spec/requests/api/users_spec.rb
View file

@ -1,33 +1,39 @@
require 'swagger_helper' require 'swagger_helper'
describe 'Users API', type: :request do describe 'Users API', type: :request do
include ApiHelper
path '/user' do path '/user' do
get 'info about the currently logged-in user' do get 'info about the currently logged-in user' do
# security [oauth2: []] tags 'User'
tags '1. User'
produces 'application/json' produces 'application/json'
let(:user) { create(:user) } let(:api_scopes) { ['user:read'] }
let(:api_access_token) { create(:oauth2_access_token, resource_owner_id: user.id, scopes: api_scopes&.join(' ')).token } let(:other_user_1) { create :user }
let(:Authorization) { "Bearer #{api_access_token}" } let(:user) { create :user }
let(:other_user_2) { create :user }
response '200', 'success' do response '200', 'success' do
let(:api_scopes) { ['user:read'] }
run_test! do |response| run_test! do |response|
data = JSON.parse(response.body) data = JSON.parse(response.body)
expect(data['user']['id']).to eq(user.id) expect(data['user']['id']).to eq(user.id)
end end
end end
response '403', 'missing scope' do it_handles_invalid_token_and_scope
let(:api_scopes) { [] } end
end
path '/user/financial_overview' do
get 'financial summary about the currently logged-in user' do
tags 'User', 'FinancialTransaction'
let!(:user) { create :user, :ordergroup }
response 200, 'success' do
let(:api_scopes) { ['finance:user'] }
run_test! run_test!
end end
it_handles_invalid_token_and_scope
response '401', 'not logged-in' do
let(:Authorization) { "" }
run_test!
end
end end
end end
end end

24
spec/support/api_helper.rb
View file

@ -5,21 +5,26 @@ module ApiHelper
let(:user) { create(:user) } let(:user) { create(:user) }
let(:api_scopes) { [] } # empty scopes for stricter testing (in reality this would be default_scopes) let(:api_scopes) { [] } # empty scopes for stricter testing (in reality this would be default_scopes)
let(:api_access_token) { create(:oauth2_access_token, resource_owner_id: user.id, scopes: api_scopes&.join(' ')).token } let(:api_access_token) { create(:oauth2_access_token, resource_owner_id: user.id, scopes: api_scopes&.join(' ')).token }
let(:api_authorization) { "Bearer #{api_access_token}" } let(:Authorization) { "Bearer #{api_access_token}" }
def self.it_handles_invalid_token(method, path, params_block = -> { api_auth }) # TODO: not needed anymore?
def self.it_handles_invalid_token()
context 'with invalid access token' do context 'with invalid access token' do
let(:api_access_token) { 'abc' } let(:Authorization) { 'abc' }
it { is_expected.to validate(method, path, 401, instance_exec(&params_block)) } response 401, 'not logged-in' do
run_test!
end
end end
end end
def self.it_handles_invalid_scope(method, path, params_block = -> { api_auth }) def self.it_handles_invalid_scope()
context 'with invalid scope' do context 'with invalid scope' do
let(:api_scopes) { ['none'] } let(:api_scopes) { ['none'] }
it { is_expected.to validate(method, path, 403, instance_exec(&params_block)) } response 403, 'missing scope' do
run_test!
end
end end
end end
@ -33,7 +38,8 @@ module ApiHelper
# @param params [Hash] Query parameters # @param params [Hash] Query parameters
# @return Query parameters with authentication header # @return Query parameters with authentication header
# @see Swagger::RspecHelpers#validate # @see Swagger::RspecHelpers#validate
def api_auth(params = {}) # def api_auth(params = {})
{ '_headers' => { 'Authorization' => api_authorization } }.deep_merge(params) # { '_headers' => { 'Authorization' => api_authorization } }.deep_merge(params)
end # end
# TODO: not needed anymore
end end

19
swagger/v1/swagger.yaml
View file

@ -8,14 +8,27 @@ paths:
get: get:
summary: info about the currently logged-in user summary: info about the currently logged-in user
tags: tags:
- 1. User - User
responses: responses:
'200': '200':
description: success description: success
'403':
description: missing scope
'401': '401':
description: not logged-in description: not logged-in
'403':
description: missing scope
"/user/financial_overview":
get:
summary: financial summary about the currently logged-in user
tags:
- User
- FinancialTransaction
responses:
'200':
description: success
'401':
description: not logged-in
'403':
description: missing scope
components: components:
securitySchemes: securitySchemes:
oauth2: oauth2: