2023-01-05 13:45:47 +01:00
4 changed files with 16 additions and 7 deletions
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@ -3,18 +3,29 @@ require 'swagger_helper'
 describe 'Users API', type: :request do
  path '/user' do
    get 'info about the currently logged-in user' do
+      # security [oauth2: []]
      tags '1. User'
      produces 'application/json'
+      let(:user) { create(:user) }
+      let(:api_access_token) { create(:oauth2_access_token, resource_owner_id: user.id, scopes: api_scopes&.join(' ')).token }
+      let(:Authorization) { "Bearer #{api_access_token}" }

      response '200', 'success' do
+        let(:api_scopes) { ['user:read'] }
        run_test! do |response|
-          let(:Authorization) { "Basic #{::Base64.strict_encode64('jsmith:jspass')}" }
          data = JSON.parse(response.body)
-          # expect(data[])
+          expect(data['user']['id']).to eq(user.id)
        end
      end

+      response '403', 'missing scope' do
+        let(:api_scopes) { [] }
+        run_test!
+      end
+
+
      response '401', 'not logged-in' do
+        let(:Authorization) { "" }
        run_test!
      end
    end
--- a/spec/swagger_helper.rb
+++ b/spec/swagger_helper.rb
@ -26,8 +26,6 @@ RSpec.configure do |config|
        securitySchemes: {
          oauth2: {
            type: :oauth2,
-            in: :header,
-            name: 'Authorization',
            flows: {
              implicit: {
                authorizationUrl: 'http://localhost:3000/f/oauth/authorize',
--- a/swagger/v1/swagger.yaml
+++ b/swagger/v1/swagger.yaml
@ -12,14 +12,14 @@ paths:
      responses:
        '200':
          description: success
+        '403':
+          description: missing scope
        '401':
          description: not logged-in
 components:
  securitySchemes:
    oauth2:
      type: oauth2
-      in: header
-      name: Authorization
      flows:
        implicit:
          authorizationUrl: http://localhost:3000/f/oauth/authorize