mirror of https://github.com/docusealco/docuseal
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
99 lines
3.4 KiB
99 lines
3.4 KiB
# frozen_string_literal: true
|
|
|
|
describe 'ApplicationController' do
|
|
let(:account) { create(:account) }
|
|
let(:user) { create(:user, account: account) }
|
|
let(:token) { user.access_token.token }
|
|
|
|
describe 'token authentication methods' do
|
|
let(:controller) { ApplicationController.new }
|
|
|
|
let(:request_double) { instance_double(ActionDispatch::Request, headers: {}) }
|
|
|
|
before do
|
|
allow(controller).to receive_messages(
|
|
request: request_double,
|
|
params: {},
|
|
session: {},
|
|
signed_in?: false
|
|
)
|
|
end
|
|
|
|
describe '#maybe_authenticate_via_token' do
|
|
it 'signs in user with valid token in header' do
|
|
request_double_with_token = instance_double(ActionDispatch::Request, headers: { 'X-Auth-Token' => token })
|
|
allow(controller).to receive(:request).and_return(request_double_with_token)
|
|
allow(controller).to receive(:sign_in)
|
|
|
|
controller.send(:maybe_authenticate_via_token)
|
|
|
|
expect(controller).to have_received(:sign_in).with(user)
|
|
end
|
|
|
|
it 'does nothing with invalid token' do
|
|
request_double_with_invalid = instance_double(ActionDispatch::Request, headers: { 'X-Auth-Token' => 'invalid' })
|
|
allow(controller).to receive(:request).and_return(request_double_with_invalid)
|
|
allow(controller).to receive(:sign_in)
|
|
|
|
controller.send(:maybe_authenticate_via_token)
|
|
|
|
expect(controller).not_to have_received(:sign_in)
|
|
end
|
|
end
|
|
|
|
describe '#authenticate_via_token!' do
|
|
it 'renders error with no token' do
|
|
allow(controller).to receive(:render)
|
|
|
|
controller.send(:authenticate_via_token!)
|
|
|
|
expect(controller).to have_received(:render).with(
|
|
json: { error: 'Authentication required. Please provide a valid auth_token.' },
|
|
status: :unauthorized
|
|
)
|
|
end
|
|
|
|
it 'renders error with invalid token' do
|
|
request_double_with_invalid = instance_double(ActionDispatch::Request, headers: { 'X-Auth-Token' => 'invalid' })
|
|
allow(controller).to receive(:request).and_return(request_double_with_invalid)
|
|
allow(controller).to receive(:render)
|
|
|
|
controller.send(:authenticate_via_token!)
|
|
|
|
expect(controller).to have_received(:render).with(
|
|
json: { error: 'Authentication required. Please provide a valid auth_token.' },
|
|
status: :unauthorized
|
|
)
|
|
end
|
|
|
|
it 'does not render error with valid token' do
|
|
request_double_with_token = instance_double(ActionDispatch::Request, headers: { 'X-Auth-Token' => token })
|
|
allow(controller).to receive(:request).and_return(request_double_with_token)
|
|
allow(controller).to receive_messages(sign_in: nil, render: nil)
|
|
|
|
controller.send(:authenticate_via_token!)
|
|
|
|
expect(controller).not_to have_received(:render)
|
|
expect(controller).to have_received(:sign_in).with(user)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'API authentication' do
|
|
context 'with valid token' do
|
|
it 'authenticates user' do
|
|
get '/api/submissions', headers: { 'X-Auth-Token': token }
|
|
expect(response).to have_http_status(:ok)
|
|
end
|
|
end
|
|
|
|
context 'with invalid token' do
|
|
it 'returns API-specific error message' do
|
|
get '/api/submissions', headers: { 'X-Auth-Token': 'invalid_token' }
|
|
expect(response).to have_http_status(:unauthorized)
|
|
expect(response.parsed_body).to eq({ 'error' => 'Not authenticated' })
|
|
end
|
|
end
|
|
end
|
|
end
|