Upstream sync

spec/controllers/api/user_token_controller_spec.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe Api::UserTokenController, type: :request do
+  let(:current_user) { create(:user) }
+
+  describe '#create' do
+    it 'returns error if credentials are not corrent and does not set cookie' do
+
+      post create_endpoint, params: wrong_auth_params
+
+      expect(response).to be_successful
+      expect(response.body).to match record_not_found
+      expect(cookie_data).to eq nil
+    end
+
+    it 'sends token and cookie if credentials are correct' do
+      post create_endpoint, params: correct_auth_params
+
+      expect(response).to be_successful
+      expect(response.body).not_to match record_not_found
+      expect(response.body).to match token_response
+      expect(cookie_data).not_to eq nil
+    end
+  end
+
+  private
+
+  def wrong_auth_params
+    {
+      auth: {
+        email: 'wrong_email@api-test.com',
+        password: 'password'
+      }
+    }
+  end
+
+  def correct_auth_params
+    {
+      auth: {
+        email: current_user.email,
+        password: 'password'
+      }
+    }
+  end
+
+  def create_endpoint
+    '/api/v1/user_token'
+  end
+
+  def record_not_found
+    /Record not found/
+  end
+
+  def token_response
+    /jwt/
+  end
+
+  def cookie_data
+    cookies[:_easy_release_session]
+  end
+end

spec/controllers/api/users_controller_spec.rb

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe Api::UsersController, type: :controller do
+  before do
+    ENV['CUSTOM_API_TOKEN'] = "custom_token"
+  end
+  describe '#create' do
+    context 'Invalid token' do
+      it 'Returns 401 (Unauthorized) status if token is not valid' do
+
+        post :create
+
+        expect(response).not_to be_successful
+        expect(response).to have_http_status(401)
+      end
+    end
+
+    context 'Valid token' do
+      before :each do
+        controller.request.env['HTTP_AUTHORIZATION'] = 'Bearer custom_token'
+      end
+
+      it 'Returns Server error if user param is missing' do
+        user_count = User.all.count
+
+        expect do
+          post :create
+        end.to raise_exception ActionController::ParameterMissing
+
+        expect(User.all.count).to eq user_count
+      end
+
+      it 'Returns Server Error if email or password is missing' do
+        user_count = User.all.count
+
+        expect do
+          post :create, params: { user: { email: "a@b.com" } }
+        end.to raise_exception ActionController::ParameterMissing
+
+        expect do
+          post :create, params: { user: { password: "123" } }
+        end.to raise_exception ActionController::ParameterMissing
+
+        expect(User.all.count).to eq user_count
+      end
+
+      it 'Returns Server Error if body contains not permitted params' do
+        user_count = User.all.count
+
+        expect do
+          post :create, params: { user: { email: "a@b.com", password: "123", admin: true } }
+        end.to raise_exception ActionController::UnpermittedParameters
+
+        expect(User.all.count).to eq user_count
+      end
+
+      it 'Creates user if body contains correct params' do
+        expect do
+          post :create, params: { user: { email: "a@b.com", password: "123" } }
+        end.to change(User, :count).by(1)
+
+        expect(response).to be_successful
+      end
+
+      it 'Nothing changes if existing email is used' do
+        create(:user, email: "a@b.com")
+
+        expect do
+          post :create, params: { user: { email: "a@b.com", password: "123" } }
+        end.not_to change(User, :count)
+
+        expect(response).to be_successful
+      end
+    end
+  end
+end