fix MR comments

.env.sample

@@ -27,3 +27,6 @@ MUX_TOKEN_ID=
 MUX_TOKEN_SECRET=
 MUX_BROADCAST_SERVER_URL=rtmp://global-live.mux.com:5222/app
 MUX_TEST_MODE_DISABLED=
+
+# Required for creating user through API
+CUSTOM_API_TOKEN=

app/controllers/api/user_token_controller.rb

@@ -1,12 +1,5 @@
-# frozen_string_literal: true
-
-require './lib/knock_monkeypatch'
-
 class Api::UserTokenController < Knock::AuthTokenController
-  include Oath::ControllerHelpers
-
   skip_before_action :verify_authenticity_token
-  before_action :sign_in_user
 
   rescue_from Exception, :with => :return_error
 
@@ -42,10 +35,4 @@ class Api::UserTokenController < Knock::AuthTokenController
       }]
     }
   end
-
-  private
-
-  def sign_in_user
-    sign_in(entity)
-  end
 end

app/controllers/api/users_controller.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+class Api::UsersController < Api::ApiController
+  skip_before_action :authenticate_user
+  before_action :verify_custom_token, only: :create
+
+  def create
+    if user_params[:email].nil? || user_params[:password].nil?
+      raise ActionController::ParameterMissing.new 'Missing email or password'
+    end
+
+    user = Oath::Services::SignUp.new(user_params).perform
+    render json: user.slice(:email, :created_at, :first_name, :last_name)
+  end
+
+  private
+
+  def user_params
+    params.require(:user).permit(%i[
+                                   email
+                                   password
+                                   first_name
+                                   last_name
+                                 ])
+  end
+
+  def verify_custom_token
+    if token.blank? || token != ENV['CUSTOM_API_TOKEN']
+      unauthorized_entity(:user)
+    end
+  end
+
+end

config/routes.rb

@@ -158,6 +158,7 @@ Rails.application.routes.draw do
       scope 'v1' do
         get 'sync' => 'sync#index'
         post 'user_token' => 'user_token#create'
+        post 'users' => 'users#create'
         resource :profiles, only: [:show]
         resources :projects, only: [:index] do
           resources :broadcasts, only: [:index, :show, :update]

lib/knock_monkeypatch.rb

@@ -1,7 +0,0 @@
-module Knock
-  class AuthTokenController < ApplicationController
-    skip_before_action :authenticate
-    alias authenticate_with_token authenticate
-    before_action :authenticate_with_token
-  end
-end

spec/controllers/api/user_token_controller_spec.rb

@@ -1,63 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-RSpec.describe Api::UserTokenController, type: :request do
-  let(:current_user) { create(:user) }
-
-  describe '#create' do
-    it 'returns error if credentials are not corrent and does not set cookie' do
-
-      post create_endpoint, params: wrong_auth_params
-
-      expect(response).to be_successful
-      expect(response.body).to match record_not_found
-      expect(cookie_data).to eq nil
-    end
-
-    it 'sends token and cookie if credentials are correct' do
-      post create_endpoint, params: correct_auth_params
-
-      expect(response).to be_successful
-      expect(response.body).not_to match record_not_found
-      expect(response.body).to match token_response
-      expect(cookie_data).not_to eq nil
-    end
-  end
-
-  private
-
-  def wrong_auth_params
-    {
-      auth: {
-        email: 'wrong_email@api-test.com',
-        password: 'password'
-      }
-    }
-  end
-
-  def correct_auth_params
-    {
-      auth: {
-        email: current_user.email,
-        password: 'password'
-      }
-    }
-  end
-
-  def create_endpoint
-    '/api/v1/user_token'
-  end
-
-  def record_not_found
-    /Record not found/
-  end
-
-  def token_response
-    /jwt/
-  end
-
-  def cookie_data
-    cookies[:_easy_release_session]
-  end
-end

spec/controllers/api/users_controller_spec.rb

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe Api::UsersController, type: :controller do
+  before do
+    ENV['CUSTOM_API_TOKEN'] = "custom_token"
+  end
+  describe '#create' do
+    context 'Invalid token' do
+      it 'Returns 401 (Unauthorized) status if token is not valid' do
+
+        post :create
+
+        expect(response).not_to be_successful
+        expect(response).to have_http_status(401)
+      end
+    end
+
+    context 'Valid token' do
+      before :each do
+        controller.request.env['HTTP_AUTHORIZATION'] = 'Bearer custom_token'
+      end
+
+      it 'Returns Server error if user param is missing' do
+        user_count = User.all.count
+
+        expect do
+          post :create
+        end.to raise_exception ActionController::ParameterMissing
+
+        expect(User.all.count).to eq user_count
+      end
+
+      it 'Returns Server Error if email or password is missing' do
+        user_count = User.all.count
+
+        expect do
+          post :create, params: { user: { email: "a@b.com" } }
+        end.to raise_exception ActionController::ParameterMissing
+
+        expect do
+          post :create, params: { user: { password: "123" } }
+        end.to raise_exception ActionController::ParameterMissing
+
+        expect(User.all.count).to eq user_count
+      end
+
+      it 'Returns Server Error if body contains not permitted params' do
+        user_count = User.all.count
+
+        expect do
+          post :create, params: { user: { email: "a@b.com", password: "123", admin: true } }
+        end.to raise_exception ActionController::UnpermittedParameters
+
+        expect(User.all.count).to eq user_count
+      end
+
+      it 'Creates user if body contains correct params' do
+        expect do
+          post :create, params: { user: { email: "a@b.com", password: "123" } }
+        end.to change(User, :count).by(1)
+
+        expect(response).to be_successful
+      end
+
+      it 'Nothing changes if existing email is used' do
+        create(:user, email: "a@b.com")
+
+        expect do
+          post :create, params: { user: { email: "a@b.com", password: "123" } }
+        end.not_to change(User, :count)
+
+        expect(response).to be_successful
+      end
+    end
+  end
+end