add specs

.env.sample

@@ -27,6 +27,3 @@ MUX_TOKEN_ID=
 MUX_TOKEN_SECRET=
 MUX_BROADCAST_SERVER_URL=rtmp://global-live.mux.com:5222/app
 MUX_TEST_MODE_DISABLED=
-
-# Required for creating user through API
-CUSTOM_API_TOKEN=

app/controllers/api/user_token_controller.rb

@@ -1,5 +1,12 @@
+# frozen_string_literal: true
+
+require './lib/knock_monkeypatch'
+
 class Api::UserTokenController < Knock::AuthTokenController
+  include Oath::ControllerHelpers
+
   skip_before_action :verify_authenticity_token
+  before_action :sign_in_user
 
   rescue_from Exception, :with => :return_error
 
@@ -10,7 +17,7 @@ class Api::UserTokenController < Knock::AuthTokenController
     logger.error "==Handled======="
     logger.error exception.message
     logger.error exception.backtrace.join("\n")
-    logger.error "==Handled=======" 
+    logger.error "==Handled======="
     case exception
     when ActiveRecord::RecordNotFound
       @status = 404
@@ -27,12 +34,18 @@ class Api::UserTokenController < Knock::AuthTokenController
     end
 
     # for some reason render json_errors is not working
-    # simulating JSON API support 
+    # simulating JSON API support
-    render json: { 
+    render json: {
       errors: [{
         status: @status.to_s,
         title: @message
       }]
     }
   end
+
+  private
+
+  def sign_in_user
+    sign_in(entity)
+  end
 end

app/controllers/api/users_controller.rb

@@ -1,33 +0,0 @@
-# frozen_string_literal: true
-
-class Api::UsersController < Api::ApiController
-  skip_before_action :authenticate_user
-  before_action :verify_custom_token, only: :create
-
-  def create
-    if user_params[:email].nil? || user_params[:password].nil?
-      raise ActionController::ParameterMissing.new 'Missing email or password'
-    end
-
-    user = Oath::Services::SignUp.new(user_params).perform
-    render json: user.slice(:email, :created_at, :first_name, :last_name)
-  end
-
-  private
-
-  def user_params
-    params.require(:user).permit(%i[
-                                   email
-                                   password
-                                   first_name
-                                   last_name
-                                 ])
-  end
-
-  def verify_custom_token
-    if token.blank? || token != ENV['CUSTOM_API_TOKEN']
-      unauthorized_entity(:user)
-    end
-  end
-
-end

config/routes.rb

@@ -158,7 +158,6 @@ Rails.application.routes.draw do
       scope 'v1' do
         get 'sync' => 'sync#index'
         post 'user_token' => 'user_token#create'
-        post 'users' => 'users#create'
         resource :profiles, only: [:show]
         resources :projects, only: [:index] do
           resources :broadcasts, only: [:index, :show, :update]

lib/knock_monkeypatch.rb

@@ -0,0 +1,7 @@
+module Knock
+  class AuthTokenController < ApplicationController
+    skip_before_action :authenticate
+    alias authenticate_with_token authenticate
+    before_action :authenticate_with_token
+  end
+end

spec/controllers/api/user_token_controller_spec.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe Api::UserTokenController, type: :request do
+  let(:current_user) { create(:user) }
+
+  describe '#create' do
+    it 'returns error if credentials are not corrent and does not set cookie' do
+
+      post create_endpoint, params: wrong_auth_params
+
+      expect(response).to be_successful
+      expect(response.body).to match record_not_found
+      expect(cookie_data).to eq nil
+    end
+
+    it 'sends token and cookie if credentials are correct' do
+      post create_endpoint, params: correct_auth_params
+
+      expect(response).to be_successful
+      expect(response.body).not_to match record_not_found
+      expect(response.body).to match token_response
+      expect(cookie_data).not_to eq nil
+    end
+  end
+
+  private
+
+  def wrong_auth_params
+    {
+      auth: {
+        email: 'wrong_email@api-test.com',
+        password: 'password'
+      }
+    }
+  end
+
+  def correct_auth_params
+    {
+      auth: {
+        email: current_user.email,
+        password: 'password'
+      }
+    }
+  end
+
+  def create_endpoint
+    '/api/v1/user_token'
+  end
+
+  def record_not_found
+    /Record not found/
+  end
+
+  def token_response
+    /jwt/
+  end
+
+  def cookie_data
+    cookies[:_easy_release_session]
+  end
+end

spec/controllers/api/users_controller_spec.rb

@@ -1,78 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-RSpec.describe Api::UsersController, type: :controller do
-  before do
-    ENV['CUSTOM_API_TOKEN'] = "custom_token"
-  end
-  describe '#create' do
-    context 'Invalid token' do
-      it 'Returns 401 (Unauthorized) status if token is not valid' do
-
-        post :create
-
-        expect(response).not_to be_successful
-        expect(response).to have_http_status(401)
-      end
-    end
-
-    context 'Valid token' do
-      before :each do
-        controller.request.env['HTTP_AUTHORIZATION'] = 'Bearer custom_token'
-      end
-
-      it 'Returns Server error if user param is missing' do
-        user_count = User.all.count
-
-        expect do
-          post :create
-        end.to raise_exception ActionController::ParameterMissing
-
-        expect(User.all.count).to eq user_count
-      end
-
-      it 'Returns Server Error if email or password is missing' do
-        user_count = User.all.count
-
-        expect do
-          post :create, params: { user: { email: "a@b.com" } }
-        end.to raise_exception ActionController::ParameterMissing
-
-        expect do
-          post :create, params: { user: { password: "123" } }
-        end.to raise_exception ActionController::ParameterMissing
-
-        expect(User.all.count).to eq user_count
-      end
-
-      it 'Returns Server Error if body contains not permitted params' do
-        user_count = User.all.count
-
-        expect do
-          post :create, params: { user: { email: "a@b.com", password: "123", admin: true } }
-        end.to raise_exception ActionController::UnpermittedParameters
-
-        expect(User.all.count).to eq user_count
-      end
-
-      it 'Creates user if body contains correct params' do
-        expect do
-          post :create, params: { user: { email: "a@b.com", password: "123" } }
-        end.to change(User, :count).by(1)
-
-        expect(response).to be_successful
-      end
-
-      it 'Nothing changes if existing email is used' do
-        create(:user, email: "a@b.com")
-
-        expect do
-          post :create, params: { user: { email: "a@b.com", password: "123" } }
-        end.not_to change(User, :count)
-
-        expect(response).to be_successful
-      end
-    end
-  end
-end