api_guardian 0.1.0.pre

data/spec/requests/users_controller_spec.rb

@@ -0,0 +1,75 @@
+describe 'ApiGuardian::UsersController' do
+  # Authentication and permissions are tested elsewhere
+  before(:each) { @routes = ApiGuardian::Engine.routes }
+  before(:each) { seed_permissions('user') }
+  before(:each) { auth_user }
+  after(:each) { destroy_user }
+
+  describe 'RESOURCE /users' do
+    describe 'GET /' do
+      it 'returns a list of users' do
+        add_user_permission('user:read')
+
+        get '/users', {}, get_headers
+
+        expect(response).to have_http_status(:ok)
+      end
+    end
+
+    describe 'POST /' do
+      it 'creates a new user' do
+        add_user_permission('user:create')
+        user = create(:user)
+
+        allow_any_instance_of(ApiGuardian::Stores::UserStore).to receive(:create).and_return(user)
+
+        data = { data: { type: 'users', attributes: { name: '', default: false, permissions: [] } } }
+
+        post '/users', data.to_json, get_headers
+
+        expect(response).to have_http_status(:created)
+      end
+    end
+
+    describe 'GET /{:permission_id}' do
+      it 'gets a user by id' do
+        add_user_permission('user:read')
+        user = create(:user)
+
+        allow_any_instance_of(ApiGuardian::Stores::UserStore).to receive(:find).and_return(user)
+
+        get "/users/#{user.id}", {}, get_headers
+
+        expect(response).to have_http_status(:ok)
+      end
+    end
+
+    describe 'PATCH /{:permission_id}' do
+      it 'updates a user by id' do
+        add_user_permission('user:update')
+        user = create(:user)
+
+        allow_any_instance_of(ApiGuardian::Stores::UserStore).to receive(:update).and_return(user)
+
+        data = { data: { type: 'users', id: "#{user.id}", attributes: { name: Faker::Lorem.word, default: false } } }
+
+        patch "/users/#{user.id}", data.to_json, get_headers
+
+        expect(response).to have_http_status(:ok)
+      end
+    end
+
+    describe 'DELETE /{:permission_id}' do
+      it 'deletes a user by id' do
+        add_user_permission('user:delete')
+        user = create(:user)
+
+        allow_any_instance_of(ApiGuardian::Stores::UserStore).to receive(:destroy).and_return(user)
+
+        delete "/users/#{user.id}", {}, get_headers
+
+        expect(response).to have_http_status(:no_content)
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,138 @@
+# Configure Rails Environment
+ENV["RAILS_ENV"] = "test"
+
+require File.expand_path("../dummy/config/environment.rb",  __FILE__)
+require 'capybara/rspec'
+require 'pundit/rspec'
+require 'rspec/rails'
+require 'factory_girl_rails'
+require 'simplecov'
+require 'coveralls'
+require 'faker'
+require 'database_cleaner'
+require "shoulda/matchers"
+require 'support/matchers'
+require 'support/request_helpers'
+require 'rspec-activemodel-mocks'
+
+Rails.backtrace_cleaner.remove_silencers!
+ActiveRecord::Migration.maintain_test_schema!
+
+if ENV['IS_CODESHIP']
+  SimpleCov.formatter = Coveralls::SimpleCov::Formatter
+  Coveralls.wear!('rails')
+end
+
+SimpleCov.start do
+  add_group 'Controllers', 'app/controllers'
+  add_group 'Models', 'app/models'
+  add_group 'Serializers', 'app/serializers'
+  add_group 'Engine::Concerns', 'lib/api_guardian/concerns'
+  add_group 'Engine::Policies', 'lib/api_guardian/policies'
+  add_group 'Engine::Errors', 'lib/api_guardian/errors'
+  add_group 'Engine::Stores', 'lib/api_guardian/stores'
+  add_filter 'db'
+  add_filter 'spec'
+end
+
+# Eager load for code coverages purposes
+Dir[Rails.root.parent.parent.join('app/controllers/**/*.rb')].each { |f| require f }
+Dir[Rails.root.parent.parent.join('app/models/**/*.rb')].each { |f| require f }
+Dir[Rails.root.parent.parent.join('app/serializers/**/*.rb')].each { |f| require f }
+Dir[Rails.root.parent.parent.join('lib/**/*.rb')].each { |f| require f }
+
+# Load support files
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
+
+RSpec.configure do |config|
+  config.include Rails.application.routes.url_helpers
+
+  # If you're not using ActiveRecord, or you'd prefer not to run each of your
+  # examples within a transaction, remove the following line or assign false
+  # instead of true.
+  config.use_transactional_fixtures = false
+
+  # RSpec Rails can automatically mix in different behaviours to your tests
+  # based on their file location, for example enabling you to call `get` and
+  # `post` in specs under `spec/controllers`.
+  #
+  # You can disable this behaviour by removing the line below, and instead
+  # explicitly tag your specs with their type, e.g.:
+  #
+  #     RSpec.describe UsersController, :type => :controller do
+  #       # ...
+  #     end
+  #
+  # The different available types are documented in the features, such as in
+  # https://relishapp.com/rspec/rspec-rails/docs
+  config.infer_spec_type_from_file_location!
+
+  # rspec-expectations config goes here. You can use an alternate
+  # assertion/expectation library such as wrong or the stdlib/minitest
+  # assertions if you prefer.
+  config.expect_with :rspec do |expectations|
+    # This option will default to `true` in RSpec 4. It makes the `description`
+    # and `failure_message` of custom matchers include text for helper methods
+    # defined using `chain`, e.g.:
+    # be_bigger_than(2).and_smaller_than(4).description
+    #   # => "be bigger than 2 and smaller than 4"
+    # ...rather than:
+    #   # => "be bigger than 2"
+    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
+  end
+
+  # rspec-mocks config goes here. You can use an alternate test double
+  # library (such as bogus or mocha) by changing the `mock_with` option here.
+  config.mock_with :rspec do |mocks|
+    # Prevents you from mocking or stubbing a method that does not exist on
+    # a real object. This is generally recommended, and will default to
+    # `true` in RSpec 4.
+    mocks.verify_partial_doubles = true
+  end
+
+  # Use color in STDOUT
+  config.color = true
+
+  # Use color not only in STDOUT but also in pagers and files
+  config.tty = true
+
+  # Use the specified formatter
+  config.formatter = 'Fuubar' # :progress, :html, :textmate
+
+  config.order = "random"
+
+  config.before(:suite) do
+    DatabaseCleaner.clean_with(:truncation)
+  end
+
+  config.before(:each) do
+    DatabaseCleaner.strategy = :transaction
+  end
+
+  config.before(:each, js: true) do
+    DatabaseCleaner.strategy = :truncation
+  end
+
+  config.before(:each) do
+    DatabaseCleaner.start
+  end
+
+  config.after(:each) do
+    DatabaseCleaner.clean
+  end
+
+  config.include FactoryGirl::Syntax::Methods
+  config.include Requests::JsonHelpers, type: :request
+  config.include Requests::AuthHelpers, type: :request
+  config.include Requests::ErrorHelpers, type: :request
+end
+
+Shoulda::Matchers.configure do |config|
+  config.integrate do |with|
+    # Choose a test framework:
+    with.test_framework :rspec
+
+    # Choose one or more libraries:
+    with.library :rails
+  end
+end

data/spec/stores/base_spec.rb

@@ -0,0 +1,113 @@
+describe ApiGuardian::Stores::Base do
+  subject { ApiGuardian::Stores::Base.new(scope) }
+
+  let(:scope) { double(ApiGuardian::Policies::ApplicationPolicy::Scope) }
+
+  # Delegates
+  describe 'delegates' do
+    it { should delegate_method(:new).to(:resource_class) }
+  end
+
+  # Methods
+  describe 'methods' do
+    # using the user model to test the base store
+    let(:user) { double(ApiGuardian::User) }
+
+    before(:each) do
+      allow_any_instance_of(ApiGuardian::Stores::Base).to receive(:resource_class).and_return(user)
+    end
+
+    describe '#all' do
+      it 'returns objects via scope' do
+        expect(scope).to receive(:all)
+        subject.all
+      end
+    end
+
+    describe '#paginate' do
+      context 'returns objects via scope with pagination' do
+        it 'without arguments' do
+          expect(scope).to receive(:page).with(1).and_return(scope)
+          expect(scope).to receive(:per).with(25)
+
+          subject.paginate
+        end
+
+        it 'with arguments' do
+          expect(scope).to receive(:page).with(10).and_return(scope)
+          expect(scope).to receive(:per).with(50)
+
+          subject.paginate(10, 50)
+        end
+      end
+    end
+
+    describe '#find' do
+      it 'errors on missing record' do
+        expect(user).to receive(:find).and_return(nil)
+
+        expect { subject.find(1) }.to raise_error ActiveRecord::RecordNotFound
+      end
+
+      it 'returns record if found' do
+        a_user = double(ApiGuardian::User)
+        expect(user).to receive(:find).and_return(a_user)
+
+        result = subject.find(1)
+
+        expect(result).to eq a_user
+      end
+    end
+
+    describe '#save' do
+      it 'saves a record' do
+        a_user = instance_double(ApiGuardian::User)
+        expect(a_user).to receive(:save!)
+
+        subject.save(a_user)
+      end
+    end
+
+    describe '#create' do
+      it 'errors on invalid record' do
+        attributes = {}
+        new_user = mock_model(ApiGuardian::User)
+        expect(new_user).to receive(:valid?).and_return(false)
+        expect(user).to receive(:new).with(attributes).and_return(new_user)
+
+        expect { subject.create(attributes) }.to raise_error ActiveRecord::RecordInvalid
+      end
+
+      it 'creates a record' do
+        attributes = {}
+        new_user = mock_model(ApiGuardian::User)
+        expect(new_user).to receive(:valid?).and_return(true)
+        expect(user).to receive(:new).with(attributes).and_return(new_user)
+        expect(subject).to receive(:save).with(new_user)
+
+        result = subject.create(attributes)
+
+        expect(result).to eq new_user
+      end
+    end
+
+    describe '#update' do
+      it 'updates a record' do
+        attributes = {}
+        a_user = instance_double(ApiGuardian::User)
+        expect(a_user).to receive(:update_attributes!).with(attributes)
+
+        subject.update(a_user, attributes)
+      end
+    end
+
+    describe '#destroy' do
+      it 'destroys a record' do
+        a_user = instance_double(ApiGuardian::User)
+        expect(a_user).to receive(:destroy!)
+
+        subject.destroy(a_user)
+      end
+    end
+  end
+end

data/spec/stores/permission_store_spec.rb

@@ -0,0 +1,2 @@
+describe ApiGuardian::Stores::PermissionStore do
+end

data/spec/stores/role_store_spec.rb

@@ -0,0 +1,12 @@
+describe ApiGuardian::Stores::RoleStore do
+  # Methods
+  describe 'methods' do
+    describe '.default_role' do
+      it 'should return the default role' do
+        expect(ApiGuardian::Role).to receive(:default_role)
+
+        ApiGuardian::Stores::RoleStore.default_role
+      end
+    end
+  end
+end

data/spec/stores/user_store_spec.rb

@@ -0,0 +1,144 @@
+describe ApiGuardian::Stores::UserStore do
+  # Methods
+  describe 'methods' do
+    describe '#find_by_email' do
+      it 'should find user by email' do
+        expect(ApiGuardian::User).to receive(:find_by_email).with('test')
+
+        subject.find_by_email('test')
+      end
+    end
+
+    describe '#find_by_reset_password_token' do
+      it 'should find user by reset password token' do
+        expect(ApiGuardian::User).to receive(:find_by_reset_password_token).with('test')
+
+        subject.find_by_reset_password_token('test')
+      end
+    end
+
+    describe '#create' do
+      it 'should set default attributes before saving' do
+        attributes = {}
+        role = mock_model(ApiGuardian::Role)
+        expect(role).to receive(:id).and_return(1)
+        expect(ApiGuardian::Stores::RoleStore).to receive(:default_role).and_return(role)
+        expect_any_instance_of(ApiGuardian::User).to receive(:valid?).and_return(true)
+        expect_any_instance_of(ApiGuardian::User).to receive(:save!).and_return(true)
+
+        subject.create(attributes)
+
+        expect(attributes[:role_id]).to eq 1
+        expect(attributes[:email_confirmed_at]).to be_a(DateTime)
+        expect(attributes[:active]).to eq true
+      end
+    end
+
+    describe '.register' do
+      it 'fails on invalid attributes' do
+        role = mock_model(ApiGuardian::Role)
+        expect(role).to receive(:id).and_return(1)
+        expect(ApiGuardian::Stores::RoleStore).to receive(:default_role).and_return(role)
+        allow_any_instance_of(ApiGuardian::User).to receive(:valid?).and_return(false)
+
+        expect { ApiGuardian::Stores::UserStore.register({}) }.to raise_error ActiveRecord::RecordInvalid
+      end
+
+      it 'creates inactive user with unconfirmed email and default role' do
+        role = mock_model(ApiGuardian::Role)
+        user = create(:user)
+        expect(role).to receive(:id).and_return(1)
+        expect(ApiGuardian::Stores::RoleStore).to receive(:default_role).and_return(role)
+        expect(ApiGuardian::User).to receive(:new).and_return(user)
+        expect_any_instance_of(ApiGuardian::User).to receive(:valid?).and_return(true)
+        expect_any_instance_of(ApiGuardian::User).to receive(:save!).and_return(true)
+
+        result = ApiGuardian::Stores::UserStore.register({})
+
+        expect(result.role_id).to eq user.role_id
+        expect(result.active).to be false
+        expect(result.email_confirmed_at).to be nil
+      end
+    end
+
+    describe '.reset_password' do
+      it 'resets on valid email' do
+        user = mock_model(ApiGuardian::User)
+        expect(user).to receive(:reset_password_token=)
+        expect(user).to receive(:reset_password_sent_at=)
+        expect(user).to receive(:save)
+
+        allow_any_instance_of(ApiGuardian::Stores::UserStore).to receive(:find_by_email).and_return(user)
+
+        result = ApiGuardian::Stores::UserStore.reset_password('email')
+
+        expect(result).to be true
+      end
+
+      it 'fails on invalid email' do
+        allow_any_instance_of(ApiGuardian::Stores::UserStore).to receive(:find_by_email).and_return(nil)
+
+        result = ApiGuardian::Stores::UserStore.reset_password('email')
+
+        expect(result).to be false
+      end
+    end
+
+    describe '.complete_reset_password' do
+      it 'fails on missing user' do
+        allow_any_instance_of(ApiGuardian::Stores::UserStore).to receive(:find_by_reset_password_token).and_return(nil)
+        expect(ApiGuardian::Stores::UserStore.complete_reset_password({})).to be false
+      end
+
+      it 'fails if token doesn\'t match user email' do
+        user = mock_model(ApiGuardian::User)
+        expect(user).to receive(:email).and_return('bar')
+        allow_any_instance_of(ApiGuardian::Stores::UserStore).to receive(:find_by_reset_password_token).and_return(user)
+
+        expect { ApiGuardian::Stores::UserStore.complete_reset_password(email: 'foo') }.to raise_error ApiGuardian::Errors::ResetTokenUserMismatchError
+      end
+
+      it 'fails if token is expired' do
+        user = mock_model(ApiGuardian::User)
+        expect(user).to receive(:email).and_return('bar')
+        expect(user).to receive(:reset_password_token_valid?).and_return(false)
+        allow_any_instance_of(ApiGuardian::Stores::UserStore).to receive(:find_by_reset_password_token).and_return(user)
+
+        expect { ApiGuardian::Stores::UserStore.complete_reset_password(email: 'bar') }.to raise_error ApiGuardian::Errors::ResetTokenExpiredError
+      end
+
+      it 'fails if the new password is missing' do
+        user = mock_model(ApiGuardian::User)
+        allow_any_instance_of(ApiGuardian::Stores::UserStore).to receive(:find_by_reset_password_token).and_return(user)
+        expect(user).to receive(:email).and_return('foo')
+        expect(user).to receive(:reset_password_token_valid?).and_return(true)
+        expect(user).to receive(:password)
+        expect_any_instance_of(ActionController::Parameters).to receive(:fetch).with(:password, nil).and_return(nil)
+        expect { ApiGuardian::Stores::UserStore.complete_reset_password(ActionController::Parameters.new(email: 'foo')) }.to raise_error ActiveRecord::RecordInvalid
+      end
+
+      it 'resets on valid attributes' do
+        user = mock_model(ApiGuardian::User)
+        allow_any_instance_of(ApiGuardian::Stores::UserStore).to receive(:find_by_reset_password_token).and_return(user)
+        expect(user).to receive(:email).and_return('foo')
+        expect(user).to receive(:reset_password_token_valid?).and_return(true)
+        expect_any_instance_of(ActionController::Parameters).to receive(:fetch).with(:password, nil).and_return('password')
+        expect(user).to receive(:assign_attributes)
+        expect(user).to receive(:save!)
+        expect(user).to receive(:reset_password_token=)
+        expect(user).to receive(:reset_password_sent_at=)
+        expect(user).to receive(:save)
+
+        attributes = ActionController::Parameters.new(
+          email: 'foo',
+          password: 'password',
+          password_confirmation: 'password'
+        )
+
+        expect(ApiGuardian::Stores::UserStore.complete_reset_password(attributes)).to be true
+        expect(user.reset_password_token).to be nil
+        expect(user.reset_password_sent_at).to be nil
+      end
+    end
+  end
+end