haveapi 0.26.5 → 0.27.1

data/spec/action/runtime_spec.rb

@@ -0,0 +1,207 @@
+# frozen_string_literal: true
+
+describe HaveAPI::Action do
+  describe 'runtime' do
+    api do
+      define_resource(:Test) do
+        version 1
+        auth false
+
+        define_action(:Echo) do
+          http_method :post
+          authorize { allow }
+
+          class << self
+            attr_accessor :calls
+          end
+          self.calls = []
+
+          input do
+            string :msg
+          end
+
+          output do
+            string :msg
+          end
+
+          def exec
+            self.class.calls << :exec
+            { msg: input[:msg] }
+          end
+        end
+
+        define_action(:Order) do
+          http_method :post
+          authorize { allow }
+
+          class << self
+            attr_accessor :calls
+          end
+          self.calls = []
+
+          output do
+            bool :ok
+          end
+
+          def prepare
+            self.class.calls << :prepare
+          end
+
+          def pre_exec
+            self.class.calls << :pre_exec
+          end
+
+          def exec
+            self.class.calls << :exec
+            { ok: true }
+          end
+        end
+
+        define_action(:Abort) do
+          http_method :post
+          authorize { allow }
+
+          class << self
+            attr_accessor :calls
+          end
+          self.calls = []
+
+          output do
+            bool :ok
+          end
+
+          def exec
+            self.class.calls << :exec
+            error!('nope')
+            self.class.calls << :after_error
+            { ok: true }
+          end
+        end
+
+        define_action(:Boom) do
+          http_method :post
+          authorize { allow }
+
+          class << self
+            attr_accessor :calls
+          end
+          self.calls = []
+
+          output do
+            bool :ok
+          end
+
+          def exec
+            self.class.calls << :exec
+            raise 'boom'
+          end
+        end
+
+        define_action(:Block) do
+          http_method :post
+          authorize { allow }
+          blocking true
+
+          class << self
+            attr_accessor :calls
+          end
+          self.calls = []
+
+          output do
+            bool :ok
+          end
+
+          def exec
+            self.class.calls << :exec
+            { ok: true }
+          end
+
+          def state_id
+            nil
+          end
+        end
+      end
+    end
+
+    default_version 1
+
+    def action_class(name)
+      action, = find_action(1, :Test, name)
+      action
+    end
+
+    def with_exec_exception_hook
+      hooks = HaveAPI::Hooks.hooks
+      action_hooks = hooks[HaveAPI::Action][:exec_exception]
+      original = action_hooks[:listeners].dup
+
+      HaveAPI::Action.connect_hook(:exec_exception) do |ret, _context, e|
+        ret[:status] = false
+        ret[:message] = e.message
+        ret[:http_status] = 422
+        ret
+      end
+
+      yield
+    ensure
+      action_hooks[:listeners] = original
+    end
+
+    it '_meta.no suppresses metadata' do
+      action_class(:echo).calls.clear
+
+      call_api([:Test], :echo, { test: { msg: 'hi' }, _meta: { no: true } })
+
+      expect(last_response.status).to eq(200)
+      expect(api_response).to be_ok
+      expect(api_response.response).to have_key(:test)
+      expect(api_response.response).not_to have_key(:_meta)
+
+      call_api([:Test], :echo, { test: { msg: 'hi' }, _meta: { no: false } })
+
+      expect(last_response.status).to eq(200)
+      expect(api_response).to be_ok
+      expect(api_response.response).to have_key(:_meta)
+    end
+
+    it 'runs prepare, pre_exec, exec in order' do
+      action_class(:order).calls.clear
+
+      call_api([:Test], :order, {})
+
+      expect(api_response).to be_ok
+      expect(action_class(:order).calls).to eq(%i[prepare pre_exec exec])
+    end
+
+    it 'aborts execution when error! is called' do
+      action_class(:abort).calls.clear
+
+      call_api([:Test], :abort, {})
+
+      expect(api_response).not_to be_ok
+      expect(api_response.message).to eq('nope')
+      expect(action_class(:abort).calls).to include(:exec)
+      expect(action_class(:abort).calls).not_to include(:after_error)
+    end
+
+    it 'routes exec exceptions through hook' do
+      with_exec_exception_hook do
+        call_api([:Test], :boom, {})
+
+        expect(last_response.status).to eq(422)
+        expect(api_response).not_to be_ok
+        expect(api_response.message).to eq('boom')
+        expect(last_response.body).not_to match(/<html/i)
+      end
+    end
+
+    it 'adds action_state_id to meta for blocking actions' do
+      call_api([:Test], :block, {})
+
+      expect(api_response).to be_ok
+      meta = api_response.response[:_meta]
+      expect(meta).to be_a(Hash)
+      expect(meta).to have_key(:action_state_id)
+    end
+  end
+end

data/spec/action_state_spec.rb

@@ -0,0 +1,301 @@
+require 'time'
+
+module ActionStateSpec
+  FIXED_TIME = Time.utc(2020, 1, 1, 0, 0, 0)
+
+  class State
+    attr_reader :id, :label, :created_at, :updated_at, :status, :progress, :poll_calls
+
+    def initialize(id:, label: 'job', status: true, finished: false, can_cancel: false,
+                   progress: {}, valid: true, cancel_ret: true)
+      @id = id
+      @label = label
+      @status = status
+      @finished = finished
+      @can_cancel = can_cancel
+      @progress = progress
+      @valid = valid
+      @cancel_ret = cancel_ret
+      @poll_calls = 0
+      @created_at = FIXED_TIME
+      @updated_at = FIXED_TIME
+    end
+
+    def valid?
+      @valid
+    end
+
+    def finished?
+      @finished
+    end
+
+    def can_cancel?
+      @can_cancel
+    end
+
+    def poll(_input)
+      @poll_calls += 1
+
+      if @progress[:current]
+        @progress = @progress.merge(current: @progress[:current] + 1)
+      end
+
+      @updated_at = Time.utc(2020, 1, 1, 0, 0, @poll_calls)
+      self
+    end
+
+    def cancel
+      @cancel_ret
+    end
+  end
+
+  module Backend
+    class << self
+      attr_reader :states, :list_calls, :new_calls
+
+      def reset!
+        @states = {}
+        @list_calls = []
+        @new_calls = []
+      end
+
+      def add_state(state)
+        @states[state.id] = state
+      end
+
+      def list_pending(user, from_id, limit, order)
+        @list_calls << {
+          user: user,
+          from_id: from_id,
+          limit: limit,
+          order: order
+        }
+        @states.values
+      end
+
+      def new(user, id:)
+        @new_calls << { user: user, id: id.to_i }
+        @states[id.to_i] || State.new(id: id.to_i, valid: false)
+      end
+    end
+  end
+end
+
+describe HaveAPI::Resources::ActionState do
+  def get_action(path, params = nil)
+    if params
+      get path, params, input: ''
+    else
+      get path, {}, input: ''
+    end
+  end
+
+  context 'without action_state backend' do
+    empty_api
+    use_version 1
+    default_version 1
+
+    it 'is not mounted without action_state backend' do
+      header 'Accept', 'application/json'
+      get_action '/v1/action_states'
+
+      expect(last_response.status).to eq(404)
+      expect(api_response).not_to be_ok
+      expect(api_response.message).to eq('Action not found')
+    end
+  end
+
+  context 'with action_state backend' do
+    empty_api
+    use_version 1
+    default_version 1
+    action_state ActionStateSpec::Backend
+
+    before do
+      ActionStateSpec::Backend.reset!
+      header 'Accept', 'application/json'
+    end
+
+    it 'lists pending states and passes paging options' do
+      ActionStateSpec::Backend.add_state(ActionStateSpec::State.new(id: 1))
+      ActionStateSpec::Backend.add_state(ActionStateSpec::State.new(id: 2))
+
+      get_action '/v1/action_states', action_state: { from_id: 10, limit: 2, order: 'oldest' }
+
+      expect(last_response.status).to eq(200)
+      expect(api_response).to be_ok
+
+      states = api_response[:action_states]
+      expect(states).to be_a(Array)
+      expect(states.size).to eq(2)
+
+      states.each do |state|
+        expect(state.keys).to contain_exactly(
+          :id, :label, :status, :finished, :current, :total, :unit,
+          :can_cancel, :created_at, :updated_at
+        )
+        expect(state[:created_at]).to eq(ActionStateSpec::FIXED_TIME.iso8601)
+        expect(state[:updated_at]).to eq(ActionStateSpec::FIXED_TIME.iso8601)
+      end
+
+      call = ActionStateSpec::Backend.list_calls.last
+      expect(call[:user]).to be_nil
+      expect(call[:from_id]).to eq(10)
+      expect(call[:limit]).to eq(2)
+      expect(call[:order]).to eq(:oldest)
+    end
+
+    it 'defaults order to newest' do
+      ActionStateSpec::Backend.add_state(ActionStateSpec::State.new(id: 1))
+
+      get_action '/v1/action_states'
+
+      expect(ActionStateSpec::Backend.list_calls.last[:order]).to eq(:newest)
+    end
+
+    it 'shows state when valid' do
+      ActionStateSpec::Backend.add_state(
+        ActionStateSpec::State.new(id: 1, progress: {}, can_cancel: true)
+      )
+
+      get_action '/v1/action_states/1'
+
+      expect(api_response).to be_ok
+      state = api_response[:action_state]
+      expect(state[:id]).to eq(1)
+      expect(state[:current]).to eq(0)
+      expect(state[:total]).to eq(0)
+      expect(state[:unit]).to be_nil
+      expect(state[:can_cancel]).to be(true)
+    end
+
+    it 'returns error when state invalid' do
+      get_action '/v1/action_states/999'
+
+      expect(api_response).not_to be_ok
+      expect(api_response.message).to eq('action state not found')
+    end
+
+    it 'poll returns immediately if finished' do
+      state = ActionStateSpec::State.new(
+        id: 1,
+        finished: true,
+        progress: { current: 5, total: 10, unit: 'items' }
+      )
+      ActionStateSpec::Backend.add_state(state)
+
+      get_action '/v1/action_states/1/poll', action_state: { timeout: 5 }
+
+      expect(api_response).to be_ok
+      ret = api_response[:action_state]
+      expect(ret[:finished]).to be(true)
+      expect(ret[:current]).to eq(5)
+      expect(ret[:total]).to eq(10)
+      expect(ret[:unit]).to eq('items')
+      expect(state.poll_calls).to eq(0)
+    end
+
+    it 'poll returns immediately on timeout without polling' do
+      state = ActionStateSpec::State.new(
+        id: 1,
+        finished: false,
+        progress: { current: 0, total: 10 }
+      )
+      ActionStateSpec::Backend.add_state(state)
+
+      get_action '/v1/action_states/1/poll', action_state: { timeout: 0 }
+
+      expect(api_response).to be_ok
+      expect(state.poll_calls).to eq(0)
+    end
+
+    it 'poll returns immediately when update_in check mismatches' do
+      state = ActionStateSpec::State.new(
+        id: 1,
+        status: true,
+        progress: { current: 1, total: 10 }
+      )
+      ActionStateSpec::Backend.add_state(state)
+
+      get_action '/v1/action_states/1/poll', action_state: {
+        timeout: 10,
+        update_in: 5,
+        status: false,
+        current: 999,
+        total: 10
+      }
+
+      expect(api_response).to be_ok
+      ret = api_response[:action_state]
+      expect(ret[:status]).to be(true)
+      expect(ret[:current]).to eq(1)
+      expect(ret[:total]).to eq(10)
+      expect(state.poll_calls).to eq(0)
+    end
+
+    it 'poll uses state.poll when available' do
+      state = ActionStateSpec::State.new(
+        id: 1,
+        finished: false,
+        progress: { current: 0, total: 10 }
+      )
+      ActionStateSpec::Backend.add_state(state)
+
+      get_action '/v1/action_states/1/poll', action_state: { timeout: 10 }
+
+      expect(api_response).to be_ok
+      ret = api_response[:action_state]
+      expect(state.poll_calls).to eq(1)
+      expect(ret[:current]).to eq(1)
+    end
+
+    it 'poll returns error when state invalid' do
+      get_action '/v1/action_states/999/poll', action_state: { timeout: 0 }
+
+      expect(api_response).not_to be_ok
+      expect(api_response.message).to eq('action state not found')
+    end
+
+    it 'cancel returns ok for true' do
+      ActionStateSpec::Backend.add_state(ActionStateSpec::State.new(id: 1, cancel_ret: true))
+
+      call_api(:post, '/v1/action_states/1/cancel', {})
+
+      expect(api_response).to be_ok
+      expect(api_response.response[:_meta]).to be_a(Hash)
+      expect(api_response.response[:_meta]).to have_key(:action_state_id)
+      expect(api_response[:action_state]).to eq({})
+    end
+
+    it 'cancel returns action_state_id for numeric return' do
+      ActionStateSpec::Backend.add_state(ActionStateSpec::State.new(id: 1, cancel_ret: 123))
+
+      call_api(:post, '/v1/action_states/1/cancel', {})
+
+      expect(api_response).to be_ok
+      expect(api_response.response[:_meta][:action_state_id]).to eq(123)
+    end
+
+    it 'cancel returns error for false' do
+      ActionStateSpec::Backend.add_state(ActionStateSpec::State.new(id: 1, cancel_ret: false))
+
+      call_api(:post, '/v1/action_states/1/cancel', {})
+
+      expect(api_response).not_to be_ok
+      expect(api_response.message).to eq('cancellation failed')
+    end
+
+    it 'cancel returns error for NotImplementedError' do
+      state = ActionStateSpec::State.new(id: 1)
+      def state.cancel
+        raise NotImplementedError, 'not supported'
+      end
+      ActionStateSpec::Backend.add_state(state)
+
+      call_api(:post, '/v1/action_states/1/cancel', {})
+
+      expect(api_response).not_to be_ok
+      expect(api_response.message).to eq('not supported')
+    end
+  end
+end

data/spec/authentication/basic_spec.rb

@@ -0,0 +1,108 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+module AuthSpecBasic
+  User = Struct.new(:id, :login)
+
+  class Provider < HaveAPI::Authentication::Basic::Provider
+    protected
+
+    def find_user(_request, username, password)
+      return User.new(1, username) if username == 'user' && password == 'pass'
+      return nil unless username == 'error'
+
+      # Exercise the rescue path in Basic::Provider#authenticate
+      raise HaveAPI::AuthenticationError, 'backend failed'
+    end
+  end
+end
+
+describe HaveAPI::Authentication::Basic::Provider do
+  api do
+    define_resource(:Secure) do
+      version 1
+      desc 'Secured resource'
+
+      define_action(:Ping) do
+        route 'ping'
+        http_method :post
+        auth true
+
+        input(:hash) do
+          # accept empty JSON body
+        end
+
+        output(:hash) do
+          integer :user_id
+          string :login
+        end
+
+        authorize { allow }
+
+        def exec
+          {
+            user_id: current_user.id,
+            login: current_user.login
+          }
+        end
+      end
+    end
+  end
+
+  default_version 1
+  auth_chain AuthSpecBasic::Provider
+
+  let(:seen_users) { [] }
+  let(:api_instance) do
+    app
+    instance_variable_get(:@api)
+  end
+
+  before do
+    api_instance.connect_hook(:post_authenticated) do |ret, current_user|
+      seen_users << current_user
+      ret
+    end
+  end
+
+  it 'returns 401 without credentials' do
+    call_api(:post, '/v1/secures/ping', {})
+
+    expect(last_response.status).to eq(401)
+    expect(last_response.headers['www-authenticate']).to include('Basic realm=')
+
+    expect(api_response).to be_failed
+    expect(api_response.message).to include('authenticate')
+    expect(seen_users.last).to be_nil
+  end
+
+  it 'returns 401 with wrong credentials' do
+    login('user', 'wrong')
+    call_api(:post, '/v1/secures/ping', {})
+
+    expect(last_response.status).to eq(401)
+    expect(api_response).to be_failed
+    expect(seen_users.last).to be_nil
+  end
+
+  it 'authenticates with correct credentials' do
+    login('user', 'pass')
+    call_api(:post, '/v1/secures/ping', {})
+
+    expect(last_response.status).to eq(200)
+    expect(api_response).to be_ok
+    expect(api_response[:secure][:user_id]).to eq(1)
+    expect(api_response[:secure][:login]).to eq('user')
+    expect(seen_users.last).to be_a(AuthSpecBasic::User)
+  end
+
+  it 'handles AuthenticationError raised by backend' do
+    login('error', 'pass')
+    call_api(:post, '/v1/secures/ping', {})
+
+    expect(last_response.status).to eq(401)
+    expect(api_response).to be_failed
+    expect(seen_users.last).to be_nil
+  end
+end