rails_api_auth 0.0.2 → 0.0.3

data/spec/factories/accounts.rb

@@ -0,0 +1,6 @@
+FactoryGirl.define do
+  factory :account do
+    first_name { Faker::Name.first_name }
+    last_name  { Faker::Name.last_name }
+  end
+end

data/spec/factories/logins.rb

@@ -1,7 +1,7 @@
 FactoryGirl.define do
   factory :login do
-    email    { Faker::Internet.email }
-    password { Faker::Lorem.word }
+    identification { Faker::Internet.email }
+    password       { Faker::Lorem.word }
 
     trait :facebook do
       facebook_uid { Faker::Number.number }

data/spec/models/login_spec.rb

@@ -1,24 +1,24 @@
-require 'spec_helper'
-
 describe Login do
-  it { is_expected.to validate_presence_of(:email) }
-  it { is_expected.to allow_value('test@example.com').for(:email) }
-  it { is_expected.to_not allow_value('test_example.com').for(:email) }
+  it 'belongs to the configured user model' do
+    expect(subject).to belong_to(:account).with_foreign_key(:user_id)
+  end
+
+  it { is_expected.to validate_presence_of(:identification) }
 
   it 'validates presence of either password or Facebook UID' do
-    login = described_class.new(email: 'test@example.com', oauth2_token: 'token')
+    login = described_class.new(identification: 'test@example.com', oauth2_token: 'token')
 
     expect(login).to_not be_valid
   end
 
   it "doesn't validate presence of password when Facebook UID is present" do
-    login = described_class.new(email: 'test@example.com', oauth2_token: 'token', facebook_uid: '123')
+    login = described_class.new(identification: 'test@example.com', oauth2_token: 'token', facebook_uid: '123')
 
     expect(login).to be_valid
   end
 
   it "doesn't validate presence of Facebook UID  when password is present" do
-    login = described_class.new(email: 'test@example.com', oauth2_token: 'token', password: '123')
+    login = described_class.new(identification: 'test@example.com', oauth2_token: 'token', password: '123')
 
     expect(login).to be_valid
   end
@@ -61,8 +61,8 @@ describe Login do
     end
 
     context 'when the supplied token is invalid' do
-      it 'raises an InvalidSingleUseOAuth2Token' do
-        expect { subject.consume_single_use_oauth2_token!('invalid token') }.to raise_error(Login::InvalidSingleUseOAuth2Token)
+      it 'raises an InvalidOAuth2Token' do
+        expect { subject.consume_single_use_oauth2_token!('invalid token') }.to raise_error(Login::InvalidOAuth2Token)
       end
     end
   end

data/spec/requests/authenticated_spec.rb

@@ -1,47 +1,50 @@
-require 'spec_helper'
-
-describe 'Authenticated route' do
-  let!(:login) { create(:login) }
-  let(:headers) do
-    {
-      'Authorization': "Bearer #{login.oauth2_token}"
-    }
-  end
-
+describe 'an authenticated route' do
   subject { get '/authenticated', {}, headers }
 
-  it 'assigns login found to @current_login' do
-    subject
+  let(:headers) { {} }
 
-    assigns[:current_login] = login
-  end
+  context 'when a valid Bearer token is present' do
+    let(:login) { create(:login) }
+    let(:headers) do
+      { 'Authorization' => "Bearer #{login.oauth2_token}" }
+    end
 
-  it '200' do
-    subject
+    it 'assigns the authenticated login to @current_login' do
+      subject
 
-    expect(response.status).to eq 200
-  end
+      expect(assigns[:current_login]).to eq(login)
+    end
 
-  it 'lets the action get rendered' do
-    subject
+    it "responds with the actual action's status" do
+      subject
 
-    expect(response.body).to eql 'zuper content'
+      expect(response).to have_http_status(201)
+    end
+
+    it "responds with the actual action's body" do
+      subject
+
+      expect(response.body).to eql('zuper content')
+    end
   end
 
-  context 'no token' do
+  context 'when no valid Bearer token is present' do
+    it 'does not assign the authenticated login to @current_login' do
+      subject
 
-    subject { get '/authenticated' }
+      expect(assigns[:current_login]).to be_nil
+    end
 
-    it '401' do
+    it 'responds with status 401' do
       subject
 
-      expect(response.status).to eq 401
+      expect(response).to have_http_status(401)
     end
 
     it 'responds with an empty body' do
       subject
 
-      expect(response.body).to be_empty
+      expect(response.body.strip).to be_empty
     end
   end
 end

data/spec/requests/custom_authenticated_spec.rb

@@ -0,0 +1,45 @@
+describe 'a custom authenticated route' do
+  subject { get '/custom-authenticated', {}, headers }
+
+  let(:account) { create(:account) }
+  let(:login)   { create(:login, account: account) }
+  let(:headers) do
+    { 'Authorization' => "Bearer #{login.oauth2_token}" }
+  end
+
+  context 'when the block returns true' do
+    let(:account) { create(:account, first_name: 'user x') }
+
+    it 'assigns the authenticated login to @current_login' do
+      subject
+
+      expect(assigns[:current_login]).to eq(login)
+    end
+
+    it "responds with the actual action's status" do
+      subject
+
+      expect(response).to have_http_status(201)
+    end
+
+    it "responds with the actual action's body" do
+      subject
+
+      expect(response.body).to eql('zuper content')
+    end
+  end
+
+  context 'when the block returns false' do
+    it 'responds with status 401' do
+      subject
+
+      expect(response).to have_http_status(401)
+    end
+
+    it 'responds with an empty body' do
+      subject
+
+      expect(response.body.strip).to be_empty
+    end
+  end
+end

data/spec/requests/oauth2_spec.rb

@@ -1,17 +1,14 @@
-require 'spec_helper'
-
 describe 'Oauth2 API' do
-
   let!(:login) { create(:login) }
 
   describe 'POST /token' do
-    let(:params) { { grant_type: 'password', username: login.email, password: login.password } }
+    let(:params) { { grant_type: 'password', username: login.identification, password: login.password } }
 
     subject { post '/token', params }
 
     context 'for grant_type "password"' do
       context 'with valid login credentials' do
-        it 'succeeds' do
+        it 'responds with status 200' do
           subject
 
           expect(response).to have_http_status(200)
@@ -25,7 +22,7 @@ describe 'Oauth2 API' do
       end
 
       context 'with invalid login credentials' do
-        let(:params) { { grant_type: 'password', username: 'bad@email.com', password: 'badpassword' } }
+        let(:params) { { grant_type: 'password', username: login.identification, password: 'badpassword' } }
 
         it 'responds with status 400' do
           subject
@@ -43,62 +40,62 @@ describe 'Oauth2 API' do
 
     context 'for grant_type "facebook_auth_code"' do
       let(:secret)                { described_class::FB_APP_SECRET }
-      let(:params)                { { grant_type: 'facebook_auth_code', auth_code: 'fb auth code' } }
-      let(:facebook_email)        { login.email }
-      let(:facebook_data)   do
+      let(:params)                { { grant_type: 'facebook_auth_code', auth_code: 'authcode' } }
+      let(:facebook_email)        { login.identification }
+      let(:facebook_data) do
         {
-          id:         '1238190321',
-          email:      facebook_email
+          id:    '1238190321',
+          email: facebook_email
         }
       end
 
       before do
-        stub_request(:get, %r{https://graph.facebook.com/v2.3/oauth/access_token}).to_return(body: '{ "access_token": "access_token" }')
-        stub_request(:get, %r{https://graph.facebook.com/v2.3/me}).to_return(body: JSON.generate(facebook_data), headers: { 'Content-Type' => 'application/json' })
+        stub_request(:get, 'https://graph.facebook.com/oauth/access_token?client_id=app_id&client_secret=app_secret&code=authcode&redirect_uri=redirect_uri').to_return({ body: '{ "access_token": "access_token" }' })
+        stub_request(:get, 'https://graph.facebook.com/me?access_token=access_token').to_return({ body: JSON.generate(facebook_data), headers: { 'Content-Type' => 'application/json' } })
       end
 
-      context 'when a login with the posted Facebook email exists' do
+      context 'when a login with for the Facebook account exists' do
         it 'connects the login to the Facebook account' do
           subject
 
           expect(login.reload.facebook_uid).to eq(facebook_data[:id])
         end
 
-        it 'succeeds' do
+        it 'responds with status 200' do
           subject
 
           expect(response).to have_http_status(200)
         end
 
-        it 'responds with an oauth2 token' do
+        it "responds with the login's OAuth 2.0 token" do
           subject
 
           expect(response.body).to be_json_eql({ access_token: login.oauth2_token }.to_json)
         end
       end
 
-      context 'when no login with the posted Facebook email exists' do
+      context 'when no login for the Facebook account exists' do
         let(:facebook_email) { Faker::Internet.email }
 
-        it 'succeeds' do
+        it 'responds with status 200' do
           subject
 
           expect(response).to have_http_status(200)
         end
 
-        it 'creates a login with it' do
-          expect { subject }.to change { Login.where(email: facebook_email).count }.by(1)
+        it 'creates a login for the Facebook account' do
+          expect { subject }.to change { Login.where(identification: facebook_email).count }.by(1)
         end
 
-        it 'responds with an oauth2 token' do
+        it "responds with the login's OAuth 2.0 token" do
           subject
-          login = Login.find_by(email: facebook_email)
+          login = Login.where(identification: facebook_email).first
 
           expect(response.body).to be_json_eql({ access_token: login.oauth2_token }.to_json)
         end
       end
 
-      context 'when no facebook code is sent' do
+      context 'when no Facebook auth code is sent' do
         let(:params) { { grant_type: 'facebook_auth_code' } }
 
         it 'responds with status 400' do
@@ -107,7 +104,7 @@ describe 'Oauth2 API' do
           expect(response).to have_http_status(400)
         end
 
-        it 'responds with a no authorization code error' do
+        it 'responds with a "no_authorization_code" error' do
           subject
 
           expect(response.body).to be_json_eql({ error: 'no_authorization_code' }.to_json)
@@ -116,19 +113,19 @@ describe 'Oauth2 API' do
 
       context 'when Facebook responds with an error' do
         before do
-          stub_request(:get, %r{https://graph.facebook.com/v2.3/oauth/access_token}).to_return(status: 422)
+          stub_request(:get, 'https://graph.facebook.com/me?access_token=access_token').to_return(status: 422)
         end
 
-        it 'responds with status 500' do
+        it 'responds with status 502' do
           subject
 
-          expect(response).to have_http_status(500)
+          expect(response).to have_http_status(502)
         end
 
         it 'responds with an empty response body' do
           subject
 
-          expect(response.body).to eql('')
+          expect(response.body.strip).to eql('')
         end
       end
     end
@@ -142,7 +139,7 @@ describe 'Oauth2 API' do
         expect(response).to have_http_status(400)
       end
 
-      it 'responds with an invalid grant error' do
+      it 'responds with an "unsupported_grant_type" error' do
         subject
 
         expect(response.body).to be_json_eql({ error: 'unsupported_grant_type' }.to_json)
@@ -155,29 +152,28 @@ describe 'Oauth2 API' do
 
     subject { post '/revoke', params }
 
-    it 'succeeds' do
+    it 'responds with status 200' do
       subject
 
       expect(response).to have_http_status(200)
     end
 
-    it 'resets login token' do
+    it "resets the login's OAuth 2.0 token" do
       expect { subject }.to change { login.reload.oauth2_token }
 
       subject
     end
 
-    context 'for an unknown (or stale) token' do
+    context 'for an invalid token' do
       let(:params) { { token_type_hint: 'access_token', token: 'badtoken' } }
 
-      it 'succeeds' do
+      it 'responds with status 200' do
         subject
 
         expect(response).to have_http_status(200)
       end
 
       it "doesn't reset any logins' token" do
-
         expect_any_instance_of(LoginNotFound).to receive(:refresh_oauth2_token!)
 
         subject

data/spec/services/facebook_authenticator_spec.rb

@@ -1,50 +1,48 @@
-require 'spec_helper'
-
 describe FacebookAuthenticator do
-  describe '#authenticate' do
+  describe '#authenticate!' do
     let(:auth_code) { 'authcode' }
     let(:email)     { 'email@facebook.com' }
     let(:facebook_data) do
       {
-        id:         '1238190321',
-        email:      email
+        id:    '1238190321',
+        email: email
       }
     end
     let(:response_with_fb_token) { { body: '{ "access_token": "access_token" }' } }
     let(:response_with_fb_user)  { { body: JSON.generate(facebook_data), headers: { 'Content-Type' => 'application/json' } } }
     let(:login)                  { double('login') }
 
-    subject { described_class.new(auth_code).authenticate }
+    subject { described_class.new(auth_code).authenticate! }
 
     before do
-      stub_request(:get, %r{https://graph.facebook.com/v2.3/oauth/access_token}).to_return(response_with_fb_token)
-      stub_request(:get, %r{https://graph.facebook.com/v2.3/me}).to_return(response_with_fb_user)
+      stub_request(:get, 'https://graph.facebook.com/oauth/access_token?client_id=app_id&client_secret=app_secret&code=authcode&redirect_uri=redirect_uri').to_return({ body: '{ "access_token": "access_token" }' })
+      stub_request(:get, 'https://graph.facebook.com/me?access_token=access_token').to_return(response_with_fb_user)
     end
 
-    context 'new login' do
+    context 'when no login for the Facebook account exists' do
       let(:login_attributes) do
         {
-          email:        facebook_data[:email],
-          facebook_uid: facebook_data[:id]
+          identification: facebook_data[:email],
+          facebook_uid:   facebook_data[:id]
         }
       end
 
       before do
-        allow(Login).to receive(:create!).with(login_attributes).and_return login
+        allow(Login).to receive(:create!).with(login_attributes).and_return(login)
       end
 
-      it 'returns a login created from facebook account' do
-        expect(subject).to eql login
+      it 'returns a login created from the Facebook account' do
+        expect(subject).to eql(login)
       end
     end
 
-    context 'existing login' do
+    context 'when a login for the Facebook account exists already' do
       before do
-        expect(Login).to receive(:find_by).with(email: facebook_data[:email]).and_return login
+        expect(Login).to receive(:where).with(identification: facebook_data[:email]).and_return([login])
         allow(login).to receive(:update_attributes!).with(facebook_uid: facebook_data[:id])
       end
 
-      it 'connects login to facebook account' do
+      it 'connects the login to the Facebook account' do
         expect(login).to receive(:update_attributes!).with(facebook_uid: facebook_data[:id])
 
         subject

data/spec/spec_helper.rb

@@ -1,14 +1,21 @@
 ENV['RAILS_ENV'] ||= 'test'
 
-require File.expand_path('../dummy/config/environment.rb',  __FILE__)
+require 'simplecov'
+SimpleCov.start do ||
+  minimum_coverage 95
+  refuse_coverage_drop
+end
+
+require File.expand_path('../dummy/config/environment.rb', __FILE__)
 require 'rspec/rails'
-# require 'rspec/autorun'
 require 'factory_girl_rails'
 require 'faker'
 
 Rails.backtrace_cleaner.remove_silencers!
 
-Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
+%w(factories support).each do |path|
+  Dir["#{File.dirname(__FILE__)}/#{path}/**/*.rb"].each { |f| require f }
+end
 
 RSpec.configure do |config|
   config.mock_with :rspec