virtuatable 0.5.0 → 3.2.3

data/lib/virtuatable/specs/factories/applications.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module Virtuatable
+  module Specs
+    module Factories
+      # Factories concerning applications used in shared examples
+      # @author Vincent Courtois <courtois.vincent@outlook.com>
+      module Applications
+        extend ActiveSupport::Concern
+
+        included do
+          declare_loader :applications_factory, priority: 5
+        end
+
+        # rubocop:disable Metrics/MethodLength
+        def load_applications_factory!
+          # This avoids multiple re-declarations by setting a flag.
+          return if self.class.class_variable_defined?(:@@apps_declared)
+
+          FactoryBot.define do
+            factory :vt_empty_application, class: Arkaan::OAuth::Application do
+              # This factory creates an application with random value, useful
+              # to make simple requests on any route as all routes require
+              # the use of a valid application to be correctly called.
+              factory :random_application do
+                name { Faker::Alphanumeric.unique.alphanumeric(number: 16) }
+                app_key { BSON::ObjectId.new }
+                creator { association(:random_administrator) }
+                premium { false }
+
+                # This factory creates a premium application, mainly used for
+                # registration and authentication purpose.
+                factory :random_premium_app do
+                  premium { true }
+                end
+              end
+            end
+          end
+
+          # rubocop:disable Style/ClassVars
+          @@apps_declared = true
+          # rubocop:enable Style/ClassVars
+        end
+        # rubocop:enable Metrics/MethodLength
+      end
+    end
+  end
+end

data/lib/virtuatable/specs/factories/groups.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+module Virtuatable
+  module Specs
+    module Factories
+      # Factories concerning groups used in shared examples
+      # @author Vincent Courtois <courtois.vincent@outlook.com>
+      module Groups
+        extend ActiveSupport::Concern
+
+        included do
+          declare_loader :groups_factory, priority: 5
+        end
+
+        # rubocop:disable Metrics/MethodLength
+        def load_groups_factory!
+          # This avoids multiple re-declarations by setting a flag.
+          return if self.class.class_variable_defined?(:@@groups_declared)
+
+          FactoryBot.define do
+            factory :vt_empty_group, class: Arkaan::Permissions::Group do
+              # This creates a random group with access to zero routes. This group
+              # won't give the users it's associated to ANY access rights.
+              factory :random_group do
+                slug do
+                  Faker::Alphanumeric.alphanumeric(
+                    number: 16,
+                    min_alpha: 16
+                  )
+                end
+                is_default { false }
+                is_superuser { false }
+                # We do NOT set the is_superuser flag to true as this factory is made to
+                # test permissions when the route is in the list of accessible routes.
+                factory :random_admin_group do
+                  routes { Virtuatable::Application.instance.builder.service.routes.to_a }
+                end
+              end
+            end
+          end
+
+          # rubocop:disable Style/ClassVars
+          @@groups_declared = true
+          # rubocop:enable Style/ClassVars
+        end
+        # rubocop:enable Metrics/MethodLength
+      end
+    end
+  end
+end

data/lib/virtuatable/specs/factories/sessions.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Virtuatable
+  module Specs
+    module Factories
+      # This module creates the factories concerning accounts, with or
+      # without rights, and with random values for each field.
+      # @author Vincent Courtois <courtois.vincent@outlook.com>
+      module Sessions
+        extend ActiveSupport::Concern
+
+        included do
+          declare_loader :sessions_factory, priority: 5
+        end
+
+        def load_sessions_factory!
+          # This avoids multiple re-declarations by setting a flag.
+          return if self.class.class_variable_defined?(:@@sessions_declared)
+
+          FactoryBot.define do
+            factory :vt_empty_session, class: Arkaan::Authentication::Session do
+              # Creates a random account with no particular right. This
+              # is useful to see when a user is NOT authorized to access
+              # a resource. Add groups to access resources.
+              factory :random_session do
+                session_id { BSON::ObjectId.new }
+              end
+            end
+          end
+
+          # rubocop:disable Style/ClassVars
+          @@sessions_declared = true
+          # rubocop:enable Style/ClassVars
+        end
+      end
+    end
+  end
+end

data/lib/virtuatable/specs/factories.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Virtuatable
+  module Specs
+    # This module holds standard factories you can use in services to
+    # easily create new elements.
+    # @author Vincent Courtois <courtois.vincent@outlook.com
+    module Factories
+      autoload :Accounts, 'virtuatable/specs/factories/accounts'
+      autoload :Applications, 'virtuatable/specs/factories/applications'
+      autoload :Groups, 'virtuatable/specs/factories/groups'
+      autoload :Sessions, 'virtuatable/specs/factories/sessions'
+    end
+  end
+end

data/lib/virtuatable/specs/shared/controllers.rb

@@ -0,0 +1,195 @@
+# frozen_string_literal: true
+
+module Virtuatable
+  module Specs
+    module Shared
+      # This module loads the shared examples about a controller and/or a route.
+      # These examples can be included to ensure the basic behaviours for a route
+      # are implemented in each micro-service, without the hassle of rewriting it.
+      #
+      # @author Vincent Courtois <courtois.vincent@outlook.com>
+      # rubocop:disable Metrics/ModuleLength
+      module Controllers
+        extend ActiveSupport::Concern
+
+        @declared = false
+
+        included do
+          declare_loader :controller_specs, priority: 6
+        end
+
+        # This method is automatically called when loading the application with
+        # the load_test! method in the builder.
+        # rubocop:disable Metrics/AbcSize
+        # rubocop:disable Metrics/MethodLength
+        def load_controller_specs!
+          # This avoids multiple re-declarations by setting a flag.
+          return if self.class.class_variable_defined?(:@@controllers_declared)
+
+          service = Virtuatable::Application.instance.builder.service
+
+          # Shared examples for a standard route of the application.
+          # These examples are configurable with a configuration hash given as
+          # third parameters, available configuration keys are :
+          # - :premium to know if the route is only accessible to premium apps
+          # - :authenticated to know if the route needs authentication or not
+          # rubocop:disable Metrics/BlockLength
+          RSpec.shared_examples 'a route' do |verb, path|
+            # These two variables are NOT declared in let! blocks so that we're able
+            # to use them as traditional Ruby variable in if: options of describe blocks.
+            service = Virtuatable::Application.instance.builder.service
+            route = service.routes.find_by(verb: verb, path: path)
+
+            let!(:verb) { route.verb }
+            let!(:path) { route.path }
+
+            # This user has no right to access anything because he has no group.
+            let!(:account) { create(:random_account) }
+            # A standard application to be able to make basic requests.
+            let!(:application) { create(:random_premium_app, premium: route.premium) }
+
+            # Tests written for each and every route
+            describe 'Standard routes behaviours' do
+              # Error scenario :
+              # - The user makes a request on the API without giving an application key
+              # - The API fails and returns an error code
+              describe 'The Application key is not given' do
+                before do
+                  public_send verb, path
+                end
+                it 'Returns a 400 (Bad Request) status code' do
+                  expect(last_response.status).to be 400
+                end
+                it 'Returns the correct body' do
+                  expect(last_response.body).to include_json(
+                    status: 400,
+                    field: 'app_key',
+                    error: 'required'
+                  )
+                end
+              end
+
+              # Error scenario :
+              # - The user makes a request on the API and gives an unknown application key
+              # - The API fails and returns an error code
+              describe 'The application key is unknown' do
+                before do
+                  public_send verb, path, { app_key: BSON::ObjectId.new }
+                end
+                it 'Returns a 404 (Not Found) status code' do
+                  expect(last_response.status).to be 404
+                end
+                it 'Returns the correct body' do
+                  expect(last_response.body).to include_json(
+                    status: 404,
+                    field: 'app_key',
+                    error: 'unknown'
+                  )
+                end
+              end
+            end
+
+            describe 'Authenticated route behaviours', if: route.authenticated do
+              let!(:session) { create(:random_session, account: account) }
+
+              # Error scenario :
+              # - The user request an authenticated route without providing a session ID
+              # - The API fails and return an error code
+              describe 'The session ID is not given' do
+                before do
+                  public_send verb, path, { app_key: application.app_key }
+                end
+                it 'Returns a 400 (Bad Request) status code' do
+                  expect(last_response.status).to be 400
+                end
+                it 'Returns the correct body' do
+                  expect(last_response.body).to include_json(
+                    status: 400,
+                    field: 'session_id',
+                    error: 'required'
+                  )
+                end
+              end
+
+              # Error scenario :
+              # - The user request an authenticated route with an unknown session ID
+              # - The API fails and return an error code
+              describe 'The session ID is unknown' do
+                before do
+                  public_send verb, path, {
+                    app_key: application.app_key,
+                    session_id: BSON::ObjectId.new
+                  }
+                end
+                it 'Returns a 404 (Not Found) status code' do
+                  expect(last_response.status).to be 404
+                end
+                it 'Returns the correct body' do
+                  expect(last_response.body).to include_json(
+                    status: 404,
+                    field: 'session_id',
+                    error: 'unknown'
+                  )
+                end
+              end
+
+              # Error scenario :
+              # - The user request an authenticated route with a valid session ID
+              # - The user has no right to access the route
+              # - The API fails and return an error code
+              describe 'The user has no right to access the resource' do
+                before do
+                  public_send verb, path, {
+                    app_key: application.app_key,
+                    session_id: session.session_id
+                  }
+                end
+                it 'Returns a 403 (Forbidden) status code' do
+                  expect(last_response.status).to be 403
+                end
+                it 'Returns the correct body' do
+                  expect(last_response.body).to include_json(
+                    status: 403,
+                    field: 'session_id',
+                    error: 'forbidden'
+                  )
+                end
+              end
+            end
+
+            # Error scenario :
+            # - A user tries to make a request on a premium route with an non-premium app
+            # - The API fails and return an error code
+            describe 'A non-premium application accesses a premium route', if: route.premium do
+              let!(:forbidden_app) { create(:random_application) }
+
+              before do
+                public_send verb, path, {
+                  app_key: forbidden_app.app_key
+                }
+              end
+              it 'Returns a 403 (Forbidden) status code' do
+                expect(last_response.status).to be 403
+              end
+              it 'Returns the correct body' do
+                expect(last_response.body).to include_json(
+                  status: 403,
+                  field: 'app_key',
+                  error: 'forbidden'
+                )
+              end
+            end
+          end
+          # rubocop:enable Metrics/BlockLength
+
+          # rubocop:disable Style/ClassVars
+          @@controllers_declared = true
+          # rubocop:enable Style/ClassVars
+        end
+        # rubocop:enable Metrics/MethodLength
+        # rubocop:enable Metrics/AbcSize
+      end
+      # rubocop:enable Metrics/ModuleLength
+    end
+  end
+end

data/lib/virtuatable/specs/shared.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Virtuatable
+  module Specs
+    # This module holds the shared examples used in services to automate tests.
+    # @author Vincent Courtois <courtois.vincent@outlook.com
+    module Shared
+      autoload :Controllers, 'virtuatable/specs/shared/controllers'
+    end
+  end
+end

data/lib/virtuatable/specs.rb

@@ -1,92 +1,11 @@
 # frozen_string_literal: true
 
 module Virtuatable
-  # This module holds all the logic for the specs tools for all micro services (shared examples and other things).
+  # This module holds declarations for shared examples and factories used
+  # in service, in particular to test the standard behaviour of a route.
   # @author Vincent Courtois <courtois.vincent@outlook.com>
   module Specs
-
-    @@declared = false
-
-    # Includes all the shared examples you could need, describing the basic behaviour of a route.
-    def self.include_shared_examples
-      if !@@declared
-        RSpec.shared_examples 'a route' do |_verb, _path|
-          let(:verb) { _verb }
-          let(:path) { _path }
-
-          def do_request(parameters)
-            public_send verb.to_sym, path, parameters
-          end
-
-          describe 'common errors' do
-            describe 'bad request errors' do
-              describe 'no token error' do
-                before do
-                  do_request(app_key: 'test_key')
-                end
-                it 'Raises a bad request (400) error when the parameters don\'t contain the token of the gateway' do
-                  expect(last_response.status).to be 400
-                end
-                it 'returns the correct response if the parameters do not contain a gateway token' do
-                  expect(last_response.body).to include_json(
-                    status: 400,
-                    field: 'token',
-                    error: 'required'
-                  )
-                end
-              end
-              describe 'no application key error' do
-                before do
-                  do_request({token: 'test_token'})
-                end
-                it 'Raises a bad request (400) error when the parameters don\'t contain the application key' do
-                  expect(last_response.status).to be 400
-                end
-                it 'returns the correct response if the parameters do not contain a gateway token' do
-                  expect(last_response.body).to include_json(
-                    status: 400,
-                    field: 'app_key',
-                    error: 'required'
-                  )
-                end
-              end
-            end
-            describe 'not_found errors' do
-              describe 'application not found' do
-                before do
-                  do_request({token: 'test_token', app_key: 'another_key'})
-                end
-                it 'Raises a not found (404) error when the key doesn\'t belong to any application' do
-                  expect(last_response.status).to be 404
-                end
-                it 'returns the correct response if the parameters do not contain a gateway token' do
-                  expect(last_response.body).to include_json(
-                    status: 404,
-                    field: 'app_key',
-                    error: 'unknown'
-                  )
-                end
-              end
-              describe 'gateway not found' do
-                before do
-                  do_request({token: 'other_token', app_key: 'test_key'})
-                end
-                it 'Raises a not found (404) error when the gateway does\'nt exist' do
-                  expect(last_response.status).to be 404
-                end
-                it 'returns the correct body when the gateway doesn\'t exist' do
-                  expect(last_response.body).to include_json(
-                    status: 404,
-                    field: 'token',
-                    error: 'unknown'
-                  )
-                end
-              end
-            end
-          end
-        end
-        @@declared = true
-      end
-    end
+    autoload :Factories, 'virtuatable/specs/factories'
+    autoload :Shared, 'virtuatable/specs/shared'
   end
 end

data/lib/virtuatable.rb

@@ -1,5 +1,8 @@
 # frozen_string_literal: true
 
+require 'require_all'
+require 'arkaan'
+
 # Main module of the application, containing each other one.
 # @author Vincent Courtois <courtois.vincent@outlook.com>
 module Virtuatable
@@ -7,6 +10,7 @@ module Virtuatable
   autoload :Application, 'virtuatable/application'
   autoload :Builders, 'virtuatable/builders'
   autoload :Controllers, 'virtuatable/controllers'
+  autoload :Enhancers, 'virtuatable/enhancers'
   autoload :Helpers, 'virtuatable/helpers'
   autoload :Loader, 'virtuatable/application'
   autoload :Specs, 'virtuatable/specs'