Skip to content

Commit

Permalink
Chore: Update authentication requirement for API GET requests (TheOdi…
Browse files Browse the repository at this point in the history
…nProject#3986)

<!-- Thank you for taking the time to contribute to The Odin Project. In
order to get this pull request (PR) merged in a reasonable amount of
time, you must complete this entire template. -->

## Because
<!-- Summarize the purpose or reasons for this PR, e.g. what problem it
solves or what benefit it provides. -->
Related to the issue in odin-bot-v2 issue of unauthenticated GET
requests: TheOdinProject/odin-bot-v2#175


## This PR
<!-- A bullet point list of one or more items describing the specific
changes. -->
Changes the controller to requrie autherization of API GET Requests

## Issue
<!--
If this PR closes an open issue in this repo, replace the XXXXX below
with the issue number, e.g. Closes TheOdinProject#2013.

If this PR closes an open issue in another TOP repo, replace the #XXXXX
with the URL of the issue, e.g. Closes
https://github.com/TheOdinProject/curriculum/issues/XXXXX

If this PR does not close, but is related to another issue or PR, you
can link it as above without the 'Closes' keyword, e.g. 'Related to
TheOdinProject#2013'.
-->
Closes #XXXXX

## Additional Information
<!-- Any other information about this PR, such as a link to a Discord
discussion. -->


## Pull Request Requirements
<!-- Replace the whitespace between the square brackets with an 'x',
e.g. [x]. After you create the PR, they will become checkboxes that you
can click on. -->
- [x] I have thoroughly read and understand [The Odin Project
Contributing
Guide](https://github.com/TheOdinProject/theodinproject/blob/main/CONTRIBUTING.md)
- [x] The title of this PR follows the `keyword: brief description of
change` format, using one of the following keywords:
  - `Feature` - adds new or amends existing user-facing behavior
- `Chore` - changes that have no user-facing value, refactors,
dependency bumps, etc
  - `Fix` - bug fixes
-   [ ] The `Because` section summarizes the reason for this PR
- [ ] The `This PR` section has a bullet point list describing the
changes in this PR
- [x] I have verified all tests and linters pass after making these
changes.
- [x] If this PR addresses an open issue, it is linked in the `Issue`
section
-   [ ] If applicable, this PR includes new or updated automated tests
  • Loading branch information
Mclilzee committed Aug 2, 2023
1 parent e257ca2 commit 48062d2
Showing 1 changed file with 67 additions and 20 deletions.
87 changes: 67 additions & 20 deletions spec/requests/api/points_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -2,42 +2,89 @@

RSpec.describe 'Static Pages' do
describe 'GET #index' do
it 'returns all points ordered by the highest amount' do
highest_points = create(:point, points: 6)
middle_points = create(:point, points: 5)
lowest_points = create(:point, points: 1)

get api_points_path
expect(JSON.parse(response.body)).to eq(
[highest_points, middle_points, lowest_points].map(&:as_json)
)
context 'when not authenticated' do
it 'returns 401 forbidden' do
get api_points_path

expect(response).to have_http_status(:unauthorized)
end
end

context 'when limit and offset params are provided' do
it 'returns the filtererd points ordered by highest' do
context 'when authenticated' do
around do |example|
ClimateControl.modify(
ODIN_BOT_ACCESS_TOKEN: 'ODIN_BOT_ACCESS_TOKEN'
) do
example.run
end
end

it 'returns all points ordered by the highest amount' do
highest_points = create(:point, points: 6)
middle_points = create(:point, points: 5)
lowest_points = create(:point, points: 1)

get(
api_points_path,
headers: { 'Authorization' => 'Token ODIN_BOT_ACCESS_TOKEN' }
)

expect(JSON.parse(response.body)).to eq(
[highest_points, middle_points, lowest_points].map(&:as_json)
)
end

it 'returns specified offset and limit to points' do
create(:point, points: 6)
create(:point, points: 1)
middle_points = create(:point, points: 5)

get api_points_path(offset: 1, limit: 1)
get(
api_points_path(offset: 1, limit: 1),
headers: { 'Authorization' => 'Token ODIN_BOT_ACCESS_TOKEN' }
)
expect(JSON.parse(response.body)).to eq([middle_points.as_json])
end
end
end

describe 'GET #show' do
it 'returns the points for that discord user' do
user_points = create(:point, points: 6, discord_id: 907)
context 'when not authenticated' do
it 'returns status 401' do
get '/api/points/907'

get api_point_path(id: 907)

expect(JSON.parse(response.body)).to eq(user_points.as_json)
expect(response).to have_http_status(:unauthorized)
end
end

it 'returns an error message if the discord user cannot be found' do
get api_point_path(id: 907)
context 'when authenticated' do
around do |example|
ClimateControl.modify(
ODIN_BOT_ACCESS_TOKEN: 'ODIN_BOT_ACCESS_TOKEN'
) do
example.run
end
end

it 'returns the points for that discord user' do
user_points = create(:point, points: 6, discord_id: 907)

get(
'/api/points/907',
headers: { 'Authorization' => 'Token ODIN_BOT_ACCESS_TOKEN' }
)

expect(JSON.parse(response.body)).to eq(user_points.as_json)
end

expect(JSON.parse(response.body)).to eq({ 'message' => 'Unable to find that user' })
it 'returns an error message if the discord user cannot be found' do
get(
'/api/points/907',
headers: { 'Authorization' => 'Token ODIN_BOT_ACCESS_TOKEN' }
)

expect(JSON.parse(response.body)).to eq({ 'message' => 'Unable to find that user' })
end
end
end

Expand Down

0 comments on commit 48062d2

Please sign in to comment.