-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
added creating/removing API access tokens
- Loading branch information
Showing
13 changed files
with
218 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
30 changes: 30 additions & 0 deletions
30
app/controllers/api/frontend/api_access_tokens_controller.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
# frozen_string_literal: true | ||
|
||
module Api | ||
module Frontend | ||
class ApiAccessTokensController < Api::Frontend::BaseController | ||
include Deps[create_form: 'forms.api_access_tokens.create'] | ||
|
||
before_action :find_api_access_token, only: %i[destroy] | ||
|
||
def create | ||
case create_form.call(user: current_user) | ||
in { errors: errors } then render json: { errors: errors }, status: :ok | ||
in { result: result } | ||
render json: { result: ApiAccessTokenSerializer.new(result).serializable_hash }, status: :ok | ||
end | ||
end | ||
|
||
def destroy | ||
@api_access_token.destroy | ||
render json: { result: :ok }, status: :ok | ||
end | ||
|
||
private | ||
|
||
def find_api_access_token | ||
@api_access_token = current_user.api_access_tokens.find_by!(uuid: params[:id]) | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# frozen_string_literal: true | ||
|
||
module ApiAccessTokens | ||
class CreateForm | ||
def call(user:) | ||
{ result: user.api_access_tokens.create!(value: SecureRandom.hex) } | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
# frozen_string_literal: true | ||
|
||
class ApiAccessTokenSerializer < ApplicationSerializer | ||
attributes :uuid, :value | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
16 changes: 16 additions & 0 deletions
16
db/migrate/20240703185841_add_uuid_to_api_access_tokens.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
class AddUuidToApiAccessTokens < ActiveRecord::Migration[7.1] | ||
def up | ||
safety_assured do | ||
add_column :api_access_tokens, :uuid, :uuid | ||
add_index :api_access_tokens, :uuid | ||
|
||
ApiAccessToken.find_each { |api_access_token| api_access_token.update(uuid: SecureRandom.uuid) } | ||
|
||
change_column_null :api_access_tokens, :uuid, false | ||
end | ||
end | ||
|
||
def down | ||
remove_column :api_access_tokens, :uuid | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
65 changes: 65 additions & 0 deletions
65
spec/controllers/api/frontend/api_access_tokens_controller_spec.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
# frozen_string_literal: true | ||
|
||
describe Api::Frontend::ApiAccessTokensController do | ||
let!(:user) { create :user } | ||
let(:access_token) { Auth::GenerateTokenService.new.call(user: user)[:result] } | ||
|
||
describe 'POST#create' do | ||
it_behaves_like 'required frontend auth' | ||
|
||
context 'for logged users' do | ||
let(:request) { post :create, params: { auth_token: access_token } } | ||
|
||
it 'creates api access token', :aggregate_failures do | ||
expect { request }.to change(user.api_access_tokens, :count).by(1) | ||
expect(response).to have_http_status :ok | ||
expect(response.parsed_body['errors']).to be_nil | ||
end | ||
end | ||
|
||
def do_request | ||
post :create, params: {} | ||
end | ||
end | ||
|
||
describe 'DELETE#destroy' do | ||
it_behaves_like 'required frontend auth' | ||
|
||
context 'for logged users' do | ||
let!(:api_access_token) { create :api_access_token } | ||
|
||
context 'for unexisting api access token' do | ||
let(:request) { delete :destroy, params: { id: 'unexisting', auth_token: access_token } } | ||
|
||
it 'does not destroy api access token', :aggregate_failures do | ||
expect { request }.not_to change(ApiAccessToken, :count) | ||
expect(response).to have_http_status :not_found | ||
end | ||
end | ||
|
||
context 'for not own api access token' do | ||
let(:request) { delete :destroy, params: { id: api_access_token.uuid, auth_token: access_token } } | ||
|
||
it 'does not destroy api access token', :aggregate_failures do | ||
expect { request }.not_to change(ApiAccessToken, :count) | ||
expect(response).to have_http_status :not_found | ||
end | ||
end | ||
|
||
context 'for own api access token' do | ||
let(:request) { delete :destroy, params: { id: api_access_token.uuid, auth_token: access_token } } | ||
|
||
before { api_access_token.update!(user: user) } | ||
|
||
it 'destroys api access token', :aggregate_failures do | ||
expect { request }.to change(ApiAccessToken, :count).by(-1) | ||
expect(response).to have_http_status :ok | ||
end | ||
end | ||
end | ||
|
||
def do_request | ||
delete :destroy, params: { id: 'unexisting' } | ||
end | ||
end | ||
end |