From 3673c69319b87c82bc8b279583f3d463f347c50b Mon Sep 17 00:00:00 2001
From: Maciej Szlosarczyk <maciej.szlosarczyk@eestiinternet.ee>
Date: Wed, 1 Aug 2018 14:57:41 +0300
Subject: [PATCH] Add Registrant/Contacts endpoint

---
 .../api/v1/registrant/contacts_controller.rb  | 47 +++++++++++
 config/routes.rb                              |  1 +
 .../registrant_api_contacts_test.rb           | 79 +++++++++++++++++++
 3 files changed, 127 insertions(+)
 create mode 100644 app/controllers/api/v1/registrant/contacts_controller.rb
 create mode 100644 test/integration/api/registrant/registrant_api_contacts_test.rb

diff --git a/app/controllers/api/v1/registrant/contacts_controller.rb b/app/controllers/api/v1/registrant/contacts_controller.rb
new file mode 100644
index 000000000..31d56885b
--- /dev/null
+++ b/app/controllers/api/v1/registrant/contacts_controller.rb
@@ -0,0 +1,47 @@
+require 'rails5_api_controller_backport'
+require 'auth_token/auth_token_decryptor'
+
+module Api
+  module V1
+    module Registrant
+      class ContactsController < BaseController
+        before_action :set_contacts_pool
+
+        def index
+          limit = params[:limit] || 200
+          offset = params[:offset] || 0
+
+          if limit.to_i > 200 || limit.to_i < 1
+            render(json: { errors: [{ limit: ['parameter is out of range'] }] },
+                   status: :bad_request) && return
+          end
+
+          if offset.to_i.negative?
+            render(json: { errors: [{ offset: ['parameter is out of range'] }] },
+                   status: :bad_request) && return
+          end
+
+          @contacts = @contacts_pool.limit(limit).offset(offset)
+          render json: @contacts
+        end
+
+        def show
+          @contact = @contacts_pool.find_by(uuid: params[:uuid])
+
+          if @contact
+            render json: @contact
+          else
+            render json: { errors: ['Contact not found'] }, status: :not_found
+          end
+        end
+
+        private
+
+        def set_contacts_pool
+          country_code, ident = current_user.registrant_ident.to_s.split '-'
+          @contacts_pool = Contact.where(country_code: country_code, ident: ident)
+        end
+      end
+    end
+  end
+end
diff --git a/config/routes.rb b/config/routes.rb
index 3ae18a7cd..9229eb1b2 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -24,6 +24,7 @@ Rails.application.routes.draw do
         post 'auth/eid', to: 'auth#eid'
 
         resources :domains, only: [:index]
+        resources :contacts, only: %i[index show]
       end
     end
   end
diff --git a/test/integration/api/registrant/registrant_api_contacts_test.rb b/test/integration/api/registrant/registrant_api_contacts_test.rb
new file mode 100644
index 000000000..a3367dd58
--- /dev/null
+++ b/test/integration/api/registrant/registrant_api_contacts_test.rb
@@ -0,0 +1,79 @@
+require 'test_helper'
+require 'auth_token/auth_token_creator'
+
+class RegistrantApiContactsTest < ActionDispatch::IntegrationTest
+  def setup
+    super
+
+    @user = users(:registrant)
+    @auth_headers = { 'HTTP_AUTHORIZATION' => auth_token }
+  end
+
+  def test_root_returns_domain_list
+    get '/api/v1/registrant/contacts', {}, @auth_headers
+    assert_equal(200, response.status)
+
+    json_body = JSON.parse(response.body, symbolize_names: true)
+    assert_equal(2, json_body.count)
+    array_of_contact_codes = json_body.map { |x| x[:code] }
+    assert(array_of_contact_codes.include?('william-001'))
+    assert(array_of_contact_codes.include?('william-002'))
+  end
+
+  def test_root_accepts_limit_and_offset_parameters
+    get '/api/v1/registrant/contacts', { 'limit' => 1, 'offset' => 0 }, @auth_headers
+    response_json = JSON.parse(response.body, symbolize_names: true)
+    assert_equal(200, response.status)
+    assert_equal(1, response_json.count)
+
+    get '/api/v1/registrant/contacts', {}, @auth_headers
+    response_json = JSON.parse(response.body, symbolize_names: true)
+    assert_equal(2, response_json.count)
+  end
+
+  def test_root_does_not_accept_limit_higher_than_200
+    get '/api/v1/registrant/contacts', { 'limit' => 400, 'offset' => 0 }, @auth_headers
+    assert_equal(400, response.status)
+    response_json = JSON.parse(response.body, symbolize_names: true)
+    assert_equal({ errors: [{ limit: ['parameter is out of range'] }] }, response_json)
+  end
+
+  def test_root_does_not_accept_offset_lower_than_0
+    get '/api/v1/registrant/contacts', { 'limit' => 200, 'offset' => "-10" }, @auth_headers
+    assert_equal(400, response.status)
+    response_json = JSON.parse(response.body, symbolize_names: true)
+    assert_equal({ errors: [{ offset: ['parameter is out of range'] }] }, response_json)
+  end
+
+  def test_root_returns_401_without_authorization
+    get '/api/v1/registrant/contacts', {}, {}
+    assert_equal(401, response.status)
+    json_body = JSON.parse(response.body, symbolize_names: true)
+
+    assert_equal({ errors: ['Not authorized'] }, json_body)
+  end
+
+  def test_details_returns_401_without_authorization
+    get '/api/v1/registrant/contacts/c0a191d5-3793-4f0b-8f85-491612d0293e', {}, {}
+    assert_equal(401, response.status)
+    json_body = JSON.parse(response.body, symbolize_names: true)
+
+    assert_equal({ errors: ['Not authorized'] }, json_body)
+  end
+
+  def test_details_returns_404_for_non_existent_contact
+    get '/api/v1/registrant/contacts/some-random-uuid', {}, @auth_headers
+    assert_equal(404, response.status)
+    json_body = JSON.parse(response.body, symbolize_names: true)
+
+    assert_equal({ errors: ['Contact not found'] }, json_body)
+  end
+
+  private
+
+  def auth_token
+    token_creator = AuthTokenCreator.create_with_defaults(@user)
+    hash = token_creator.token_in_hash
+    "Bearer #{hash[:access_token]}"
+  end
+end