Merge branch 'master' into refactor-devise-integration

2025-06-11 07:04:47 +02:00 · 2018-08-09 14:51:22 +03:00 · 2018-08-09 14:51:22 +03:00 · dbace4cbc5
commit dbace4cbc5
parent 0a5de433c2 71c74a66f8
19 changed files with 682 additions and 42 deletions
--- a/test/integration/api/registrant/registrant_api_authentication_test.rb
+++ b/test/integration/api/registrant/registrant_api_authentication_test.rb
@ -0,0 +1,58 @@
+require 'test_helper'
+
+class RegistrantApiAuthenticationTest < ApplicationIntegrationTest
+  def setup
+    super
+
+    @user_hash = { ident: '37010100049', first_name: 'Adam', last_name: 'Baker' }
+    @existing_user = RegistrantUser.find_or_create_by_api_data(@user_hash)
+  end
+
+  def teardown
+    super
+
+  end
+
+  def test_request_creates_user_when_one_does_not_exist
+    params = {
+      ident: '30110100103',
+      first_name: 'John',
+      last_name: 'Smith',
+    }
+
+    post '/api/v1/registrant/auth/eid', params
+    assert(User.find_by(registrant_ident: 'EE-30110100103'))
+
+    json = JSON.parse(response.body, symbolize_names: true)
+    assert_equal([:access_token, :expires_at, :type], json.keys)
+  end
+
+  def test_request_returns_existing_user
+    assert_no_changes User.count do
+      post '/api/v1/registrant/auth/eid', @user_hash
+    end
+  end
+
+  def test_request_returns_401_from_a_not_whitelisted_ip
+    params = { foo: :bar, test: :test }
+    @original_whitelist_ip = ENV['registrant_api_auth_allowed_ips']
+    ENV['registrant_api_auth_allowed_ips'] = '1.2.3.4'
+
+    post '/api/v1/registrant/auth/eid', params
+    assert_equal(401, response.status)
+    json_body = JSON.parse(response.body, symbolize_names: true)
+
+    assert_equal({ errors: [base: ['Not authorized']] }, json_body)
+
+    ENV['registrant_api_auth_allowed_ips'] = @original_whitelist_ip
+  end
+
+  def test_request_documented_parameters_are_required
+    params = { foo: :bar, test: :test }
+
+    post '/api/v1/registrant/auth/eid', params
+    json = JSON.parse(response.body, symbolize_names: true)
+    assert_equal({ errors: [{ ident: ['parameter is required'] }] }, json)
+    assert_equal(422, response.status)
+  end
+end
--- a/test/integration/api/registrant/registrant_api_domains_test.rb
+++ b/test/integration/api/registrant/registrant_api_domains_test.rb
@ -0,0 +1,102 @@
+require 'test_helper'
+require 'auth_token/auth_token_creator'
+
+class RegistrantApiDomainsTest < ApplicationIntegrationTest
+  def setup
+    super
+
+    @original_registry_time = Setting.days_to_keep_business_registry_cache
+    Setting.days_to_keep_business_registry_cache = 1
+    travel_to Time.zone.parse('2010-07-05')
+
+    @domain = domains(:hospital)
+    @registrant = @domain.registrant
+    @user = users(:registrant)
+    @auth_headers = { 'HTTP_AUTHORIZATION' => auth_token }
+  end
+
+  def teardown
+    super
+
+    Setting.days_to_keep_business_registry_cache = @original_registry_time
+    travel_back
+  end
+
+  def test_get_domain_details_by_uuid
+    get '/api/v1/registrant/domains/5edda1a5-3548-41ee-8b65-6d60daf85a37', {}, @auth_headers
+    assert_equal(200, response.status)
+
+    domain = JSON.parse(response.body, symbolize_names: true)
+    assert_equal('hospital.test', domain[:name])
+  end
+
+  def test_get_non_existent_domain_details_by_uuid
+    get '/api/v1/registrant/domains/random-uuid', {}, @auth_headers
+    assert_equal(404, response.status)
+
+    response_json = JSON.parse(response.body, symbolize_names: true)
+    assert_equal({ errors: [base: ['Domain not found']] }, response_json)
+  end
+
+  def test_root_returns_domain_list
+    get '/api/v1/registrant/domains', {}, @auth_headers
+    assert_equal(200, response.status)
+
+    response_json = JSON.parse(response.body, symbolize_names: true)
+    array_of_domain_names = response_json.map { |x| x[:name] }
+    assert(array_of_domain_names.include?('hospital.test'))
+  end
+
+  def test_root_accepts_limit_and_offset_parameters
+    get '/api/v1/registrant/domains', { 'limit' => 2, 'offset' => 0 }, @auth_headers
+    response_json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_equal(200, response.status)
+    assert_equal(2, response_json.count)
+
+    get '/api/v1/registrant/domains', {}, @auth_headers
+    response_json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_equal(5, response_json.count)
+  end
+
+  def test_root_does_not_accept_limit_higher_than_200
+    get '/api/v1/registrant/domains', { 'limit' => 400, 'offset' => 0 }, @auth_headers
+
+    assert_equal(400, response.status)
+    response_json = JSON.parse(response.body, symbolize_names: true)
+    assert_equal({ errors: [{ limit: ['parameter is out of range'] }] }, response_json)
+  end
+
+  def test_root_does_not_accept_offset_lower_than_0
+    get '/api/v1/registrant/domains', { 'limit' => 200, 'offset' => "-10" }, @auth_headers
+
+    assert_equal(400, response.status)
+    response_json = JSON.parse(response.body, symbolize_names: true)
+    assert_equal({ errors: [{ offset: ['parameter is out of range'] }] }, response_json)
+  end
+
+  def test_root_returns_401_without_authorization
+    get '/api/v1/registrant/domains', {}, {}
+    assert_equal(401, response.status)
+    json_body = JSON.parse(response.body, symbolize_names: true)
+
+    assert_equal({ errors: [base: ['Not authorized']] }, json_body)
+  end
+
+  def test_details_returns_401_without_authorization
+    get '/api/v1/registrant/domains/5edda1a5-3548-41ee-8b65-6d60daf85a37', {}, {}
+    assert_equal(401, response.status)
+    json_body = JSON.parse(response.body, symbolize_names: true)
+
+    assert_equal({ errors: [base: ['Not authorized']] }, json_body)
+  end
+
+  private
+
+  def auth_token
+    token_creator = AuthTokenCreator.create_with_defaults(@user)
+    hash = token_creator.token_in_hash
+    "Bearer #{hash[:access_token]}"
+  end
+end