From 5697302799d133306a8e72c26207f3f6cc806dc3 Mon Sep 17 00:00:00 2001
From: baarkerlounger <db@slothlife.xyz>
Date: Wed, 13 Oct 2021 09:44:59 +0100
Subject: [PATCH] Spec basic auth

---
 app/controllers/case_logs_controller.rb   |  6 ++++-
 spec/requests/case_log_controller_spec.rb | 28 +++++++++++++++++++----
 2 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/app/controllers/case_logs_controller.rb b/app/controllers/case_logs_controller.rb
index 98af41d26..311de1d7c 100644
--- a/app/controllers/case_logs_controller.rb
+++ b/app/controllers/case_logs_controller.rb
@@ -1,6 +1,6 @@
 class CaseLogsController < ApplicationController
   skip_before_action :verify_authenticity_token, only: [:create], if: :json_request?
-  http_basic_authenticate_with name: ENV["API_USER"], password: ENV["API_KEY"], only: [:create], if: :json_request?
+  before_action :authenticate, only: [:create], if: :json_request?
 
   def index
     @submitted_case_logs = CaseLog.where(status: 1)
@@ -77,6 +77,10 @@ private
     request.format.json?
   end
 
+  def authenticate
+    http_basic_authenticate_or_request_with name: ENV["API_USER"], password: ENV["API_KEY"]
+  end
+
   def create_params
     return {} unless params[:case_log]
 
diff --git a/spec/requests/case_log_controller_spec.rb b/spec/requests/case_log_controller_spec.rb
index 754ab8683..1cef4f373 100644
--- a/spec/requests/case_log_controller_spec.rb
+++ b/spec/requests/case_log_controller_spec.rb
@@ -2,17 +2,24 @@ require "rails_helper"
 
 RSpec.describe CaseLogsController, type: :request do
   describe "POST #create" do
+    let(:tenant_code) { "T365" }
+    let(:tenant_age) { 35 }
+    let(:property_postcode) { "SE11 6TY" }
+    let(:api_username) { "test_user" }
+    let(:api_password) { "test_password" }
+    let(:basic_credentials) do
+      ActionController::HttpAuthentication::Basic
+                          .encode_credentials(api_username, api_password)
+    end
+
     let(:headers) do
       {
         "Content-Type" => "application/json",
         "Accept" => "application/json",
+        "Authorization" => basic_credentials,
       }
     end
 
-    let(:tenant_code) { "T365" }
-    let(:tenant_age) { 35 }
-    let(:property_postcode) { "SE11 6TY" }
-
     let(:params) do
       {
         "tenant_code": tenant_code,
@@ -22,6 +29,9 @@ RSpec.describe CaseLogsController, type: :request do
     end
 
     before do
+      allow(ENV).to receive(:[])
+      allow(ENV).to receive(:[]).with("API_USER").and_return(api_username)
+      allow(ENV).to receive(:[]).with("API_KEY").and_return(api_password)
       post "/case_logs", headers: headers, params: params.to_json
     end
 
@@ -40,5 +50,15 @@ RSpec.describe CaseLogsController, type: :request do
       expect(json_response["tenant_age"]).to eq(tenant_age)
       expect(json_response["property_postcode"]).to eq(property_postcode)
     end
+
+    context "request with invalid credentials" do
+      let(:basic_credentials) do
+        ActionController::HttpAuthentication::Basic.encode_credentials(api_username, "Oops")
+      end
+
+      it "returns 401" do
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
   end
 end