Spec basic auth

4 years ago · 5697302799
2 changed files with 29 additions and 5 deletions
--- a/app/controllers/case_logs_controller.rb
+++ b/app/controllers/case_logs_controller.rb
@ -1,6 +1,6 @@
 class CaseLogsController < ApplicationController
  skip_before_action :verify_authenticity_token, only: [:create], if: :json_request?
-  http_basic_authenticate_with name: ENV["API_USER"], password: ENV["API_KEY"], only: [:create], if: :json_request?
+  before_action :authenticate, only: [:create], if: :json_request?

  def index
    @submitted_case_logs = CaseLog.where(status: 1)
@ -77,6 +77,10 @@ private
    request.format.json?
  end

+  def authenticate
+    http_basic_authenticate_or_request_with name: ENV["API_USER"], password: ENV["API_KEY"]
+  end
+
  def create_params
    return {} unless params[:case_log]

--- a/spec/requests/case_log_controller_spec.rb
+++ b/spec/requests/case_log_controller_spec.rb
@ -2,17 +2,24 @@ require "rails_helper"

 RSpec.describe CaseLogsController, type: :request do
  describe "POST #create" do
+    let(:tenant_code) { "T365" }
+    let(:tenant_age) { 35 }
+    let(:property_postcode) { "SE11 6TY" }
+    let(:api_username) { "test_user" }
+    let(:api_password) { "test_password" }
+    let(:basic_credentials) do
+      ActionController::HttpAuthentication::Basic
+                          .encode_credentials(api_username, api_password)
+    end
+
    let(:headers) do
      {
        "Content-Type" => "application/json",
        "Accept" => "application/json",
+        "Authorization" => basic_credentials,
      }
    end

-    let(:tenant_code) { "T365" }
-    let(:tenant_age) { 35 }
-    let(:property_postcode) { "SE11 6TY" }
-
    let(:params) do
      {
        "tenant_code": tenant_code,
@ -22,6 +29,9 @@ RSpec.describe CaseLogsController, type: :request do
    end

    before do
+      allow(ENV).to receive(:[])
+      allow(ENV).to receive(:[]).with("API_USER").and_return(api_username)
+      allow(ENV).to receive(:[]).with("API_KEY").and_return(api_password)
      post "/case_logs", headers: headers, params: params.to_json
    end

@ -40,5 +50,15 @@ RSpec.describe CaseLogsController, type: :request do
      expect(json_response["tenant_age"]).to eq(tenant_age)
      expect(json_response["property_postcode"]).to eq(property_postcode)
    end
+
+    context "request with invalid credentials" do
+      let(:basic_credentials) do
+        ActionController::HttpAuthentication::Basic.encode_credentials(api_username, "Oops")
+      end
+
+      it "returns 401" do
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
  end
 end