diff --git a/app/controllers/decidim/apiauth/sessions_controller.rb b/app/controllers/decidim/apiauth/sessions_controller.rb index 8286a38..7e22ac0 100644 --- a/app/controllers/decidim/apiauth/sessions_controller.rb +++ b/app/controllers/decidim/apiauth/sessions_controller.rb @@ -23,9 +23,9 @@ def respond_with(resource, _opts = {}) # to get the bearer token. This allows them to get it from the request # body instead. return render json: resource.serializable_hash.merge( - jwt_token: jwt_token, + jwt_token:, "avatar" => nil - ), status: status + ), status: end # Since avatar can be ActiveStorage object now, it can cause infinite loop diff --git a/decidim-apiauth.gemspec b/decidim-apiauth.gemspec index 3ff254a..50cb0ea 100644 --- a/decidim-apiauth.gemspec +++ b/decidim-apiauth.gemspec @@ -8,7 +8,7 @@ Gem::Specification.new do |spec| spec.metadata = { "rubygems_mfa_required" => "true" } spec.name = "decidim-apiauth" spec.version = Decidim::Apiauth::VERSION - spec.required_ruby_version = ">= 3.0" + spec.required_ruby_version = ">= 3.1" spec.authors = ["Antti Hukkanen"] spec.email = ["antti.hukkanen@mainiotech.fi"] diff --git a/spec/controllers/apiauth/sessions_controller_spec.rb b/spec/controllers/apiauth/sessions_controller_spec.rb index 46ee9d9..31007bf 100644 --- a/spec/controllers/apiauth/sessions_controller_spec.rb +++ b/spec/controllers/apiauth/sessions_controller_spec.rb @@ -5,25 +5,25 @@ module Decidim module Apiauth - describe SessionsController, type: :controller do + describe SessionsController do routes { Decidim::Apiauth::Engine.routes } let(:organization) { create(:organization) } let(:email) { "admin@example.org" } let(:password) { "decidim123456789" } - let!(:user) { create(:user, :confirmed, :admin, organization: organization, email: email, password: password) } + let!(:user) { create(:user, :confirmed, :admin, organization:, email:, password:) } let(:params) do { user: { - email: email, - password: password + email:, + password: } } end let(:invalid_params) do { user: { - email: email, + email:, password: "maga2020" } } @@ -38,10 +38,10 @@ module Apiauth describe "sign in" do it "returns jwt_token when credentials are valid" do expect(request.env[::Warden::JWTAuth::Hooks::PREPARED_TOKEN_ENV_KEY]).not_to be_present - post :create, params: params + post(:create, params:) expect(response).to have_http_status(:ok) expect(request.env[::Warden::JWTAuth::Hooks::PREPARED_TOKEN_ENV_KEY]).to be_present - parsed_response_body = JSON.parse(response.body) + parsed_response_body = response.parsed_body expect(parsed_response_body["jwt_token"]).to eq(request.env[::Warden::JWTAuth::Hooks::PREPARED_TOKEN_ENV_KEY]) end @@ -53,9 +53,9 @@ module Apiauth it "renders resource witout jwt_token in body when Tokendispatcher::ENV_KEY is nil" do @request.env[::Warden::JWTAuth::Middleware::TokenDispatcher::ENV_KEY] = nil - post :create, params: params + post(:create, params:) expect(request.env[::Warden::JWTAuth::Hooks::PREPARED_TOKEN_ENV_KEY]).to be_present - parsed_response_body = JSON.parse(response.body) + parsed_response_body = response.parsed_body expect(parsed_response_body.has_key?("jwt_token")).to be(false) end @@ -66,10 +66,10 @@ module Apiauth it "returns jwt_token when credentials are valid" do expect(request.env[::Warden::JWTAuth::Hooks::PREPARED_TOKEN_ENV_KEY]).not_to be_present - post :create, params: params + post(:create, params:) expect(response).to have_http_status(:ok) expect(request.env[::Warden::JWTAuth::Hooks::PREPARED_TOKEN_ENV_KEY]).to be_present - parsed_response_body = JSON.parse(response.body) + parsed_response_body = response.parsed_body expect(parsed_response_body["jwt_token"]).to eq(request.env[::Warden::JWTAuth::Hooks::PREPARED_TOKEN_ENV_KEY]) end diff --git a/spec/controllers/decidim/api/documentation_controller_spec.rb b/spec/controllers/decidim/api/documentation_controller_spec.rb index eafd402..295c961 100644 --- a/spec/controllers/decidim/api/documentation_controller_spec.rb +++ b/spec/controllers/decidim/api/documentation_controller_spec.rb @@ -4,7 +4,7 @@ module Decidim module Api - describe DocumentationController, type: :controller do + describe DocumentationController do routes { Decidim::Api::Engine.routes } it_behaves_like "a force authentication controller", :get, :show diff --git a/spec/controllers/decidim/api/graphiql_controller_spec.rb b/spec/controllers/decidim/api/graphiql_controller_spec.rb index f93854b..ca68069 100644 --- a/spec/controllers/decidim/api/graphiql_controller_spec.rb +++ b/spec/controllers/decidim/api/graphiql_controller_spec.rb @@ -4,7 +4,7 @@ module Decidim module Api - describe GraphiQLController, type: :controller do + describe GraphiQLController do controller described_class do def show; end end diff --git a/spec/controllers/decidim/api/queries_controller_spec.rb b/spec/controllers/decidim/api/queries_controller_spec.rb index 45f055b..468310e 100644 --- a/spec/controllers/decidim/api/queries_controller_spec.rb +++ b/spec/controllers/decidim/api/queries_controller_spec.rb @@ -5,11 +5,11 @@ module Decidim module Api - describe QueriesController, type: :controller do + describe QueriesController do routes { Decidim::Api::Engine.routes } - let(:organization) { create :organization, force_users_to_authenticate_before_access_organization: true } - let!(:user) { create(:user, :confirmed, :admin, organization: organization) } + let(:organization) { create(:organization, force_users_to_authenticate_before_access_organization: true) } + let!(:user) { create(:user, :confirmed, :admin, organization:) } let(:query) { "{session{user{id nickname}}}" } context "without token" do @@ -18,7 +18,7 @@ module Api end it "redirects to sign in" do - post :create, format: :json, params: { query: query } + post :create, format: :json, params: { query: } expect(response).to have_http_status(:redirect) expect(response).to redirect_to("/users/sign_in") expect(response.body).to include("redirected") @@ -34,15 +34,15 @@ module Api end it "executes a query" do - post :create, params: { query: query } - parsed_response = JSON.parse(response.body)["data"] + post :create, params: { query: } + parsed_response = response.parsed_body["data"] expect(parsed_response["session"]["user"]["id"].to_i).to eq(user.id) expect(parsed_response["session"]["user"]["nickname"]).to eq(user.nickname.prepend("@")) end end context "when using the force API authentication configuration" do - let(:organization) { create :organization } + let(:organization) { create(:organization) } let(:auth_headers) { ::Devise::JWT::TestHelpers.auth_headers({}, user) } it_behaves_like "a force authentication controller", :post, :create @@ -52,8 +52,8 @@ module Api request.env["decidim.current_organization"] = organization request.headers.merge!(auth_headers) - post :create, format: :json, params: { query: query } - parsed_response = JSON.parse(response.body)["data"] + post :create, format: :json, params: { query: } + parsed_response = response.parsed_body["data"] expect(parsed_response["session"]["user"]["id"].to_i).to eq(user.id) expect(parsed_response["session"]["user"]["nickname"]).to eq(user.nickname.prepend("@")) end diff --git a/spec/requests/apiauth_spec.rb b/spec/requests/apiauth_spec.rb index d78a4b7..7a0f783 100644 --- a/spec/requests/apiauth_spec.rb +++ b/spec/requests/apiauth_spec.rb @@ -2,19 +2,19 @@ require "spec_helper" -RSpec.describe "Api authentication", type: :request do +RSpec.describe "ApiAuthentication" do let(:sign_in_path) { "/api/sign_in" } let(:sign_out_path) { "/api/sign_out" } let(:organization) { create(:organization) } let(:email) { "admin@example.org" } let(:password) { "decidim123456789" } - let!(:user) { create(:user, :confirmed, :admin, organization: organization, email: email, password: password) } + let!(:user) { create(:user, :confirmed, :admin, organization:, email:, password:) } let(:params) do { user: { - email: email, - password: password + email:, + password: } } end @@ -34,22 +34,22 @@ end it "signs in" do - post sign_in_path, params: params + post(sign_in_path, params:) expect(response.headers["Authorization"]).to be_present expect(response.body["jwt_token"]).to be_present - parsed_response_body = JSON.parse(response.body) + parsed_response_body = response.parsed_body expect(response.headers["Authorization"].split[1]).to eq(parsed_response_body["jwt_token"]) end it "renders resource when invalid credentials" do post sign_in_path, params: invalid_params - parsed_response_body = JSON.parse(response.body) + parsed_response_body = response.parsed_body expect(parsed_response_body["email"]).to eq(hacker_email) expect(parsed_response_body["jwt_token"]).not_to be_present end it "signs out" do - post sign_in_path, params: params + post(sign_in_path, params:) expect(response).to have_http_status(:ok) authorzation = response.headers["Authorization"] orginal_count = Decidim::Apiauth::JwtBlacklist.count @@ -59,13 +59,13 @@ context "when signed in" do before do - post sign_in_path, params: params + post sign_in_path, params: end it "can use token to post to api" do authorzation = response.headers["Authorization"] - post "/api", params: { query: query }, headers: { HTTP_AUTHORIZATION: authorzation } - parsed_response = JSON.parse(response.body)["data"] + post "/api", params: { query: }, headers: { HTTP_AUTHORIZATION: authorzation } + parsed_response = response.parsed_body["data"] expect(parsed_response["session"]["user"]["id"].to_i).to eq(user.id) expect(parsed_response["session"]["user"]["nickname"]).to eq(user.nickname.prepend("@")) end diff --git a/spec/shared/force_authentication_examples.rb b/spec/shared/force_authentication_examples.rb index 4b662cd..1cd8906 100644 --- a/spec/shared/force_authentication_examples.rb +++ b/spec/shared/force_authentication_examples.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true shared_examples "a force authentication controller" do |method, action| - let(:user) { create(:user, :confirmed, organization: organization) } + let(:user) { create(:user, :confirmed, organization:) } let!(:organization) { create(:organization) } before do