generated from espoo-dev/rails_boilerplate
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathusers_request_spec.rb
More file actions
145 lines (113 loc) · 3.96 KB
/
users_request_spec.rb
File metadata and controls
145 lines (113 loc) · 3.96 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
# frozen_string_literal: true
require "rails_helper"
RSpec.describe "Users" do
describe "GET /api/v1/users" do
let(:token) { api_token(user) }
let(:path) { "/api/v1/users" }
let(:headers) { auth_token_for(user) }
context "when user authenticated" do
context "when user is authorized" do
let!(:user) { create(:user, admin: true) }
context "when data is valid" do
before do
get "/api/v1/users", params: {}, headers: headers
end
it { expect(response.parsed_body.first).to have_key("id") }
it { expect(response.parsed_body.first).to have_key("email") }
it { expect(response.parsed_body.first["email"]).to eq(user.email) }
it { expect(response).to have_http_status(:ok) }
end
context "when has pagination via page and per_page" do
params = { page: 2, per_page: 5 }
before do
create_list(:user, 8)
headers = auth_token_for(user)
get "/api/v1/users", params: params, headers: headers
end
it "returns only 4 users" do
expect(response.parsed_body.length).to eq(4)
end
end
end
context "when user is unauthorized" do
let(:user) { create(:user) }
before do
get path, params: {}, headers: headers
end
it { expect(response).to have_http_status(:unauthorized) }
it {
expect(response.parsed_body["error"]).to eq("not allowed to index? this User::ActiveRecord_Relation")
}
end
end
context "when user unauthenticated" do
context "when has user" do
before do
get path
end
it { expect(response).to have_http_status(:unauthorized) }
it {
expect(response.parsed_body["error_description"]).to eq(["Invalid token"])
}
end
end
end
describe "Password recovery" do
subject(:get_new_password) { get "/users/password/new" }
let(:user) { create(:user, email: "email@email.com") }
let(:headers) { auth_token_for(user) }
it "returns ok" do
get_new_password
expect(response).to have_http_status(:ok)
end
it "contains reset token" do
get_new_password
token = response.parsed_body.css('input[name="authenticity_token"]').first["value"]
expect(token).not_to be_nil
end
it "sends reset instructions" do
get_new_password
auth_token = response.parsed_body.css('input[name="authenticity_token"]').first["value"]
post "/users/password",
headers: headers,
params: {
authenticity_token: auth_token,
user: { email: user.email }
}
expect { user.reload }.to change(user, :reset_password_token)
end
end
describe "DELETE /api/v1/users/destroy_self" do
context "when user unauthenticated" do
subject(:request_destroy_self) { delete "/api/v1/users/destroy_self" }
it "returns unauthorized status code" do
request_destroy_self
expect(response).to have_http_status(:unauthorized)
end
it "returns invalid_token message error" do
request_destroy_self
expect(response.parsed_body).to include({ error: "invalid_token" })
end
end
context "when user autheticated" do
subject(:request_destroy_self) do
delete "/api/v1/users/destroy_self",
headers: auth_token_for(existing_user),
params: { password: existing_user.password }
end
let(:existing_user) { create(:user, password: "qwe123") }
before do
request_destroy_self
end
it "returns ok" do
expect(response).to have_http_status(:ok)
end
it "returns deletion message" do
expect(response.parsed_body).to include({ message: "Account deleted successfully" })
end
it "deletes user account" do
expect { existing_user.reload }.to raise_error(ActiveRecord::RecordNotFound)
end
end
end
end