diff --git a/app/controllers/api/points_controller.rb b/app/controllers/api/points_controller.rb index 1676e92fbc..5feb23caaf 100644 --- a/app/controllers/api/points_controller.rb +++ b/app/controllers/api/points_controller.rb @@ -1,6 +1,6 @@ class Api::PointsController < ApplicationController skip_before_action :verify_authenticity_token - before_action :authenticate, except: %i[index show] + before_action :authenticate def index render json: Point.all.order(points: :desc).limit(params[:limit]).offset(params[:offset]) diff --git a/spec/requests/api/points_spec.rb b/spec/requests/api/points_spec.rb index d5fca243bf..4dee418ba4 100644 --- a/spec/requests/api/points_spec.rb +++ b/spec/requests/api/points_spec.rb @@ -2,42 +2,89 @@ RSpec.describe 'Static Pages' do describe 'GET #index' do - it 'returns all points ordered by the highest amount' do - highest_points = create(:point, points: 6) - middle_points = create(:point, points: 5) - lowest_points = create(:point, points: 1) - - get api_points_path - expect(JSON.parse(response.body)).to eq( - [highest_points, middle_points, lowest_points].map(&:as_json) - ) + context 'when not authenticated' do + it 'returns 401 forbidden' do + get api_points_path + + expect(response).to have_http_status(:unauthorized) + end end - context 'when limit and offset params are provided' do - it 'returns the filtererd points ordered by highest' do + context 'when authenticated' do + around do |example| + ClimateControl.modify( + ODIN_BOT_ACCESS_TOKEN: 'ODIN_BOT_ACCESS_TOKEN' + ) do + example.run + end + end + + it 'returns all points ordered by the highest amount' do + highest_points = create(:point, points: 6) + middle_points = create(:point, points: 5) + lowest_points = create(:point, points: 1) + + get( + api_points_path, + headers: { 'Authorization' => 'Token ODIN_BOT_ACCESS_TOKEN' } + ) + + expect(JSON.parse(response.body)).to eq( + [highest_points, middle_points, lowest_points].map(&:as_json) + ) + end + + it 'returns specified offset and limit to points' do create(:point, points: 6) create(:point, points: 1) middle_points = create(:point, points: 5) - get api_points_path(offset: 1, limit: 1) + get( + api_points_path(offset: 1, limit: 1), + headers: { 'Authorization' => 'Token ODIN_BOT_ACCESS_TOKEN' } + ) expect(JSON.parse(response.body)).to eq([middle_points.as_json]) end end end describe 'GET #show' do - it 'returns the points for that discord user' do - user_points = create(:point, points: 6, discord_id: 907) + context 'when not authenticated' do + it 'returns status 401' do + get '/api/points/907' - get api_point_path(id: 907) - - expect(JSON.parse(response.body)).to eq(user_points.as_json) + expect(response).to have_http_status(:unauthorized) + end end - it 'returns an error message if the discord user cannot be found' do - get api_point_path(id: 907) + context 'when authenticated' do + around do |example| + ClimateControl.modify( + ODIN_BOT_ACCESS_TOKEN: 'ODIN_BOT_ACCESS_TOKEN' + ) do + example.run + end + end + + it 'returns the points for that discord user' do + user_points = create(:point, points: 6, discord_id: 907) + + get( + '/api/points/907', + headers: { 'Authorization' => 'Token ODIN_BOT_ACCESS_TOKEN' } + ) + + expect(JSON.parse(response.body)).to eq(user_points.as_json) + end - expect(JSON.parse(response.body)).to eq({ 'message' => 'Unable to find that user' }) + it 'returns an error message if the discord user cannot be found' do + get( + '/api/points/907', + headers: { 'Authorization' => 'Token ODIN_BOT_ACCESS_TOKEN' } + ) + + expect(JSON.parse(response.body)).to eq({ 'message' => 'Unable to find that user' }) + end end end