Skip to content

Commit

Permalink
The guarded endpoint spec.
Browse files Browse the repository at this point in the history 
Removed obsolet double bang !! and .nil? check in the Endpoint's hidden? method.
  • Loading branch information
@texpert
texpert committed Sep 8, 2016
1 parent 7581add commit ec7e5d8
Show file tree
Hide file tree
Showing 2 changed files with 119 additions and 1 deletion.
4 changes: 3 additions & 1 deletion lib/grape-swagger/endpoint.rb
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# frozen_string_literal: true

require 'active_support'
require 'active_support/core_ext/string/inflections.rb'

Expand Down Expand Up @@ -290,7 +292,7 @@ def model_name(name)
def hidden?(route, options)
route_hidden = route.options[:hidden]
return route_hidden unless route_hidden.is_a?(Proc)
!options[:oauth_token].nil? ? route_hidden.call(send(options[:oauth_token].to_sym)) : route_hidden.call
options[:oauth_token] ? route_hidden.call(send(options[:oauth_token].to_sym)) : route_hidden.call
end

def public_parameter?(param)
Expand Down
116 changes: 116 additions & 0 deletions spec/swagger_v2/guarded_endpoint_spec.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
# frozen_string_literal: true

require 'spec_helper'

class SampleAuth < Grape::Middleware::Base
module AuthMethods
attr_accessor :access_token

def protected_endpoint=(protected)
@protected_endpoint = protected
end

def protected_endpoint?
@protected_endpoint || false
end

def access_token
@_access_token
end

def access_token=(token)
@_access_token = token
end
end

def context
env['api.endpoint']
end

def before
context.extend(SampleAuth::AuthMethods)
context.protected_endpoint = !!context.options[:route_options][:auth]

return unless context.protected_endpoint?
scopes = context.options[:route_options][:auth][:scopes].map(&:to_sym)
authorize!(*scopes) unless scopes.include? :false
context.access_token = env['HTTP_AUTHORIZATION']
end
end

module Extension
def sample_auth(*scopes)
description = route_setting(:description) || route_setting(:description, {})
description[:auth] = { scopes: scopes }
end

Grape::API.extend self
end

describe 'a guarded api endpoint' do
before :all do
class GuardedMountedApi < Grape::API
access_token_valid = proc { |token = nil| token.nil? || token != '12345' }

desc 'Show endpoint if authenticated', hidden: access_token_valid
get '/auth' do
{ foo: 'bar' }
end
end

class GuardedApi < Grape::API
mount GuardedMountedApi
add_swagger_documentation endpoint_auth_wrapper: SampleAuth,
swagger_endpoint_guard: 'sample_auth false',
oauth_token: 'access_token'
end
end

def app
GuardedApi
end

context 'when a correct token is passed with the request' do
subject do
get '/swagger_doc.json', {}, 'HTTP_AUTHORIZATION' => '12345'
JSON.parse(last_response.body)
end

it 'retrieves swagger-documentation for the endpoint' do
expect(subject).to eq(
'info' => { 'title' => 'API title', 'version' => '0.0.1' },
'swagger' => '2.0',
'produces' => ['application/xml', 'application/json', 'application/octet-stream', 'text/plain'],
'host' => 'example.org',
'paths' => {
'/auth' => {
'get' => {
'summary' => 'Show endpoint if authenticated',
'description' => 'Show endpoint if authenticated',
'produces' => ['application/json'],
'tags' => ['auth'],
'operationId' => 'getAuth',
'responses' => { '200' => { 'description' => 'Show endpoint if authenticated' } }
}
}
}
)
end
end

context 'when a bad token is passed with the request' do
subject do
get '/swagger_doc.json', {}, 'HTTP_AUTHORIZATION' => '123456'
JSON.parse(last_response.body)
end

it 'does not retrieve swagger-documentation for the endpoint - only the info_object' do
expect(subject).to eq(
'info' => { 'title' => 'API title', 'version' => '0.0.1' },
'swagger' => '2.0',
'produces' => ['application/xml', 'application/json', 'application/octet-stream', 'text/plain'],
'host' => 'example.org'
)
end
end
end

0 comments on commit ec7e5d8

Please sign in to comment.