From ec7e5d83bf4b39bf072e26389f19df5d9c94caf1 Mon Sep 17 00:00:00 2001
From: texpert <branzeanu.aurel@gmail.com>
Date: Thu, 8 Sep 2016 00:22:20 +0300
Subject: [PATCH] The guarded endpoint spec. Removed obsolet double bang !! and
 .nil? check in the Endpoint's hidden? method.

---
 lib/grape-swagger/endpoint.rb            |   4 +-
 spec/swagger_v2/guarded_endpoint_spec.rb | 116 +++++++++++++++++++++++
 2 files changed, 119 insertions(+), 1 deletion(-)
 create mode 100644 spec/swagger_v2/guarded_endpoint_spec.rb

diff --git a/lib/grape-swagger/endpoint.rb b/lib/grape-swagger/endpoint.rb
index 95ad4ed8..a3f338df 100644
--- a/lib/grape-swagger/endpoint.rb
+++ b/lib/grape-swagger/endpoint.rb
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'active_support'
 require 'active_support/core_ext/string/inflections.rb'
 
@@ -290,7 +292,7 @@ def model_name(name)
     def hidden?(route, options)
       route_hidden = route.options[:hidden]
       return route_hidden unless route_hidden.is_a?(Proc)
-      !options[:oauth_token].nil? ? route_hidden.call(send(options[:oauth_token].to_sym)) : route_hidden.call
+      options[:oauth_token] ? route_hidden.call(send(options[:oauth_token].to_sym)) : route_hidden.call
     end
 
     def public_parameter?(param)
diff --git a/spec/swagger_v2/guarded_endpoint_spec.rb b/spec/swagger_v2/guarded_endpoint_spec.rb
new file mode 100644
index 00000000..15f82fdc
--- /dev/null
+++ b/spec/swagger_v2/guarded_endpoint_spec.rb
@@ -0,0 +1,116 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+class SampleAuth < Grape::Middleware::Base
+  module AuthMethods
+    attr_accessor :access_token
+
+    def protected_endpoint=(protected)
+      @protected_endpoint = protected
+    end
+
+    def protected_endpoint?
+      @protected_endpoint || false
+    end
+
+    def access_token
+      @_access_token
+    end
+
+    def access_token=(token)
+      @_access_token = token
+    end
+  end
+
+  def context
+    env['api.endpoint']
+  end
+
+  def before
+    context.extend(SampleAuth::AuthMethods)
+    context.protected_endpoint = !!context.options[:route_options][:auth]
+
+    return unless context.protected_endpoint?
+    scopes = context.options[:route_options][:auth][:scopes].map(&:to_sym)
+    authorize!(*scopes) unless scopes.include? :false
+    context.access_token = env['HTTP_AUTHORIZATION']
+  end
+end
+
+module Extension
+  def sample_auth(*scopes)
+    description = route_setting(:description) || route_setting(:description, {})
+    description[:auth] = { scopes: scopes }
+  end
+
+  Grape::API.extend self
+end
+
+describe 'a guarded api endpoint' do
+  before :all do
+    class GuardedMountedApi < Grape::API
+      access_token_valid = proc { |token = nil| token.nil? || token != '12345' }
+
+      desc 'Show endpoint if authenticated', hidden: access_token_valid
+      get '/auth' do
+        { foo: 'bar' }
+      end
+    end
+
+    class GuardedApi < Grape::API
+      mount GuardedMountedApi
+      add_swagger_documentation endpoint_auth_wrapper: SampleAuth,
+                                swagger_endpoint_guard: 'sample_auth false',
+                                oauth_token: 'access_token'
+    end
+  end
+
+  def app
+    GuardedApi
+  end
+
+  context 'when a correct token is passed with the request' do
+    subject do
+      get '/swagger_doc.json', {}, 'HTTP_AUTHORIZATION' => '12345'
+      JSON.parse(last_response.body)
+    end
+
+    it 'retrieves swagger-documentation for the endpoint' do
+      expect(subject).to eq(
+        'info' => { 'title' => 'API title', 'version' => '0.0.1' },
+        'swagger' => '2.0',
+        'produces' => ['application/xml', 'application/json', 'application/octet-stream', 'text/plain'],
+        'host' => 'example.org',
+        'paths' => {
+          '/auth' => {
+            'get' => {
+              'summary' => 'Show endpoint if authenticated',
+              'description' => 'Show endpoint if authenticated',
+              'produces' => ['application/json'],
+              'tags' => ['auth'],
+              'operationId' => 'getAuth',
+              'responses' => { '200' => { 'description' => 'Show endpoint if authenticated' } }
+            }
+          }
+        }
+      )
+    end
+  end
+
+  context 'when a bad token is passed with the request' do
+    subject do
+      get '/swagger_doc.json', {}, 'HTTP_AUTHORIZATION' => '123456'
+      JSON.parse(last_response.body)
+    end
+
+    it 'does not retrieve swagger-documentation for the endpoint - only the info_object' do
+      expect(subject).to eq(
+        'info' => { 'title' => 'API title', 'version' => '0.0.1' },
+        'swagger' => '2.0',
+        'produces' => ['application/xml', 'application/json', 'application/octet-stream', 'text/plain'],
+        'host' => 'example.org'
+      )
+    end
+  end
+end