Created some initial features for API authentication
This commit is contained in:
parent
f7388d14e7
commit
4f12c2cd10
141
features/api/authorization/pages.feature
Normal file
141
features/api/authorization/pages.feature
Normal file
@ -0,0 +1,141 @@
|
|||||||
|
Feature: Pages
|
||||||
|
In order to ensure pages are not tampered with
|
||||||
|
As an admin, designer or author
|
||||||
|
I will be restricted based on my role
|
||||||
|
|
||||||
|
Background:
|
||||||
|
Given I have the site: "test site" set up
|
||||||
|
And I have a custom model named "Projects" with
|
||||||
|
| label | type | required |
|
||||||
|
| Name | string | true |
|
||||||
|
| Description | text | false |
|
||||||
|
And I have a designer and an author
|
||||||
|
And a page named "hello-world" with id "4f832c2cb0d86d3f42fffffe"
|
||||||
|
And a page named "goodbye-world" with id "4f832c2cb0d86d3f42ffffff"
|
||||||
|
|
||||||
|
Scenario: As an unauthenticated user
|
||||||
|
Given I am not authenticated
|
||||||
|
When I do an API GET to pages.json
|
||||||
|
Then the JSON response should be the following:
|
||||||
|
"""
|
||||||
|
{
|
||||||
|
"error": "You need to sign in or sign up before continuing."
|
||||||
|
}
|
||||||
|
"""
|
||||||
|
|
||||||
|
# listing pages
|
||||||
|
|
||||||
|
Scenario: Accessing pages as an Admin
|
||||||
|
Given I have an "admin" token
|
||||||
|
When I do an API GET request to pages.json
|
||||||
|
Then the JSON response should contain all pages
|
||||||
|
|
||||||
|
Scenario: Accessing pages as a Designer
|
||||||
|
Given I have a "designer" token
|
||||||
|
When I do an API GET request to pages.json
|
||||||
|
Then the JSON response should contain all pages
|
||||||
|
|
||||||
|
Scenario: Accessing pages as an Author
|
||||||
|
Given I have an "author" token
|
||||||
|
When I do an API GET request to pages.json
|
||||||
|
Then the JSON response should contain all pages
|
||||||
|
|
||||||
|
# create page
|
||||||
|
|
||||||
|
Scenario: Creating new page as an Admin
|
||||||
|
Given I have an "admin" token
|
||||||
|
When I do an API GET request to pages.json
|
||||||
|
Then the JSON response should contain 4 pages
|
||||||
|
And the JSON response should contain all pages
|
||||||
|
When I do an API POST to pages.json with:
|
||||||
|
"""
|
||||||
|
{
|
||||||
|
"page": {
|
||||||
|
"title": "New Page",
|
||||||
|
"slug": "new-page",
|
||||||
|
"parent_id": "4f832c2cb0d86d3f42fffffe"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
"""
|
||||||
|
When I do an API GET request to pages.json
|
||||||
|
Then the JSON response should contain 5 pages
|
||||||
|
And the JSON response should contain all pages
|
||||||
|
|
||||||
|
Scenario: Creating new page as a Designer
|
||||||
|
Given I have a "designer" token
|
||||||
|
When I do an API GET request to pages.json
|
||||||
|
Then the JSON response should contain 4 pages
|
||||||
|
And the JSON response should contain all pages
|
||||||
|
When I do an API POST to pages.json with:
|
||||||
|
"""
|
||||||
|
{
|
||||||
|
"page": {
|
||||||
|
"title": "New Page",
|
||||||
|
"slug": "new-page",
|
||||||
|
"parent_id": "4f832c2cb0d86d3f42fffffe"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
"""
|
||||||
|
When I do an API GET request to pages.json
|
||||||
|
Then the JSON response should contain 5 pages
|
||||||
|
And the JSON response should contain all pages
|
||||||
|
|
||||||
|
Scenario: Creating new page as an Author
|
||||||
|
Given I have an "author" token
|
||||||
|
When I do an API POST to pages.json with:
|
||||||
|
"""
|
||||||
|
{
|
||||||
|
"page": {
|
||||||
|
"title": "New Page",
|
||||||
|
"slug": "new-page",
|
||||||
|
"parent_id": "4f832c2cb0d86d3f42fffffe"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
"""
|
||||||
|
Then the JSON response should be an access denied error
|
||||||
|
|
||||||
|
# update page
|
||||||
|
|
||||||
|
Scenario: Updating page as an Admin
|
||||||
|
Given I have an "admin" token
|
||||||
|
When I do an API PUT to pages/4f832c2cb0d86d3f42fffffe.json with:
|
||||||
|
"""
|
||||||
|
{
|
||||||
|
"title": "Brand new updated title"
|
||||||
|
}
|
||||||
|
"""
|
||||||
|
When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json
|
||||||
|
Then the JSON response should contain:
|
||||||
|
"""
|
||||||
|
{
|
||||||
|
"id": "4f832c2cb0d86d3f42fffffe",
|
||||||
|
"title": "Brand new updated title"
|
||||||
|
}
|
||||||
|
"""
|
||||||
|
|
||||||
|
Scenario: Updating page as a Designer
|
||||||
|
Given I have a "designer" token
|
||||||
|
When I do an API PUT to pages/4f832c2cb0d86d3f42fffffe.json with:
|
||||||
|
"""
|
||||||
|
{
|
||||||
|
"title": "Brand new updated title"
|
||||||
|
}
|
||||||
|
"""
|
||||||
|
When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json
|
||||||
|
Then the JSON response should contain:
|
||||||
|
"""
|
||||||
|
{
|
||||||
|
"id": "4f832c2cb0d86d3f42fffffe",
|
||||||
|
"title": "Brand new updated title"
|
||||||
|
}
|
||||||
|
"""
|
||||||
|
|
||||||
|
Scenario: Updating page as an Author
|
||||||
|
Given I have a "designer" token
|
||||||
|
When I do an API PUT to pages/4f832c2cb0d86d3f42fffffe.json with:
|
||||||
|
"""
|
||||||
|
{
|
||||||
|
"title": "Brand new updated title"
|
||||||
|
}
|
||||||
|
"""
|
||||||
|
Then the JSON response should be an access denied error
|
72
features/step_definitions/api_steps.rb
Normal file
72
features/step_definitions/api_steps.rb
Normal file
@ -0,0 +1,72 @@
|
|||||||
|
|
||||||
|
def new_content_page(page_slug, page_contents = '', template = '')
|
||||||
|
@home = @site.pages.where(:slug => 'index').first || FactoryGirl.create(:page)
|
||||||
|
page = @site.pages.build(:slug => page_slug, :body => page_contents, :parent => @home, :title => "some title", :published => true, :raw_template => template)
|
||||||
|
page.should be_valid
|
||||||
|
page
|
||||||
|
end
|
||||||
|
|
||||||
|
def api_base_url
|
||||||
|
'/locomotive/api'
|
||||||
|
end
|
||||||
|
|
||||||
|
def do_api_request(type, url, param_string = nil)
|
||||||
|
params = param_string && JSON.parse(param_string) || {}
|
||||||
|
@raw_response = do_request(type, api_base_url, url, params)
|
||||||
|
@response = JSON.parse(@raw_response.body)
|
||||||
|
end
|
||||||
|
|
||||||
|
Given /^a page named "([^"]*)" with id "([^"]*)"$/ do |name, id|
|
||||||
|
@page = new_content_page(name)
|
||||||
|
@page.id = BSON::ObjectId(id)
|
||||||
|
@page.save!
|
||||||
|
end
|
||||||
|
|
||||||
|
Given /^I have an? "([^"]*)" token$/ do |role|
|
||||||
|
@membership = Locomotive::Site.first.memberships.where(:role => role.downcase).first \
|
||||||
|
|| FactoryGirl.create(role.downcase.to_sym, :site => Locomotive::Site.first)
|
||||||
|
|
||||||
|
login_params = {
|
||||||
|
:email => @membership.account.email,
|
||||||
|
:password => 'easyone'
|
||||||
|
}
|
||||||
|
response = do_request('POST', api_base_url, 'tokens.json', login_params)
|
||||||
|
|
||||||
|
if response.status == 200
|
||||||
|
@token = JSON.parse(response.body)['token']
|
||||||
|
else
|
||||||
|
raise JSON.parse(response.body)['message']
|
||||||
|
end
|
||||||
|
|
||||||
|
add_default_params(:auth_token => @token)
|
||||||
|
end
|
||||||
|
|
||||||
|
When /^I do an API (\w+) (?:request )?to ([\w.\/]+)$/ do |request_type, url|
|
||||||
|
do_api_request(request_type, url)
|
||||||
|
end
|
||||||
|
|
||||||
|
When /^I do an API (\w+) (?:request )?to ([\w.\/]+) with:$/ do |request_type, url, param_string|
|
||||||
|
do_api_request(request_type, url, param_string)
|
||||||
|
end
|
||||||
|
|
||||||
|
Then /^the JSON response should be the following:$/ do |json|
|
||||||
|
@response.should == JSON.parse(json)
|
||||||
|
end
|
||||||
|
|
||||||
|
Then /^the JSON response should contain all pages$/ do
|
||||||
|
page_ids_in_response = @response.collect { |page| page['id'].to_s }.sort
|
||||||
|
all_page_ids = Locomotive::Page.all.collect { |page| page.id.to_s }.sort
|
||||||
|
page_ids_in_response.should == all_page_ids
|
||||||
|
end
|
||||||
|
|
||||||
|
Then /^the JSON response should contain (\d+) pages$/ do |n|
|
||||||
|
@response.count.should == n.to_i
|
||||||
|
end
|
||||||
|
|
||||||
|
Then /^the JSON response should be an access denied error$/ do
|
||||||
|
@response['message'].should == 'You are not authorized to access this page'
|
||||||
|
end
|
||||||
|
|
||||||
|
Then /^the JSON response should contain:$/ do |json|
|
||||||
|
@response.merge(JSON.parse(json)).should == @response
|
||||||
|
end
|
22
features/support/http.rb
Normal file
22
features/support/http.rb
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
module HTTPHelpers
|
||||||
|
|
||||||
|
attr_accessor :default_params
|
||||||
|
|
||||||
|
def add_default_params(params)
|
||||||
|
default_params.merge!(params)
|
||||||
|
end
|
||||||
|
|
||||||
|
def do_request(type, base_url, url, params)
|
||||||
|
request_method = type.downcase.to_sym
|
||||||
|
page.driver.send(request_method, "#{base_url}/#{url}", default_params.merge(params))
|
||||||
|
end
|
||||||
|
|
||||||
|
protected
|
||||||
|
|
||||||
|
def default_params
|
||||||
|
@default_params ||= {}
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
||||||
|
|
||||||
|
World(HTTPHelpers)
|
Loading…
Reference in New Issue
Block a user