Created some initial features for API authentication

This commit is contained in:
Alex Sanford 2012-04-16 15:17:11 -03:00
parent f7388d14e7
commit 4f12c2cd10
3 changed files with 235 additions and 0 deletions

View File

@ -0,0 +1,141 @@
Feature: Pages
In order to ensure pages are not tampered with
As an admin, designer or author
I will be restricted based on my role
Background:
Given I have the site: "test site" set up
And I have a custom model named "Projects" with
| label | type | required |
| Name | string | true |
| Description | text | false |
And I have a designer and an author
And a page named "hello-world" with id "4f832c2cb0d86d3f42fffffe"
And a page named "goodbye-world" with id "4f832c2cb0d86d3f42ffffff"
Scenario: As an unauthenticated user
Given I am not authenticated
When I do an API GET to pages.json
Then the JSON response should be the following:
"""
{
"error": "You need to sign in or sign up before continuing."
}
"""
# listing pages
Scenario: Accessing pages as an Admin
Given I have an "admin" token
When I do an API GET request to pages.json
Then the JSON response should contain all pages
Scenario: Accessing pages as a Designer
Given I have a "designer" token
When I do an API GET request to pages.json
Then the JSON response should contain all pages
Scenario: Accessing pages as an Author
Given I have an "author" token
When I do an API GET request to pages.json
Then the JSON response should contain all pages
# create page
Scenario: Creating new page as an Admin
Given I have an "admin" token
When I do an API GET request to pages.json
Then the JSON response should contain 4 pages
And the JSON response should contain all pages
When I do an API POST to pages.json with:
"""
{
"page": {
"title": "New Page",
"slug": "new-page",
"parent_id": "4f832c2cb0d86d3f42fffffe"
}
}
"""
When I do an API GET request to pages.json
Then the JSON response should contain 5 pages
And the JSON response should contain all pages
Scenario: Creating new page as a Designer
Given I have a "designer" token
When I do an API GET request to pages.json
Then the JSON response should contain 4 pages
And the JSON response should contain all pages
When I do an API POST to pages.json with:
"""
{
"page": {
"title": "New Page",
"slug": "new-page",
"parent_id": "4f832c2cb0d86d3f42fffffe"
}
}
"""
When I do an API GET request to pages.json
Then the JSON response should contain 5 pages
And the JSON response should contain all pages
Scenario: Creating new page as an Author
Given I have an "author" token
When I do an API POST to pages.json with:
"""
{
"page": {
"title": "New Page",
"slug": "new-page",
"parent_id": "4f832c2cb0d86d3f42fffffe"
}
}
"""
Then the JSON response should be an access denied error
# update page
Scenario: Updating page as an Admin
Given I have an "admin" token
When I do an API PUT to pages/4f832c2cb0d86d3f42fffffe.json with:
"""
{
"title": "Brand new updated title"
}
"""
When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json
Then the JSON response should contain:
"""
{
"id": "4f832c2cb0d86d3f42fffffe",
"title": "Brand new updated title"
}
"""
Scenario: Updating page as a Designer
Given I have a "designer" token
When I do an API PUT to pages/4f832c2cb0d86d3f42fffffe.json with:
"""
{
"title": "Brand new updated title"
}
"""
When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json
Then the JSON response should contain:
"""
{
"id": "4f832c2cb0d86d3f42fffffe",
"title": "Brand new updated title"
}
"""
Scenario: Updating page as an Author
Given I have a "designer" token
When I do an API PUT to pages/4f832c2cb0d86d3f42fffffe.json with:
"""
{
"title": "Brand new updated title"
}
"""
Then the JSON response should be an access denied error

View File

@ -0,0 +1,72 @@
def new_content_page(page_slug, page_contents = '', template = '')
@home = @site.pages.where(:slug => 'index').first || FactoryGirl.create(:page)
page = @site.pages.build(:slug => page_slug, :body => page_contents, :parent => @home, :title => "some title", :published => true, :raw_template => template)
page.should be_valid
page
end
def api_base_url
'/locomotive/api'
end
def do_api_request(type, url, param_string = nil)
params = param_string && JSON.parse(param_string) || {}
@raw_response = do_request(type, api_base_url, url, params)
@response = JSON.parse(@raw_response.body)
end
Given /^a page named "([^"]*)" with id "([^"]*)"$/ do |name, id|
@page = new_content_page(name)
@page.id = BSON::ObjectId(id)
@page.save!
end
Given /^I have an? "([^"]*)" token$/ do |role|
@membership = Locomotive::Site.first.memberships.where(:role => role.downcase).first \
|| FactoryGirl.create(role.downcase.to_sym, :site => Locomotive::Site.first)
login_params = {
:email => @membership.account.email,
:password => 'easyone'
}
response = do_request('POST', api_base_url, 'tokens.json', login_params)
if response.status == 200
@token = JSON.parse(response.body)['token']
else
raise JSON.parse(response.body)['message']
end
add_default_params(:auth_token => @token)
end
When /^I do an API (\w+) (?:request )?to ([\w.\/]+)$/ do |request_type, url|
do_api_request(request_type, url)
end
When /^I do an API (\w+) (?:request )?to ([\w.\/]+) with:$/ do |request_type, url, param_string|
do_api_request(request_type, url, param_string)
end
Then /^the JSON response should be the following:$/ do |json|
@response.should == JSON.parse(json)
end
Then /^the JSON response should contain all pages$/ do
page_ids_in_response = @response.collect { |page| page['id'].to_s }.sort
all_page_ids = Locomotive::Page.all.collect { |page| page.id.to_s }.sort
page_ids_in_response.should == all_page_ids
end
Then /^the JSON response should contain (\d+) pages$/ do |n|
@response.count.should == n.to_i
end
Then /^the JSON response should be an access denied error$/ do
@response['message'].should == 'You are not authorized to access this page'
end
Then /^the JSON response should contain:$/ do |json|
@response.merge(JSON.parse(json)).should == @response
end

22
features/support/http.rb Normal file
View File

@ -0,0 +1,22 @@
module HTTPHelpers
attr_accessor :default_params
def add_default_params(params)
default_params.merge!(params)
end
def do_request(type, base_url, url, params)
request_method = type.downcase.to_sym
page.driver.send(request_method, "#{base_url}/#{url}", default_params.merge(params))
end
protected
def default_params
@default_params ||= {}
end
end
World(HTTPHelpers)