forked from code-corps/code-corps-api
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtoken_controller_test.exs
More file actions
86 lines (71 loc) · 3.16 KB
/
token_controller_test.exs
File metadata and controls
86 lines (71 loc) · 3.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
defmodule CodeCorps.TokenControllerTest do
use CodeCorps.ConnCase
setup do
conn =
%{build_conn | host: "api."}
|> put_req_header("accept", "application/vnd.api+json")
|> put_req_header("content-type", "application/vnd.api+json")
{:ok, conn: conn}
end
defp create_payload(email, password) do
%{
"username" => email,
"password" => password
}
end
describe "create" do
test "authenticates and returns JWT and user ID when data is valid", %{conn: conn} do
user = build(:user, %{password: "password"}) |> set_password("password") |> insert
conn = post conn, token_path(conn, :create), create_payload(user.email, user.password)
response = json_response(conn, 201)
assert response["token"]
assert response["user_id"] == user.id
end
test "does not authenticate and renders errors when the password is wrong", %{conn: conn} do
user = build(:user, %{password: "password"}) |> set_password("password") |> insert
conn = post conn, token_path(conn, :create), create_payload(user.email, "wrong password")
response = json_response(conn, 401)
[error | _] = response["errors"]
assert error["detail"] == "Your password doesn't match the email #{user.email}."
assert error["id"] == "UNAUTHORIZED"
assert error["title"] == "401 Unauthorized"
assert error["status"] == 401
refute response["token"]
refute response["user_id"]
end
test "does not authenticate and renders errors when the user doesn't exist", %{conn: conn} do
conn = post conn, token_path(conn, :create), create_payload("notauser@test.com", "password")
response = json_response(conn, 401)
[error | _] = response["errors"]
assert error["detail"] == "We couldn't find a user with the email notauser@test.com."
assert error["id"] == "UNAUTHORIZED"
assert error["title"] == "401 Unauthorized"
assert error["status"] == 401
refute response["token"]
refute response["user_id"]
end
end
describe "refresh" do
test "refreshes JWT and returns JWT and user ID when data is valid", %{conn: conn} do
user = build(:user, %{password: "password"}) |> set_password("password") |> insert
{:ok, token, _claims} = user |> Guardian.encode_and_sign(:token)
conn = post conn, token_path(conn, :refresh), %{token: token}
response = json_response(conn, 201)
assert response["token"]
assert response["user_id"] == user.id
end
test "does not authenticate and renders errors when the token is expired", %{conn: conn} do
user = build(:user, %{password: "password"}) |> set_password("password") |> insert
{:ok, token, _claims} = user |> Guardian.encode_and_sign(:token, %{ "exp" => Guardian.Utils.timestamp - 10})
conn = post conn, token_path(conn, :refresh), %{token: token}
response = json_response(conn, 401)
refute response["token"]
refute response["user_id"]
[error | _] = response["errors"]
assert error["id"] == "UNAUTHORIZED"
assert error["title"] == "401 Unauthorized"
assert error["status"] == 401
assert error["detail"] == "token_expired"
end
end
end