From c2bb7f305255da4a51c1eba28a23373bb3bcf205 Mon Sep 17 00:00:00 2001 From: Dan Barber Date: Mon, 19 Feb 2018 16:09:57 -0500 Subject: [PATCH] Add API controller test --- lib/chess/auth/error_handler.ex | 15 +++-- .../controllers/api/game_controller.ex | 4 ++ lib/chess_web/router.ex | 7 +- .../controllers/api/game_controller_test.exs | 64 +++++++++++++++++++ 4 files changed, 83 insertions(+), 7 deletions(-) create mode 100644 test/chess_web/controllers/api/game_controller_test.exs diff --git a/lib/chess/auth/error_handler.ex b/lib/chess/auth/error_handler.ex index c68584f..93e8726 100644 --- a/lib/chess/auth/error_handler.ex +++ b/lib/chess/auth/error_handler.ex @@ -6,9 +6,16 @@ defmodule Chess.Auth.ErrorHandler do import Plug.Conn def auth_error(conn, {_type, _reason}, _opts) do - conn - |> put_flash(:info, "You must be logged in") - |> redirect(to: "/") - |> halt() + case get_format(conn) do + "html" -> + conn + |> put_flash(:info, "You must be logged in") + |> redirect(to: "/") + |> halt() + "json" -> + conn + |> put_status(403) + |> json(%{status: 403, message: "Not authorized"}) + end end end diff --git a/lib/chess_web/controllers/api/game_controller.ex b/lib/chess_web/controllers/api/game_controller.ex index a3f2d85..36fccba 100644 --- a/lib/chess_web/controllers/api/game_controller.ex +++ b/lib/chess_web/controllers/api/game_controller.ex @@ -32,4 +32,8 @@ defmodule ChessWeb.Api.GameController do Map.put(board, "#{to_file},#{to_rank}", piece) end + + defp current_user(conn) do + Guardian.Plug.current_resource(conn) + end end diff --git a/lib/chess_web/router.ex b/lib/chess_web/router.ex index 5366679..80c9f71 100644 --- a/lib/chess_web/router.ex +++ b/lib/chess_web/router.ex @@ -18,6 +18,7 @@ defmodule ChessWeb.Router do end pipeline :api do + plug :fetch_session plug :accepts, ["json"] end @@ -39,9 +40,9 @@ defmodule ChessWeb.Router do end # Other scopes may use custom stacks. - scope "/api", ChessWeb do - pipe_through :api + scope "/api", as: :api do + pipe_through [:api, :auth, :ensure_auth] - resources "/games", Api.GameController, only: [:show, :update] + resources "/games", ChessWeb.Api.GameController, only: [:show, :update] end end diff --git a/test/chess_web/controllers/api/game_controller_test.exs b/test/chess_web/controllers/api/game_controller_test.exs new file mode 100644 index 0000000..64ee7e7 --- /dev/null +++ b/test/chess_web/controllers/api/game_controller_test.exs @@ -0,0 +1,64 @@ +defmodule Chess.ApiGameControllerTest do + use ChessWeb.ConnCase + + alias Chess.Auth.Guardian + + import Chess.Factory, + only: [create_user: 0, create_user: 2, create_game_for: 2] + + test "shows chosen game", %{conn: conn} do + user = create_user() + opponent = create_user("revali", "vahmedoh") + game = create_game_for(user, opponent) + + conn = + conn + |> login(user) + |> get(api_game_path(conn, :show, game)) + + assert json_response(conn, 200) + end + + test "does not show a game if the user is not a player", %{conn: conn} do + user = create_user() + opponent = create_user("revali", "vahmedoh") + game = create_game_for(user, opponent) + + other_user = create_user("mipha", "ilovelink") + + conn = + conn + |> login(other_user) + + assert_error_sent 404, fn -> + get conn, api_game_path(conn, :show, game.id) + end + end + + test "responds with 403 if user is not logged in", %{conn: conn} do + user = create_user() + opponent = create_user("revali", "vahmedoh") + game = create_game_for(user, opponent) + + conn = + conn + |> get(api_game_path(conn, :show, game.id)) + + assert json_response(conn, 403) + end + + test "renders page not found when id is nonexistent", %{conn: conn} do + user = create_user() + conn = login(conn, user) + + assert_error_sent 404, fn -> + get conn, api_game_path(conn, :show, -1) + end + end + + defp login(conn, user) do + conn + |> Guardian.Plug.sign_in(user) + end +end +