Add JSON response format to access token creation (#2662)
* Add JSON response format to access token creation Allows programmatic clients (e.g., CLI) to create access tokens via the API by returning the token, description, and permission as JSON instead of redirecting to the HTML show page. * Add JSON response format to access token creation Allows programmatic clients (e.g., CLI) to create access tokens via the API by returning the token, description, and permission as JSON instead of redirecting to the HTML show page. * Style --------- Co-authored-by: David Heinemeier Hansson <david@hey.com>
This commit is contained in:
@@ -19,6 +19,41 @@ class My::AccessTokensControllerTest < ActionDispatch::IntegrationTest
|
||||
end
|
||||
end
|
||||
|
||||
test "create new token via JSON with session" do
|
||||
assert_difference -> { identities(:kevin).access_tokens.count }, +1 do
|
||||
post my_access_tokens_path, params: { access_token: { description: "Fizzy CLI", permission: "write" } }, as: :json
|
||||
end
|
||||
assert_response :created
|
||||
body = @response.parsed_body
|
||||
assert body["token"].present?
|
||||
assert_equal "Fizzy CLI", body["description"]
|
||||
assert_equal "write", body["permission"]
|
||||
end
|
||||
|
||||
test "create new token via JSON with bearer token" do
|
||||
sign_out
|
||||
bearer_token = { "HTTP_AUTHORIZATION" => "Bearer #{identity_access_tokens(:davids_api_token).token}" }
|
||||
|
||||
assert_difference -> { identities(:david).access_tokens.count }, +1 do
|
||||
post my_access_tokens_path, params: { access_token: { description: "Fizzy CLI", permission: "read" } }, env: bearer_token, as: :json
|
||||
end
|
||||
assert_response :created
|
||||
body = @response.parsed_body
|
||||
assert body["token"].present?
|
||||
assert_equal "Fizzy CLI", body["description"]
|
||||
assert_equal "read", body["permission"]
|
||||
end
|
||||
|
||||
test "cannot create new token via JSON with read-only bearer token" do
|
||||
sign_out
|
||||
bearer_token = { "HTTP_AUTHORIZATION" => "Bearer #{identity_access_tokens(:jasons_api_token).token}" }
|
||||
|
||||
assert_no_difference -> { identities(:jason).access_tokens.count } do
|
||||
post my_access_tokens_path, params: { access_token: { description: "Fizzy CLI", permission: "read" } }, env: bearer_token, as: :json
|
||||
end
|
||||
assert_response :unauthorized
|
||||
end
|
||||
|
||||
test "accessing new token after reveal window redirects to index" do
|
||||
assert_changes -> { identities(:kevin).access_tokens.count }, +1 do
|
||||
post my_access_tokens_path, params: { access_token: { description: "GitHub", permission: "read" } }
|
||||
|
||||
Reference in New Issue
Block a user