diff --git a/test/controllers/api_test.rb b/test/controllers/api_test.rb index 51d0367f2..162f9d86a 100644 --- a/test/controllers/api_test.rb +++ b/test/controllers/api_test.rb @@ -1,8 +1,12 @@ require "test_helper" class ApiTest < ActionDispatch::IntegrationTest + setup do + @davids_bearer_token = bearer_token_env(identity_access_tokens(:davids_api_token).token) + end + test "authenticate with valid access token" do - get boards_path(format: :json), env: bearer_token_env(identity_access_tokens(:jasons_api_token).token) + get boards_path(format: :json), env: @davids_bearer_token assert_response :success end @@ -11,6 +15,14 @@ class ApiTest < ActionDispatch::IntegrationTest assert_response :unauthorized end + test "boards" do + get boards_path(format: :json), env: @davids_bearer_token + assert_equal users(:david).boards.count, @response.parsed_body.count + + get board_path(boards(:writebook), format: :json), env: @jasons_bearer_token + assert_equal boards(:writebook).name, @response.parsed_body["name"] + end + private def bearer_token_env(token) { "HTTP_AUTHORIZATION" => "Bearer #{token}" } diff --git a/test/fixtures/identity/access_tokens.yml b/test/fixtures/identity/access_tokens.yml index 17089b6c9..cfbbb6248 100644 --- a/test/fixtures/identity/access_tokens.yml +++ b/test/fixtures/identity/access_tokens.yml @@ -3,3 +3,9 @@ jasons_api_token: token: 018cf1425682700098f24f0799e3fe20 description: My Superscript permission: read + +davids_api_token: + identity: david + token: x18cf1425682700098f24f0799e3fe20 + description: My Superscript + permission: write