Files
fizzy/test/controllers/my/access_tokens_controller_test.rb
T
Rob Zolkos 8ee2d7d65f Add JSON response format to access token creation (#2662)
* Add JSON response format to access token creation

Allows programmatic clients (e.g., CLI) to create access tokens
via the API by returning the token, description, and permission
as JSON instead of redirecting to the HTML show page.

* Add JSON response format to access token creation

Allows programmatic clients (e.g., CLI) to create access tokens
via the API by returning the token, description, and permission
as JSON instead of redirecting to the HTML show page.

* Style

---------

Co-authored-by: David Heinemeier Hansson <david@hey.com>
2026-03-05 13:48:51 -04:00

66 lines
2.4 KiB
Ruby

require "test_helper"
class My::AccessTokensControllerTest < ActionDispatch::IntegrationTest
setup do
sign_in_as :kevin
end
test "create new token" do
get my_access_tokens_path
assert_response :success
get new_my_access_token_path
assert_response :success
assert_changes -> { identities(:kevin).access_tokens.count }, +1 do
post my_access_tokens_path, params: { access_token: { description: "GitHub", permission: "read" } }
follow_redirect!
assert_in_body identities(:kevin).access_tokens.last.token
end
end
test "create new token via JSON with session" do
assert_difference -> { identities(:kevin).access_tokens.count }, +1 do
post my_access_tokens_path, params: { access_token: { description: "Fizzy CLI", permission: "write" } }, as: :json
end
assert_response :created
body = @response.parsed_body
assert body["token"].present?
assert_equal "Fizzy CLI", body["description"]
assert_equal "write", body["permission"]
end
test "create new token via JSON with bearer token" do
sign_out
bearer_token = { "HTTP_AUTHORIZATION" => "Bearer #{identity_access_tokens(:davids_api_token).token}" }
assert_difference -> { identities(:david).access_tokens.count }, +1 do
post my_access_tokens_path, params: { access_token: { description: "Fizzy CLI", permission: "read" } }, env: bearer_token, as: :json
end
assert_response :created
body = @response.parsed_body
assert body["token"].present?
assert_equal "Fizzy CLI", body["description"]
assert_equal "read", body["permission"]
end
test "cannot create new token via JSON with read-only bearer token" do
sign_out
bearer_token = { "HTTP_AUTHORIZATION" => "Bearer #{identity_access_tokens(:jasons_api_token).token}" }
assert_no_difference -> { identities(:jason).access_tokens.count } do
post my_access_tokens_path, params: { access_token: { description: "Fizzy CLI", permission: "read" } }, env: bearer_token, as: :json
end
assert_response :unauthorized
end
test "accessing new token after reveal window redirects to index" do
assert_changes -> { identities(:kevin).access_tokens.count }, +1 do
post my_access_tokens_path, params: { access_token: { description: "GitHub", permission: "read" } }
travel_to 15.seconds.from_now
follow_redirect!
assert_equal "Token is no longer visible", flash[:alert]
end
end
end