api keys: allow users to have multiple API keys.

This is useful if you have multiple programs and want to give them different API keys, or if you want to rotate keys for a single program.
2021-02-14 04:06:39 -06:00
parent 37061f95a6
commit a6707fbfa2
7 changed files with 29 additions and 9 deletions
--- a/test/functional/api_keys_controller_test.rb
+++ b/test/functional/api_keys_controller_test.rb
@@ -45,7 +45,7 @@ class ApiKeysControllerTest < ActionDispatch::IntegrationTest
        post_auth user_api_keys_path(@user.id), @user

        assert_redirected_to user_api_keys_path(@user.id)
-        assert_equal(true, @user.api_key.present?)
+        assert_equal(true, @user.api_keys.last.present?)
      end
    end

@@ -58,14 +58,14 @@ class ApiKeysControllerTest < ActionDispatch::IntegrationTest
        delete_auth api_key_path(@api_key.id), @user

        assert_redirected_to user_api_keys_path(@user.id)
-        assert_nil(@user.reload.api_key)
+        assert_raise(ActiveRecord::RecordNotFound) { @api_key.reload }
      end

      should "not allow deleting another user's API key" do
        delete_auth api_key_path(@api_key.id), create(:user)

        assert_response 403
-        assert_not_nil(@user.reload.api_key)
+        assert_not_nil(@api_key.reload)
      end
    end
  end
--- a/test/functional/application_controller_test.rb
+++ b/test/functional/application_controller_test.rb
@@ -55,6 +55,13 @@ class ApplicationControllerTest < ActionDispatch::IntegrationTest
          assert_response :success
        end

+        should "succeed when the user has multiple api keys" do
+          @api_key2 = create(:api_key, user: @user)
+          basic_auth_string = "Basic #{::Base64.encode64("#{@user.name}:#{@api_key2.key}")}"
+          get edit_user_path(@user), headers: { HTTP_AUTHORIZATION: basic_auth_string }
+          assert_response :success
+        end
+
        should "fail for api key mismatches" do
          basic_auth_string = "Basic #{::Base64.encode64("#{@user.name}:badpassword")}"
          get profile_path, as: :json, headers: { HTTP_AUTHORIZATION: basic_auth_string }
@@ -76,6 +83,12 @@ class ApplicationControllerTest < ActionDispatch::IntegrationTest
          assert_response :success
        end

+        should "succeed when the user has multiple api keys" do
+          @api_key2 = create(:api_key, user: @user)
+          get edit_user_path(@user), params: { login: @user.name, api_key: @api_key2.key }
+          assert_response :success
+        end
+
        should "fail for api key mismatches" do
          get profile_path, as: :json, params: { login: @user.name }
          assert_response 401