danbooru/test/functional/maintenance/user/api_keys_controller_test.rb

require 'test_helper'

module Maintenance
  module User
    class ApiKeysControllerTest < ActionDispatch::IntegrationTest
      context "An api keys controller" do
        setup do
          @user = create(:gold_user, :password => "password")
          ApiKey.generate!(@user)
        end

        context "#show" do
          should "render" do
            get_auth maintenance_user_api_key_path, @user, params: {user_id: @user.id}
            assert_response :success
          end
        end

        context "#view" do
          context "with a correct password" do
            should "succeed" do
              post_auth view_maintenance_user_api_key_path(user_id: @user.id), @user, params: {user: {password: "password"}}
              assert_response :success
            end

            # hard to test this in integrationtest
            # context "if the user doesn't already have an api key" do
            #   setup do
            #     ::User.any_instance.stubs(:api_key).returns(nil)
            #     cookies[:user_name] = @user.name
            #     cookies[:password_hash] = @user.bcrypt_cookie_password_hash
            #   end

            #   should "generate one" do
            #     ApiKey.expects(:generate!)

            #     assert_difference("ApiKey.count", 1) do
            #       post view_maintenance_user_api_key_path(user_id: @user.id), params: {user: {password: "password"}}
            #     end

            #     assert_not_nil(@user.reload.api_key)
            #   end
            # end

            should "not generate another API key if the user already has one" do
              assert_difference("ApiKey.count", 0) do
                post_auth view_maintenance_user_api_key_path(user_id: @user.id), @user, params: {user: {password: "password"}}
              end
            end
          end
        end

        context "#update" do
          should "regenerate the API key" do
            old_key = @user.api_key
            put_auth maintenance_user_api_key_path, @user, params: {user_id: @user.id, user: {password: "password"}}
            assert_not_equal(old_key.key, @user.reload.api_key.key)
          end
        end

        context "#destroy" do
          should "delete the API key" do
            delete_auth maintenance_user_api_key_path, @user, params: {user_id: @user.id, user: {password: "password"}}
            assert_nil(@user.reload.api_key)
          end
        end
      end
    end
  end
end