QT/sure
1
0
Fork 0
mirror of https://github.com/we-promise/sure.git synced 2026-04-19 03:54:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

FIX OpenAPI auth specs (#722)

Browse Source 
* FIX auth specs

* FIX header params are not required with auth spec

* Add missing endpoints
This commit is contained in:
soky srm
2026-01-21 11:10:03 +01:00
committed by GitHub
parent d8cdced662
commit ae61df4978
8 changed files with 673 additions and 214 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
spec/requests/api/v1/accounts_spec.rb Normal file
View File

@@ -0,0 +1,102 @@
# frozen_string_literal: true
require 'swagger_helper'
RSpec.describe 'API V1 Accounts', type: :request do
let(:family) do
Family.create!(
name: 'API Family',
currency: 'USD',
locale: 'en',
date_format: '%m-%d-%Y'
)
end
let(:user) do
family.users.create!(
email: 'api-user@example.com',
password: 'password123',
password_confirmation: 'password123'
)
end
let(:api_key) do
key = ApiKey.generate_secure_key
ApiKey.create!(
user: user,
name: 'API Docs Key',
key: key,
scopes: %w[read_write],
source: 'web'
)
end
let(:'X-Api-Key') { api_key.plain_key }
let!(:checking_account) do
Account.create!(
family: family,
name: 'Checking Account',
balance: 1500.50,
currency: 'USD',
accountable: Depository.create!
)
end
let!(:savings_account) do
Account.create!(
family: family,
name: 'Savings Account',
balance: 10000.00,
currency: 'USD',
accountable: Depository.create!
)
end
let!(:credit_card) do
Account.create!(
family: family,
name: 'Credit Card',
balance: -500.00,
currency: 'USD',
accountable: CreditCard.create!
)
end
path '/api/v1/accounts' do
get 'List accounts' do
tags 'Accounts'
security [ { apiKeyAuth: [] } ]
produces 'application/json'
parameter name: :page, in: :query, type: :integer, required: false,
description: 'Page number (default: 1)'
parameter name: :per_page, in: :query, type: :integer, required: false,
description: 'Items per page (default: 25, max: 100)'
response '200', 'accounts listed' do
schema '$ref' => '#/components/schemas/AccountCollection'
run_test! do |response|
payload = JSON.parse(response.body)
expect(payload.fetch('accounts')).to be_present
expect(payload.fetch('accounts').length).to eq(3)
expect(payload.fetch('pagination')).to include('page', 'per_page', 'total_count', 'total_pages')
end
end
response '200', 'accounts paginated' do
schema '$ref' => '#/components/schemas/AccountCollection'
let(:page) { 1 }
let(:per_page) { 2 }
run_test! do |response|
payload = JSON.parse(response.body)
expect(payload.fetch('accounts').length).to eq(2)
expect(payload.dig('pagination', 'per_page')).to eq(2)
expect(payload.dig('pagination', 'total_count')).to eq(3)
end
end
end
end
end

33
spec/requests/api/v1/categories_spec.rb
View File

@@ -20,25 +20,18 @@ RSpec.describe 'API V1 Categories', type: :request do
)
end
let(:oauth_application) do
Doorkeeper::Application.create!(
name: 'API Docs',
redirect_uri: 'https://example.com/callback',
scopes: 'read read_write'
let(:api_key) do
key = ApiKey.generate_secure_key
ApiKey.create!(
user: user,
name: 'API Docs Key',
key: key,
scopes: %w[read_write],
source: 'web'
)
end
let(:access_token) do
Doorkeeper::AccessToken.create!(
application: oauth_application,
resource_owner_id: user.id,
scopes: 'read_write',
expires_in: 2.hours,
token: SecureRandom.hex(32)
)
end
let(:Authorization) { "Bearer #{access_token.token}" }
let(:'X-Api-Key') { api_key.plain_key }
let!(:parent_category) do
family.categories.create!(
@@ -71,10 +64,8 @@ RSpec.describe 'API V1 Categories', type: :request do
path '/api/v1/categories' do
get 'List categories' do
tags 'Categories'
security [ { bearerAuth: [] } ]
security [ { apiKeyAuth: [] } ]
produces 'application/json'
parameter name: :Authorization, in: :header, required: true, schema: { type: :string },
description: 'Bearer token with read scope'
parameter name: :page, in: :query, type: :integer, required: false,
description: 'Page number (default: 1)'
parameter name: :per_page, in: :query, type: :integer, required: false,
@@ -141,13 +132,11 @@ RSpec.describe 'API V1 Categories', type: :request do
end
path '/api/v1/categories/{id}' do
parameter name: :Authorization, in: :header, required: true, schema: { type: :string },
description: 'Bearer token with read scope'
parameter name: :id, in: :path, type: :string, required: true, description: 'Category ID'
get 'Retrieve a category' do
tags 'Categories'
security [ { bearerAuth: [] } ]
security [ { apiKeyAuth: [] } ]
produces 'application/json'
let(:id) { parent_category.id }

49
spec/requests/api/v1/chats_spec.rb
View File

@@ -21,25 +21,18 @@ RSpec.describe 'API V1 Chats', type: :request do
)
end
let(:oauth_application) do
Doorkeeper::Application.create!(
name: 'API Docs',
redirect_uri: 'https://example.com/callback',
scopes: 'read read_write'
let(:api_key) do
key = ApiKey.generate_secure_key
ApiKey.create!(
user: user,
name: 'API Docs Key',
key: key,
scopes: %w[read_write],
source: 'web'
)
end
let(:access_token) do
Doorkeeper::AccessToken.create!(
application: oauth_application,
resource_owner_id: user.id,
scopes: 'read_write',
expires_in: 2.hours,
token: SecureRandom.hex(32)
)
end
let(:Authorization) { "Bearer #{access_token.token}" }
let(:'X-Api-Key') { api_key.plain_key }
let!(:chat) do
user.chats.create!(title: 'Budget planning').tap do |record|
@@ -84,10 +77,8 @@ RSpec.describe 'API V1 Chats', type: :request do
path '/api/v1/chats' do
get 'List chats' do
tags 'Chats'
security [ { bearerAuth: [] } ]
security [ { apiKeyAuth: [] } ]
produces 'application/json'
parameter name: :Authorization, in: :header, required: true, schema: { type: :string },
description: 'Bearer token with read scope'
response '200', 'chats listed' do
schema '$ref' => '#/components/schemas/ChatCollection'
@@ -117,11 +108,9 @@ RSpec.describe 'API V1 Chats', type: :request do
post 'Create chat' do
tags 'Chats'
security [ { bearerAuth: [] } ]
security [ { apiKeyAuth: [] } ]
consumes 'application/json'
produces 'application/json'
parameter name: :Authorization, in: :header, required: true, schema: { type: :string },
description: 'Bearer token with write scope'
parameter name: :chat_params, in: :body, required: true, schema: {
type: :object,
properties: {
@@ -161,13 +150,11 @@ RSpec.describe 'API V1 Chats', type: :request do
end
path '/api/v1/chats/{id}' do
parameter name: :Authorization, in: :header, required: true, schema: { type: :string },
description: 'Bearer token with read scope'
parameter name: :id, in: :path, type: :string, required: true, description: 'Chat ID'
get 'Retrieve a chat' do
tags 'Chats'
security [ { bearerAuth: [] } ]
security [ { apiKeyAuth: [] } ]
produces 'application/json'
let(:id) { chat.id }
@@ -192,7 +179,7 @@ RSpec.describe 'API V1 Chats', type: :request do
patch 'Update a chat' do
tags 'Chats'
security [ { bearerAuth: [] } ]
security [ { apiKeyAuth: [] } ]
consumes 'application/json'
produces 'application/json'
@@ -235,7 +222,7 @@ RSpec.describe 'API V1 Chats', type: :request do
delete 'Delete a chat' do
tags 'Chats'
security [ { bearerAuth: [] } ]
security [ { apiKeyAuth: [] } ]
produces 'application/json'
let(:id) { another_chat.id }
@@ -253,13 +240,11 @@ RSpec.describe 'API V1 Chats', type: :request do
end
path '/api/v1/chats/{chat_id}/messages' do
parameter name: :Authorization, in: :header, required: true, schema: { type: :string },
description: 'Bearer token with write scope'
parameter name: :chat_id, in: :path, type: :string, required: true, description: 'Chat ID'
post 'Create a message' do
tags 'Chat Messages'
security [ { bearerAuth: [] } ]
security [ { apiKeyAuth: [] } ]
consumes 'application/json'
produces 'application/json'
@@ -309,13 +294,11 @@ RSpec.describe 'API V1 Chats', type: :request do
end
path '/api/v1/chats/{chat_id}/messages/retry' do
parameter name: :Authorization, in: :header, required: true, schema: { type: :string },
description: 'Bearer token with write scope'
parameter name: :chat_id, in: :path, type: :string, required: true, description: 'Chat ID'
post 'Retry the last assistant response' do
tags 'Chat Messages'
security [ { bearerAuth: [] } ]
security [ { apiKeyAuth: [] } ]
produces 'application/json'
let(:chat_id) { chat.id }

37
spec/requests/api/v1/imports_spec.rb
View File

@@ -20,25 +20,18 @@ RSpec.describe 'API V1 Imports', type: :request do
)
end
let(:oauth_application) do
Doorkeeper::Application.create!(
name: 'API Docs',
redirect_uri: 'https://example.com/callback',
scopes: 'read read_write'
let(:api_key) do
key = ApiKey.generate_secure_key
ApiKey.create!(
user: user,
name: 'API Docs Key',
key: key,
scopes: %w[read_write],
source: 'web'
)
end
let(:access_token) do
Doorkeeper::AccessToken.create!(
application: oauth_application,
resource_owner_id: user.id,
scopes: 'read_write',
expires_in: 2.hours,
token: SecureRandom.hex(32)
)
end
let(:Authorization) { "Bearer #{access_token.token}" }
let(:'X-Api-Key') { api_key.plain_key }
let(:account) do
Account.create!(
@@ -72,10 +65,8 @@ RSpec.describe 'API V1 Imports', type: :request do
get 'List imports' do
description 'List all imports for the user\'s family with pagination and filtering.'
tags 'Imports'
security [ { bearerAuth: [] } ]
security [ { apiKeyAuth: [] } ]
produces 'application/json'
parameter name: :Authorization, in: :header, required: true, schema: { type: :string },
description: 'Bearer token with read scope'
parameter name: :page, in: :query, type: :integer, required: false,
description: 'Page number (default: 1)'
parameter name: :per_page, in: :query, type: :integer, required: false,
@@ -127,11 +118,9 @@ RSpec.describe 'API V1 Imports', type: :request do
post 'Create import' do
description 'Create a new import from raw CSV content.'
tags 'Imports'
security [ { bearerAuth: [] } ]
security [ { apiKeyAuth: [] } ]
consumes 'application/json'
produces 'application/json'
parameter name: :Authorization, in: :header, required: true, schema: { type: :string },
description: 'Bearer token with write scope'
parameter name: :body, in: :body, required: true, schema: {
type: :object,
@@ -238,14 +227,12 @@ RSpec.describe 'API V1 Imports', type: :request do
end
path '/api/v1/imports/{id}' do
parameter name: :Authorization, in: :header, required: true, schema: { type: :string },
description: 'Bearer token with read scope'
parameter name: :id, in: :path, type: :string, required: true, description: 'Import ID'
get 'Retrieve an import' do
description 'Retrieve detailed information about a specific import, including configuration and row statistics.'
tags 'Imports'
security [ { bearerAuth: [] } ]
security [ { apiKeyAuth: [] } ]
produces 'application/json'
let(:id) { pending_import.id }

235
spec/requests/api/v1/tags_spec.rb Normal file
View File

@@ -0,0 +1,235 @@
# frozen_string_literal: true
require 'swagger_helper'
RSpec.describe 'API V1 Tags', type: :request do
let(:family) do
Family.create!(
name: 'API Family',
currency: 'USD',
locale: 'en',
date_format: '%m-%d-%Y'
)
end
let(:user) do
family.users.create!(
email: 'api-user@example.com',
password: 'password123',
password_confirmation: 'password123'
)
end
let(:api_key) do
key = ApiKey.generate_secure_key
ApiKey.create!(
user: user,
name: 'API Docs Key',
key: key,
scopes: %w[read_write],
source: 'web'
)
end
let(:'X-Api-Key') { api_key.plain_key }
let!(:essential_tag) do
family.tags.create!(name: 'Essential', color: '#22c55e')
end
let!(:discretionary_tag) do
family.tags.create!(name: 'Discretionary', color: '#f97316')
end
let!(:recurring_tag) do
family.tags.create!(name: 'Recurring', color: '#3b82f6')
end
path '/api/v1/tags' do
get 'List tags' do
tags 'Tags'
security [ { apiKeyAuth: [] } ]
produces 'application/json'
response '200', 'tags listed' do
schema '$ref' => '#/components/schemas/TagCollection'
run_test! do |response|
payload = JSON.parse(response.body)
expect(payload).to be_an(Array)
expect(payload.length).to eq(3)
expect(payload.first).to include('id', 'name', 'color', 'created_at', 'updated_at')
end
end
end
post 'Create tag' do
tags 'Tags'
security [ { apiKeyAuth: [] } ]
consumes 'application/json'
produces 'application/json'
parameter name: :body, in: :body, required: true, schema: {
type: :object,
properties: {
tag: {
type: :object,
properties: {
name: { type: :string, description: 'Tag name (required)' },
color: { type: :string, description: 'Hex color code (optional, auto-assigned if not provided)' }
},
required: %w[name]
}
},
required: %w[tag]
}
response '201', 'tag created' do
schema '$ref' => '#/components/schemas/TagDetail'
let(:body) do
{
tag: {
name: 'Business',
color: '#8b5cf6'
}
}
end
run_test! do |response|
payload = JSON.parse(response.body)
expect(payload.fetch('name')).to eq('Business')
expect(payload.fetch('color')).to eq('#8b5cf6')
end
end
response '201', 'tag created with auto-assigned color' do
schema '$ref' => '#/components/schemas/TagDetail'
let(:body) do
{
tag: {
name: 'Travel'
}
}
end
run_test! do |response|
payload = JSON.parse(response.body)
expect(payload.fetch('name')).to eq('Travel')
expect(payload.fetch('color')).to be_present
end
end
response '422', 'validation error - missing name' do
schema '$ref' => '#/components/schemas/ErrorResponse'
let(:body) do
{
tag: {
color: '#8b5cf6'
}
}
end
run_test!
end
end
end
path '/api/v1/tags/{id}' do
parameter name: :id, in: :path, type: :string, required: true, description: 'Tag ID'
get 'Retrieve a tag' do
tags 'Tags'
security [ { apiKeyAuth: [] } ]
produces 'application/json'
let(:id) { essential_tag.id }
response '200', 'tag retrieved' do
schema '$ref' => '#/components/schemas/TagDetail'
run_test! do |response|
payload = JSON.parse(response.body)
expect(payload.fetch('id')).to eq(essential_tag.id)
expect(payload.fetch('name')).to eq('Essential')
expect(payload.fetch('color')).to eq('#22c55e')
end
end
response '404', 'tag not found' do
schema '$ref' => '#/components/schemas/ErrorResponse'
let(:id) { SecureRandom.uuid }
run_test!
end
end
patch 'Update a tag' do
tags 'Tags'
security [ { apiKeyAuth: [] } ]
consumes 'application/json'
produces 'application/json'
let(:id) { essential_tag.id }
parameter name: :body, in: :body, required: true, schema: {
type: :object,
properties: {
tag: {
type: :object,
properties: {
name: { type: :string },
color: { type: :string }
}
}
}
}
let(:body) do
{
tag: {
name: 'Must Have',
color: '#10b981'
}
}
end
response '200', 'tag updated' do
schema '$ref' => '#/components/schemas/TagDetail'
run_test! do |response|
payload = JSON.parse(response.body)
expect(payload.fetch('name')).to eq('Must Have')
expect(payload.fetch('color')).to eq('#10b981')
end
end
response '404', 'tag not found' do
schema '$ref' => '#/components/schemas/ErrorResponse'
let(:id) { SecureRandom.uuid }
run_test!
end
end
delete 'Delete a tag' do
tags 'Tags'
security [ { apiKeyAuth: [] } ]
let(:id) { recurring_tag.id }
response '204', 'tag deleted' do
run_test!
end
response '404', 'tag not found' do
let(:id) { SecureRandom.uuid }
run_test!
end
end
end
end

41
spec/requests/api/v1/transactions_spec.rb
View File

@@ -20,25 +20,18 @@ RSpec.describe 'API V1 Transactions', type: :request do
)
end
let(:oauth_application) do
Doorkeeper::Application.create!(
name: 'API Docs',
redirect_uri: 'https://example.com/callback',
scopes: 'read read_write'
let(:api_key) do
key = ApiKey.generate_secure_key
ApiKey.create!(
user: user,
name: 'API Docs Key',
key: key,
scopes: %w[read_write],
source: 'web'
)
end
let(:access_token) do
Doorkeeper::AccessToken.create!(
application: oauth_application,
resource_owner_id: user.id,
scopes: 'read_write',
expires_in: 2.hours,
token: SecureRandom.hex(32)
)
end
let(:Authorization) { "Bearer #{access_token.token}" }
let(:'X-Api-Key') { api_key.plain_key }
let(:account) do
Account.create!(
@@ -96,10 +89,8 @@ RSpec.describe 'API V1 Transactions', type: :request do
path '/api/v1/transactions' do
get 'List transactions' do
tags 'Transactions'
security [ { bearerAuth: [] } ]
security [ { apiKeyAuth: [] } ]
produces 'application/json'
parameter name: :Authorization, in: :header, required: true, schema: { type: :string },
description: 'Bearer token with read scope'
parameter name: :page, in: :query, type: :integer, required: false,
description: 'Page number (default: 1)'
parameter name: :per_page, in: :query, type: :integer, required: false,
@@ -174,11 +165,9 @@ RSpec.describe 'API V1 Transactions', type: :request do
post 'Create transaction' do
tags 'Transactions'
security [ { bearerAuth: [] } ]
security [ { apiKeyAuth: [] } ]
consumes 'application/json'
produces 'application/json'
parameter name: :Authorization, in: :header, required: true, schema: { type: :string },
description: 'Bearer token with write scope'
parameter name: :body, in: :body, required: true, schema: {
type: :object,
properties: {
@@ -260,13 +249,11 @@ RSpec.describe 'API V1 Transactions', type: :request do
end
path '/api/v1/transactions/{id}' do
parameter name: :Authorization, in: :header, required: true, schema: { type: :string },
description: 'Bearer token'
parameter name: :id, in: :path, type: :string, required: true, description: 'Transaction ID'
get 'Retrieve a transaction' do
tags 'Transactions'
security [ { bearerAuth: [] } ]
security [ { apiKeyAuth: [] } ]
produces 'application/json'
let(:id) { transaction.id }
@@ -295,7 +282,7 @@ RSpec.describe 'API V1 Transactions', type: :request do
patch 'Update a transaction' do
tags 'Transactions'
security [ { bearerAuth: [] } ]
security [ { apiKeyAuth: [] } ]
consumes 'application/json'
produces 'application/json'
@@ -352,7 +339,7 @@ RSpec.describe 'API V1 Transactions', type: :request do
delete 'Delete a transaction' do
tags 'Transactions'
security [ { bearerAuth: [] } ]
security [ { apiKeyAuth: [] } ]
produces 'application/json'
let(:id) { another_transaction.id }