FIX OpenAPI auth specs (#722)

* FIX auth specs * FIX header params are not required with auth spec * Add missing endpoints
2026-04-22 13:34:06 +00:00 · 2026-01-21 11:10:03 +01:00
parent d8cdced662
commit ae61df4978
8 changed files with 673 additions and 214 deletions
--- a/spec/requests/api/v1/transactions_spec.rb
+++ b/spec/requests/api/v1/transactions_spec.rb
@@ -20,25 +20,18 @@ RSpec.describe 'API V1 Transactions', type: :request do
    )
  end

-  let(:oauth_application) do
-    Doorkeeper::Application.create!(
-      name: 'API Docs',
-      redirect_uri: 'https://example.com/callback',
-      scopes: 'read read_write'
+  let(:api_key) do
+    key = ApiKey.generate_secure_key
+    ApiKey.create!(
+      user: user,
+      name: 'API Docs Key',
+      key: key,
+      scopes: %w[read_write],
+      source: 'web'
    )
  end

-  let(:access_token) do
-    Doorkeeper::AccessToken.create!(
-      application: oauth_application,
-      resource_owner_id: user.id,
-      scopes: 'read_write',
-      expires_in: 2.hours,
-      token: SecureRandom.hex(32)
-    )
-  end
-
-  let(:Authorization) { "Bearer #{access_token.token}" }
+  let(:'X-Api-Key') { api_key.plain_key }

  let(:account) do
    Account.create!(
@@ -96,10 +89,8 @@ RSpec.describe 'API V1 Transactions', type: :request do
  path '/api/v1/transactions' do
    get 'List transactions' do
      tags 'Transactions'
-      security [ { bearerAuth: [] } ]
+      security [ { apiKeyAuth: [] } ]
      produces 'application/json'
-      parameter name: :Authorization, in: :header, required: true, schema: { type: :string },
-                description: 'Bearer token with read scope'
      parameter name: :page, in: :query, type: :integer, required: false,
                description: 'Page number (default: 1)'
      parameter name: :per_page, in: :query, type: :integer, required: false,
@@ -174,11 +165,9 @@ RSpec.describe 'API V1 Transactions', type: :request do

    post 'Create transaction' do
      tags 'Transactions'
-      security [ { bearerAuth: [] } ]
+      security [ { apiKeyAuth: [] } ]
      consumes 'application/json'
      produces 'application/json'
-      parameter name: :Authorization, in: :header, required: true, schema: { type: :string },
-                description: 'Bearer token with write scope'
      parameter name: :body, in: :body, required: true, schema: {
        type: :object,
        properties: {
@@ -260,13 +249,11 @@ RSpec.describe 'API V1 Transactions', type: :request do
  end

  path '/api/v1/transactions/{id}' do
-    parameter name: :Authorization, in: :header, required: true, schema: { type: :string },
-              description: 'Bearer token'
    parameter name: :id, in: :path, type: :string, required: true, description: 'Transaction ID'

    get 'Retrieve a transaction' do
      tags 'Transactions'
-      security [ { bearerAuth: [] } ]
+      security [ { apiKeyAuth: [] } ]
      produces 'application/json'

      let(:id) { transaction.id }
@@ -295,7 +282,7 @@ RSpec.describe 'API V1 Transactions', type: :request do

    patch 'Update a transaction' do
      tags 'Transactions'
-      security [ { bearerAuth: [] } ]
+      security [ { apiKeyAuth: [] } ]
      consumes 'application/json'
      produces 'application/json'

@@ -352,7 +339,7 @@ RSpec.describe 'API V1 Transactions', type: :request do

    delete 'Delete a transaction' do
      tags 'Transactions'
-      security [ { bearerAuth: [] } ]
+      security [ { apiKeyAuth: [] } ]
      produces 'application/json'

      let(:id) { another_transaction.id }