feat: add tests for protected routes

Author: lmeireles

lib/api_ecommerce_web/auth_error_handler.ex

@@ -0,0 +1,13 @@
+defmodule ApiEcommerce.AuthErrorHandler do
+  import Plug.Conn
+
+  @behaviour Guardian.Plug.ErrorHandler
+
+  @impl Guardian.Plug.ErrorHandler
+  def auth_error(conn, {type, _reason}, _opts) do
+    conn
+    |> put_resp_content_type("application/json")
+    |> send_resp(401, '')
+  end
+
+end

lib/api_ecommerce_web/auth_pipeline.ex

@@ -0,0 +1,9 @@
+defmodule ApiEcommerce.Guardian.AuthPipeline do
+  use Guardian.Plug.Pipeline, otp_app: :api_ecommerce,
+                              module: ApiEcommerce.Guardian,
+                              error_handler: ApiEcommerce.AuthErrorHandler
+
+  plug Guardian.Plug.VerifyHeader, realm: "Bearer"
+  plug Guardian.Plug.EnsureAuthenticated
+  plug Guardian.Plug.LoadResource
+end

lib/api_ecommerce_web/router.ex

@@ -1,37 +1,26 @@
 defmodule ApiEcommerceWeb.Router do
   use ApiEcommerceWeb, :router
 
+  alias ApiEcommerce.Guardian
+
   pipeline :api do
     plug :accepts, ["json"]
-    plug :fetch_session
   end
 
   pipeline :auth do
-    plug :verify_auth
+    plug Guardian.AuthPipeline
   end
 
   scope "/v1", ApiEcommerceWeb do
     pipe_through :api
+
     post "/users/sign_in", UserController, :sign_in
+    post "/users/sign_up", UserController, :create
   end
 
   scope "/v1", ApiEcommerceWeb do
-    pipe_through [:api]
-    resources "/users", UserController, except: [:new, :edit]
-  end
-
-  # Plug function
-  defp verify_auth(conn, _opts) do
-    current_user_id = get_session(conn, :current_user_id)
+    pipe_through [:api, :auth]
 
-    if current_user_id do
-      conn
-    else
-      conn
-      |> put_status(:unauthorized)
-      |> put_view(MyAppWeb.ErrorView)
-      |> render("401.json", message: "Unauthenticated user")
-      |> halt()
-    end
+    resources "/users", UserController, except: [:new, :create, :edit]
   end
 end

lib/guardian.ex

@@ -12,7 +12,7 @@ defmodule ApiEcommerce.Guardian do
 
   def resource_from_claims(claims) do
     id = claims["sub"]
-    resource = MyApi.Accounts.get_user!(id)
+    resource = ApiEcommerce.Auth.get_user!(id)
     {:ok,  resource}
   end
 

test/api_ecommerce_web/controllers/user_controller_test.exs

@@ -34,12 +34,17 @@ defmodule ApiEcommerceWeb.UserControllerTest do
 
   setup %{conn: conn} do
     {:ok, conn: conn, current_user: current_user} = setup_current_user(conn)
-    {:ok, conn: put_req_header(conn, "accept", "application/json"), current_user: current_user}
+    {:ok, token, _} = Guardian.encode_and_sign(current_user)
+    {:ok, conn: put_req_header(conn, "accept", "application/json"), current_user: current_user, token: token}
   end
 
   describe "index" do
-    test "lists all users", %{conn: conn, current_user: current_user} do
-      conn = get(conn, Routes.user_path(conn, :index))
+    test "lists all users", %{conn: conn, current_user: current_user, token: token} do
+
+      conn = conn
+             |> put_req_header("authorization", "bearer: " <> token)
+             |> get(Routes.user_path(conn, :index))
+
       assert json_response(conn, 200)["data"] == [
                %{
                  "id" => current_user.id,
@@ -52,13 +57,15 @@ defmodule ApiEcommerceWeb.UserControllerTest do
   end
 
   describe "create user" do
-    test "renders user when data is valid", %{conn: conn} do
-      conn = post(conn, Routes.user_path(conn, :create), user: @create_attrs)
-      assert %{"id" => id} = json_response(conn, 201)["data"]
+    test "renders user when data is valid", %{conn: conn, token: token} do
+      request1 = post(conn, Routes.user_path(conn, :create), user: @create_attrs)
+      assert %{"id" => id} = json_response(request1, 201)["data"]
 
-      conn = get(conn, Routes.user_path(conn, :show, id))
+      request2 = conn
+             |> put_req_header("authorization", "bearer: " <> token)
+             |> get(Routes.user_path(conn, :show, id))
 
-      assert json_response(conn, 200)["data"] == %{
+      assert json_response(request2, 200)["data"] == %{
                "id" => id,
                "email" => @create_attrs.email,
                "status" => "active",
@@ -75,31 +82,40 @@ defmodule ApiEcommerceWeb.UserControllerTest do
   describe "update user" do
     setup [:create_user]
 
-    test "renders user when data is valid", %{conn: conn, user: %User{id: id} = user} do
-      conn = put(conn, Routes.user_path(conn, :update, user), user: @update_attrs)
-      assert %{"id" => ^id} = json_response(conn, 200)["data"]
+    test "renders user when data is valid", %{conn: conn, user: %User{id: id} = user, token: token} do
+      request1 = conn
+             |> put_req_header("authorization", "bearer: " <> token)
+             |> put(Routes.user_path(conn, :update, user), user: @update_attrs)
+
+      assert %{"id" => ^id} = json_response(request1, 200)["data"]
 
-      conn = get(conn, Routes.user_path(conn, :show, id))
+      request2 = conn
+             |> put_req_header("authorization", "bearer: " <> token)
+             |> get(Routes.user_path(conn, :show, id))
 
-      assert json_response(conn, 200)["data"] == %{
+      assert json_response(request2, 200)["data"] == %{
                "id" => id,
                "email" => @update_attrs.email,
                "status" => user.status |> Atom.to_string(),
                "role" => user.role |> Atom.to_string()
              }
     end
 
-    test "renders errors when data is invalid", %{conn: conn, user: user} do
-      conn = put(conn, Routes.user_path(conn, :update, user), user: @invalid_attrs)
+    test "renders errors when data is invalid", %{conn: conn, user: user, token: token} do
+      conn = conn
+             |> put_req_header("authorization", "bearer: " <> token)
+             |> put(Routes.user_path(conn, :update, user), user: @invalid_attrs)
       assert json_response(conn, 422)["errors"] != %{}
     end
   end
 
   describe "delete user" do
     setup [:create_user]
 
-    test "deletes chosen user", %{conn: conn, user: user} do
-      conn = delete(conn, Routes.user_path(conn, :delete, user))
+    test "deletes chosen user", %{conn: conn, user: user, token: token} do
+      conn = conn
+             |> put_req_header("authorization", "bearer: " <> token)
+             |> delete(Routes.user_path(conn, :delete, user))
       assert response(conn, 204)
 
       assert_error_sent 404, fn ->
@@ -111,7 +127,10 @@ defmodule ApiEcommerceWeb.UserControllerTest do
   describe "sign_in user" do
     test "renders user when user credentials are good", %{conn: conn, current_user: current_user} do
       conn =
-        post(conn, Routes.user_path(conn, :sign_in, %{ email: current_user.email, password: @current_user_attrs.password}))
+        post(
+          conn,
+          Routes.user_path(conn, :sign_in, %{email: current_user.email, password: @current_user_attrs.password})
+        )
 
       assert json_response(conn, 200)["data"]["id"] == current_user.id
       assert json_response(conn, 200)["data"]["email"] == current_user.email