Refactor authentication token for new study-group-based authorization

2022-09-20 16:24:42 +02:00
parent cb1b163b30
commit 936c11e31f
7 changed files with 30 additions and 12 deletions
--- a/spec/factories/authentication_token.rb
+++ b/spec/factories/authentication_token.rb
@ -6,6 +6,13 @@ FactoryBot.define do
    shared_secret { SecureRandom.hex(32) }
    expire_at { 7.days.from_now }

+    after(:create) do |auth_token|
+      # Do not change anything if a study group was provided explicitly or user has no study groups
+      next if auth_token.study_group_id.present? || auth_token.user.study_groups.blank?
+
+      auth_token.update!(study_group_id: auth_token.user.study_groups.first.id)
+    end
+
    trait :invalid do
      expire_at { 8.days.ago }
    end
--- a/spec/features/authentication_spec.rb
+++ b/spec/features/authentication_spec.rb
@ -48,15 +48,16 @@ describe 'Authentication' do

    context 'with an authentication token' do
      let(:user) { create(:learner) }
+      let(:study_group) { request_for_comment.submission.study_group }
      let(:request_for_comment) { create(:rfc_with_comment, user: user) }
      let(:commenting_user) { InternalUser.create(attributes_for(:teacher)) }
      let(:mail) { UserMailer.got_new_comment(request_for_comment.comments.first, request_for_comment, commenting_user) }
      let(:rfc_link) { request_for_comment_url(request_for_comment, token: token.shared_secret) }

-      before { allow(AuthenticationToken).to receive(:generate!).with(user).and_return(token).once }
+      before { allow(AuthenticationToken).to receive(:generate!).with(user, study_group).and_return(token).once }

      context 'when the token is valid' do
-        let(:token) { create(:authentication_token, user: user) }
+        let(:token) { create(:authentication_token, user: user, study_group: study_group) }

        it 'allows access to the request for comment' do
          mail.deliver_now
@ -67,7 +68,7 @@ describe 'Authentication' do
      end

      context 'with an expired authentication token' do
-        let(:token) { create(:authentication_token, :invalid, user: user) }
+        let(:token) { create(:authentication_token, :invalid, user: user, study_group: study_group) }

        it 'denies access to the request for comment' do
          mail.deliver_now
@ -80,7 +81,7 @@ describe 'Authentication' do
      end

      context 'when the authentication token is used to login' do
-        let(:token) { create(:authentication_token, user: user) }
+        let(:token) { create(:authentication_token, user: user, study_group: study_group) }

        it 'invalidates the token on login' do
          mail.deliver_now
--- a/spec/mailers/user_mailer_spec.rb
+++ b/spec/mailers/user_mailer_spec.rb
@ -118,7 +118,7 @@ describe UserMailer do
    let(:user) { create(:learner) }
    let(:token) { AuthenticationToken.find_by(user: user) }
    let(:request_for_comment) { create(:rfc_with_comment, user: user) }
-    let(:subscription) { Subscription.create(request_for_comment: request_for_comment, user: user) }
+    let(:subscription) { Subscription.create(request_for_comment: request_for_comment, user: user, study_group_id: user.current_study_group_id) }
    let(:from_user) { InternalUser.create(attributes_for(:teacher)) }
    let(:mail) { described_class.got_new_comment_for_subscription(request_for_comment.comments.first, subscription, from_user).deliver_now }