mirage: Add generic /api/v1/me/token route handlers

Author: Turbo87

mirage/factories/api-token.js

@@ -0,0 +1,18 @@
+import { Factory } from 'ember-cli-mirage';
+
+export default Factory.extend({
+  createdAt: '2017-11-19T17:59:22',
+  lastUsedAt: null,
+  name: i => `API Token ${i + 1}`,
+  token: () => generateToken(),
+
+  afterCreate(model) {
+    if (!model.user) {
+      throw new Error('Missing `user` relationship on `api-token`');
+    }
+  },
+});
+
+function generateToken() {
+  return Math.random().toString().slice(2);
+}

mirage/models/api-token.js

@@ -1,3 +1,5 @@
-import { Model } from 'ember-cli-mirage';
+import { Model, belongsTo } from 'ember-cli-mirage';
 
-export default Model.extend({});
+export default Model.extend({
+  user: belongsTo(),
+});

mirage/route-handlers/me.js

@@ -22,6 +22,43 @@ export function register(server) {
     return json;
   });
 
+  server.get('/api/v1/me/tokens', function (schema) {
+    let { user } = getSession(schema);
+    if (!user) {
+      return new Response(403, {}, { errors: [{ detail: 'must be logged in to perform that action' }] });
+    }
+
+    return schema.apiTokens.where({ userId: user.id }).sort((a, b) => Number(b.id) - Number(a.id));
+  });
+
+  server.put('/api/v1/me/tokens', function (schema) {
+    let { user } = getSession(schema);
+    if (!user) {
+      return new Response(403, {}, { errors: [{ detail: 'must be logged in to perform that action' }] });
+    }
+
+    let { name } = this.normalizedRequestAttrs('api-token');
+    let token = server.create('api-token', { user, name, createdAt: new Date().toISOString() });
+
+    let json = this.serialize(token);
+    json.api_token.revoked = false;
+    json.api_token.token = token.token;
+    return json;
+  });
+
+  server.delete('/api/v1/me/tokens/:tokenId', function (schema, request) {
+    let { user } = getSession(schema);
+    if (!user) {
+      return new Response(403, {}, { errors: [{ detail: 'must be logged in to perform that action' }] });
+    }
+
+    let { tokenId } = request.params;
+    let token = schema.apiTokens.findBy({ id: tokenId, userId: user.id });
+    if (token) token.destroy();
+
+    return {};
+  });
+
   server.put('/api/v1/confirm/:token', (schema, request) => {
     let { token } = request.params;
 

mirage/serializers/api-token.js

@@ -0,0 +1,29 @@
+import BaseSerializer from './application';
+
+export default BaseSerializer.extend({
+  getHashForResource() {
+    let [hash, addToIncludes] = BaseSerializer.prototype.getHashForResource.apply(this, arguments);
+
+    if (Array.isArray(hash)) {
+      for (let resource of hash) {
+        this._adjust(resource);
+      }
+    } else {
+      this._adjust(hash);
+    }
+
+    return [hash, addToIncludes];
+  },
+
+  _adjust(hash) {
+    hash.id = Number(hash.id);
+    if (hash.created_at) {
+      hash.created_at = new Date(hash.created_at).toISOString();
+    }
+    if (hash.last_used_at) {
+      hash.last_used_at = new Date(hash.last_used_at).toISOString();
+    }
+    delete hash.token;
+    delete hash.user_id;
+  },
+});

tests/acceptance/api-token-test.js

@@ -19,16 +19,18 @@ module('Acceptance | api-tokens', function (hooks) {
       avatar: 'https://avatars2.githubusercontent.com/u/1234567?v=4',
     });
 
-    context.server.get('/api/v1/me/tokens', {
-      api_tokens: [
-        { id: 2, name: 'BAR', created_at: new Date('2017-11-19T17:59:22').toISOString(), last_used_at: null },
-        {
-          id: 1,
-          name: 'foo',
-          created_at: new Date('2017-08-01T12:34:56').toISOString(),
-          last_used_at: new Date('2017-11-02T01:45:14').toISOString(),
-        },
-      ],
+    context.server.create('api-token', {
+      user,
+      name: 'foo',
+      createdAt: '2017-08-01T12:34:56',
+      lastUsedAt: '2017-11-02T01:45:14',
+    });
+
+    context.server.create('api-token', {
+      user,
+      name: 'BAR',
+      createdAt: '2017-11-19T17:59:22',
+      lastUsedAt: null,
     });
 
     context.authenticateAs(user);
@@ -64,17 +66,12 @@ module('Acceptance | api-tokens', function (hooks) {
   test('API tokens can be revoked', async function (assert) {
     prepare(this);
 
-    this.server.delete('/api/v1/me/tokens/:id', function (schema, request) {
-      assert.step(`delete id:${request.params.id}`);
-      return {};
-    });
-
     await visit('/me');
     assert.equal(currentURL(), '/me');
     assert.dom('[data-test-api-token]').exists({ count: 2 });
 
     await click('[data-test-api-token="1"] [data-test-revoke-token-button]');
-    assert.verifySteps(['delete id:1']);
+    assert.equal(this.server.schema.apiTokens.all().length, 1, 'API token has been deleted from the backend database');
 
     assert.dom('[data-test-api-token]').exists({ count: 1 });
     assert.dom('[data-test-api-token="2"]').exists();
@@ -102,23 +99,6 @@ module('Acceptance | api-tokens', function (hooks) {
   test('new API tokens can be created', async function (assert) {
     prepare(this);
 
-    this.server.put('/api/v1/me/tokens', function (schema, request) {
-      assert.step('put');
-
-      let { api_token } = JSON.parse(request.requestBody);
-
-      return {
-        api_token: {
-          id: 5,
-          name: api_token.name,
-          token: 'zuz6nYcXJOzPDvnA9vucNwccG0lFSGbh',
-          revoked: false,
-          created_at: api_token.created_at,
-          last_used_at: api_token.last_used_at,
-        },
-      };
-    });
-
     await visit('/me');
     assert.equal(currentURL(), '/me');
     assert.dom('[data-test-api-token]').exists({ count: 2 });
@@ -134,15 +114,18 @@ module('Acceptance | api-tokens', function (hooks) {
     percySnapshot(assert);
 
     await click('[data-test-save-token-button]');
-    assert.verifySteps(['put']);
+
+    let token = this.server.schema.apiTokens.findBy({ name: 'the new token' });
+    assert.ok(Boolean(token), 'API token has been created in the backend database');
+
     assert.dom('[data-test-focused-input]').doesNotExist();
     assert.dom('[data-test-save-token-button]').doesNotExist();
 
-    assert.dom('[data-test-api-token="5"] [data-test-name]').hasText('the new token');
-    assert.dom('[data-test-api-token="5"] [data-test-save-token-button]').doesNotExist();
-    assert.dom('[data-test-api-token="5"] [data-test-revoke-token-button]').exists();
-    assert.dom('[data-test-api-token="5"] [data-test-saving-spinner]').doesNotExist();
-    assert.dom('[data-test-api-token="5"] [data-test-error]').doesNotExist();
-    assert.dom('[data-test-token]').includesText('cargo login zuz6nYcXJOzPDvnA9vucNwccG0lFSGbh');
+    assert.dom('[data-test-api-token="3"] [data-test-name]').hasText('the new token');
+    assert.dom('[data-test-api-token="3"] [data-test-save-token-button]').doesNotExist();
+    assert.dom('[data-test-api-token="3"] [data-test-revoke-token-button]').exists();
+    assert.dom('[data-test-api-token="3"] [data-test-saving-spinner]').doesNotExist();
+    assert.dom('[data-test-api-token="3"] [data-test-error]').doesNotExist();
+    assert.dom('[data-test-token]').includesText(`cargo login ${token.token}`);
   });
 });

tests/mirage/me-test.js

@@ -3,6 +3,7 @@ import { module, test } from 'qunit';
 
 import setupMirage from '../helpers/setup-mirage';
 import fetch from 'fetch';
+import timekeeper from 'timekeeper';
 
 module('Mirage | /me', function (hooks) {
   setupTest(hooks);
@@ -64,6 +65,135 @@ module('Mirage | /me', function (hooks) {
     });
   });
 
+  module('GET /api/v1/me/tokens', function () {
+    test('returns the list of API token for the authenticated `user`', async function (assert) {
+      let user = this.server.create('user');
+      this.server.create('mirage-session', { user });
+
+      this.server.create('api-token', { user });
+      this.server.create('api-token', { user });
+      this.server.create('api-token', { user });
+
+      let response = await fetch('/api/v1/me/tokens');
+      assert.equal(response.status, 200);
+
+      let responsePayload = await response.json();
+      assert.deepEqual(responsePayload, {
+        api_tokens: [
+          {
+            id: 3,
+            created_at: '2017-11-19T16:59:22.000Z',
+            last_used_at: null,
+            name: 'API Token 3',
+          },
+          {
+            id: 2,
+            created_at: '2017-11-19T16:59:22.000Z',
+            last_used_at: null,
+            name: 'API Token 2',
+          },
+          {
+            id: 1,
+            created_at: '2017-11-19T16:59:22.000Z',
+            last_used_at: null,
+            name: 'API Token 1',
+          },
+        ],
+      });
+    });
+
+    test('empty list case', async function (assert) {
+      let user = this.server.create('user');
+      this.server.create('mirage-session', { user });
+
+      let response = await fetch('/api/v1/me/tokens');
+      assert.equal(response.status, 200);
+
+      let responsePayload = await response.json();
+      assert.deepEqual(responsePayload, { api_tokens: [] });
+    });
+
+    test('returns an error if unauthenticated', async function (assert) {
+      let response = await fetch('/api/v1/me/tokens');
+      assert.equal(response.status, 403);
+
+      let responsePayload = await response.json();
+      assert.deepEqual(responsePayload, {
+        errors: [{ detail: 'must be logged in to perform that action' }],
+      });
+    });
+  });
+
+  module('PUT /api/v1/me/tokens', function () {
+    test('creates a new API token', async function (assert) {
+      timekeeper.freeze(new Date('2017-11-20T11:23:45Z'));
+
+      let user = this.server.create('user');
+      this.server.create('mirage-session', { user });
+
+      let body = JSON.stringify({ api_token: { name: 'foooo' } });
+      let response = await fetch('/api/v1/me/tokens', { method: 'PUT', body });
+      assert.equal(response.status, 200);
+
+      let token = this.server.schema.apiTokens.all().models[0];
+      assert.ok(token);
+
+      let responsePayload = await response.json();
+      assert.deepEqual(responsePayload, {
+        api_token: {
+          id: 1,
+          created_at: '2017-11-20T11:23:45.000Z',
+          last_used_at: null,
+          name: 'foooo',
+          revoked: false,
+          token: token.token,
+        },
+      });
+    });
+
+    test('returns an error if unauthenticated', async function (assert) {
+      let body = JSON.stringify({ api_token: {} });
+      let response = await fetch('/api/v1/me/tokens', { method: 'PUT', body });
+      assert.equal(response.status, 403);
+
+      let responsePayload = await response.json();
+      assert.deepEqual(responsePayload, {
+        errors: [{ detail: 'must be logged in to perform that action' }],
+      });
+    });
+  });
+
+  module('DELETE /api/v1/me/tokens/:tokenId', function () {
+    test('revokes an API token', async function (assert) {
+      let user = this.server.create('user');
+      this.server.create('mirage-session', { user });
+
+      let token = this.server.create('api-token', { user });
+
+      let response = await fetch(`/api/v1/me/tokens/${token.id}`, { method: 'DELETE' });
+      assert.equal(response.status, 200);
+
+      let responsePayload = await response.json();
+      assert.deepEqual(responsePayload, {});
+
+      let tokens = this.server.schema.apiTokens.all().models;
+      assert.equal(tokens.length, 0);
+    });
+
+    test('returns an error if unauthenticated', async function (assert) {
+      let user = this.server.create('user');
+      let token = this.server.create('api-token', { user });
+
+      let response = await fetch(`/api/v1/me/tokens/${token.id}`, { method: 'DELETE' });
+      assert.equal(response.status, 403);
+
+      let responsePayload = await response.json();
+      assert.deepEqual(responsePayload, {
+        errors: [{ detail: 'must be logged in to perform that action' }],
+      });
+    });
+  });
+
   module('GET /api/v1/confirm/:token', function () {
     test('returns `ok: true` for a known token (unauthenticated)', async function (assert) {
       let user = this.server.create('user', { emailVerificationToken: 'foo' });