Sha256: b38e3df3466422f5d59b066ec581a9d85a4e330b5268e00abc139e6e5fa17e15
Contents?: true
Size: 1.45 KB
Versions: 4
Compression:
Stored size: 1.45 KB
Contents
# coding: utf-8
require_relative '../spec_helper'
describe "Tenant isoloation", api: true, vcr: VCR_OPTS do
let(:foo) { FactoryGirl.create :tenant, slug: 'foo' }
let(:bar) { FactoryGirl.create :tenant, slug: 'bar' }
let!(:foo_user) { FactoryGirl.create :user, tenant: foo }
let!(:bar_user) { FactoryGirl.create :user, tenant: bar }
before(:each) {
Hippo.logger.level = ::Logger::ERROR
}
it 'isolates foo’s tenant data from bar' do
get '/api/hippo/user.json', {} , {
'HTTP_AUTHORIZATION' => foo_user.jwt_token,
'SERVER_NAME' => "#{foo.slug}.example.ua" }
ids = last_response_json['data'].map { |u| u['id'] }
expect(ids).to include(foo_user.id)
expect(ids).not_to include(bar_user.id)
end
it 'isolates bar’s tenant data from foo' do
get '/api/hippo/user.json', {}, {
'HTTP_AUTHORIZATION' => bar_user.jwt_token,
'SERVER_NAME' => "#{bar.slug}.example.ua" }
ids = last_response_json['data'].map { |u| u['id'] }
expect(ids).to include(bar_user.id)
expect(ids).not_to include(foo_user.id)
end
it 'disallows using a user’s token on incorrect domain' do
get '/api/hippo/user.json', {}, {
'HTTP_AUTHORIZATION' => foo_user.jwt_token,
'SERVER_NAME' => "#{bar.slug}.example.ua" }
expect(last_response).to_not be_ok
expect(last_response.status).to eq 401
end
end
Version data entries
4 entries across 4 versions & 1 rubygems