From f433d687f899a77d4c7d1a61c2fec7deca0f6d04 Mon Sep 17 00:00:00 2001
From: Daniel Baark <5101747+baarkerlounger@users.noreply.github.com>
Date: Wed, 13 Oct 2021 10:29:24 +0100
Subject: [PATCH] CLDC-531: Accept a basic create request with JSON params
 (#43)

* Accept a basic create request with JSON params and basic auth
---
 .github/workflows/pipeline.yml            |  4 ++
 app/controllers/case_logs_controller.rb   | 24 ++++++++-
 spec/requests/case_log_controller_spec.rb | 64 +++++++++++++++++++++++
 3 files changed, 90 insertions(+), 2 deletions(-)
 create mode 100644 spec/requests/case_log_controller_spec.rb

diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml
index c67b7ab1c..b8edd2252 100644
--- a/.github/workflows/pipeline.yml
+++ b/.github/workflows/pipeline.yml
@@ -97,8 +97,12 @@ jobs:
         CF_API_ENDPOINT: ${{ secrets.CF_API_ENDPOINT }}
         CF_SPACE: ${{ secrets.CF_SPACE }}
         CF_ORG: ${{ secrets.CF_ORG }}
+        API_USER: ${{ secrets.API_USER }}
+        API_KEY: ${{ secrets.API_KEY }}
+        APP_NAME: dluhc-core
       run: |
         cf7 api $CF_API_ENDPOINT
         cf7 auth
         cf7 target -o $CF_ORG -s $CF_SPACE
+        cf7 set-env $APP_NAME $API_USER $API_KEY
         cf7 push --strategy rolling
diff --git a/app/controllers/case_logs_controller.rb b/app/controllers/case_logs_controller.rb
index f039e2d56..311de1d7c 100644
--- a/app/controllers/case_logs_controller.rb
+++ b/app/controllers/case_logs_controller.rb
@@ -1,12 +1,18 @@
 class CaseLogsController < ApplicationController
+  skip_before_action :verify_authenticity_token, only: [:create], if: :json_request?
+  before_action :authenticate, only: [:create], if: :json_request?
+
   def index
     @submitted_case_logs = CaseLog.where(status: 1)
     @in_progress_case_logs = CaseLog.where(status: 0)
   end
 
   def create
-    @case_log = CaseLog.create!
-    redirect_to @case_log
+    @case_log = CaseLog.create!(create_params)
+    respond_to do |format|
+      format.html { redirect_to @case_log }
+      format.json { render json: @case_log }
+    end
   end
 
   # We don't have a dedicated non-editable show view
@@ -66,4 +72,18 @@ private
       result
     end
   end
+
+  def json_request?
+    request.format.json?
+  end
+
+  def authenticate
+    http_basic_authenticate_or_request_with name: ENV["API_USER"], password: ENV["API_KEY"]
+  end
+
+  def create_params
+    return {} unless params[:case_log]
+
+    params.require(:case_log).permit(CaseLog.new.attributes.keys)
+  end
 end
diff --git a/spec/requests/case_log_controller_spec.rb b/spec/requests/case_log_controller_spec.rb
new file mode 100644
index 000000000..54ba319bf
--- /dev/null
+++ b/spec/requests/case_log_controller_spec.rb
@@ -0,0 +1,64 @@
+require "rails_helper"
+
+RSpec.describe CaseLogsController, type: :request do
+  describe "POST #create" do
+    let(:tenant_code) { "T365" }
+    let(:tenant_age) { 35 }
+    let(:property_postcode) { "SE11 6TY" }
+    let(:api_username) { "test_user" }
+    let(:api_password) { "test_password" }
+    let(:basic_credentials) do
+      ActionController::HttpAuthentication::Basic
+                          .encode_credentials(api_username, api_password)
+    end
+
+    let(:headers) do
+      {
+        "Content-Type" => "application/json",
+        "Accept" => "application/json",
+        "Authorization" => basic_credentials,
+      }
+    end
+
+    let(:params) do
+      {
+        "tenant_code": tenant_code,
+        "tenant_age": tenant_age,
+        "property_postcode": property_postcode,
+      }
+    end
+
+    before do
+      allow(ENV).to receive(:[])
+      allow(ENV).to receive(:[]).with("API_USER").and_return(api_username)
+      allow(ENV).to receive(:[]).with("API_KEY").and_return(api_password)
+      post "/case_logs", headers: headers, params: params.to_json
+    end
+
+    it "returns http success" do
+      expect(response).to have_http_status(:success)
+    end
+
+    it "returns a serialized Case Log" do
+      json_response = JSON.parse(response.body)
+      expect(json_response.keys).to match_array(CaseLog.new.attributes.keys)
+    end
+
+    it "creates a case log with the values passed" do
+      json_response = JSON.parse(response.body)
+      expect(json_response["tenant_code"]).to eq(tenant_code)
+      expect(json_response["tenant_age"]).to eq(tenant_age)
+      expect(json_response["property_postcode"]).to eq(property_postcode)
+    end
+
+    context "request with invalid credentials" do
+      let(:basic_credentials) do
+        ActionController::HttpAuthentication::Basic.encode_credentials(api_username, "Oops")
+      end
+
+      it "returns 401" do
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+  end
+end