move token_authentication_concern under reporting_api namespace

Alistair Davidson · Alistair Davidson · commit 98639b0372dc · 2025-08-13T12:25:48.000+01:00
diff --git a/app/controllers/concerns/reporting_api/token_authentication_concern.rb b/app/controllers/concerns/reporting_api/token_authentication_concern.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-module TokenAuthenticationConcern
+module ReportingAPI::TokenAuthenticationConcern
   extend ActiveSupport::Concern
 
   included do
@@ -36,9 +36,11 @@ def authenticate_user_by_jwt!
         data = jwt_info.first["data"]
         @current_user =
           User.find_by(
-            data
-              .fetch("user", {})
-              .slice("id", "session_token", "reporting_api_session_token")
+            data.fetch("user", {}).slice(
+              "id",
+              "session_token",
+              "reporting_api_session_token"
+            )
           )
         if @current_user
           session["user"] = data["user"]
diff --git a/spec/controllers/concerns/reporting_api/token_authentication_concern_spec.rb b/spec/controllers/concerns/reporting_api/token_authentication_concern_spec.rb
@@ -1,12 +1,12 @@
 # frozen_string_literal: true
 
-describe TokenAuthenticationConcern do
+describe ReportingAPI::TokenAuthenticationConcern do
   let(:user) { @user = build(:user) }
   let(:mock_request) { instance_double(request.class, headers: {}) }
   let(:an_object_which_includes_the_concern) do
     Class
       .new do # rubocop:disable Style/BlockDelimiters
-        include TokenAuthenticationConcern
+        include ReportingAPI::TokenAuthenticationConcern
         attr_accessor :request, :session
 
         def authenticate_user!
@@ -34,11 +34,15 @@ def current_user
   describe "#jwt_if_given" do
     context "when there is a jwt param" do
       before do
-        allow(an_object_which_includes_the_concern).to receive(:params).and_return({ jwt: "myjwt" })
+        allow(an_object_which_includes_the_concern).to receive(
+          :params
+        ).and_return({ jwt: "myjwt" })
       end
 
       it "returns the jwt param" do
-        expect(an_object_which_includes_the_concern.send(:jwt_if_given)).to eq("myjwt")
+        expect(an_object_which_includes_the_concern.send(:jwt_if_given)).to eq(
+          "myjwt"
+        )
       end
     end
 
@@ -62,7 +66,9 @@ def current_user
 
       context "and there is no Authorization header" do
         it "returns nil" do
-          expect(an_object_which_includes_the_concern.send(:jwt_if_given)).to be_nil
+          expect(
+            an_object_which_includes_the_concern.send(:jwt_if_given)
+          ).to be_nil
         end
       end
     end
@@ -76,24 +82,32 @@ def current_user
 
       context "and the client_id param is provided" do
         before do
-          allow(an_object_which_includes_the_concern).to receive(:params).and_return(
-            { client_id: client_id }.with_indifferent_access
-          )
+          allow(an_object_which_includes_the_concern).to receive(
+            :params
+          ).and_return({ client_id: client_id }.with_indifferent_access)
         end
 
         context "and the client_id param contains the reporting app's client_id" do
           let(:client_id) { Settings.reporting_api.client_app.client_id }
 
           it "does not cause a token error" do
-            expect(an_object_which_includes_the_concern).not_to receive(:client_id_error!)
-            an_object_which_includes_the_concern.send(:authenticate_app_by_client_id!)
+            expect(an_object_which_includes_the_concern).not_to receive(
+              :client_id_error!
+            )
+            an_object_which_includes_the_concern.send(
+              :authenticate_app_by_client_id!
+            )
           end
         end
 
         context "and the client_id param does not contain the reporting app client_id" do
           it "causes a token error" do
-            expect(an_object_which_includes_the_concern).to receive(:client_id_error!)
-            an_object_which_includes_the_concern.send(:authenticate_app_by_client_id!)
+            expect(an_object_which_includes_the_concern).to receive(
+              :client_id_error!
+            )
+            an_object_which_includes_the_concern.send(
+              :authenticate_app_by_client_id!
+            )
           end
         end
       end
@@ -169,14 +183,18 @@ def current_user
       end
 
       before do
-        allow(an_object_which_includes_the_concern).to receive(:decode_jwt!).with(jwt).and_return(
-          user_info
+        allow(an_object_which_includes_the_concern).to receive(
+          :decode_jwt!
+        ).with(jwt).and_return(user_info)
+        allow(an_object_which_includes_the_concern).to receive(
+          :authenticate_user!
         )
-        allow(an_object_which_includes_the_concern).to receive(:authenticate_user!)
       end
 
       it "decodes the JWT" do
-        expect(an_object_which_includes_the_concern).to receive(:decode_jwt!).with(jwt)
+        expect(an_object_which_includes_the_concern).to receive(
+          :decode_jwt!
+        ).with(jwt)
         an_object_which_includes_the_concern.send(:authenticate_user_by_jwt!)
       end
 
@@ -192,13 +210,15 @@ def current_user
 
         it "copies the cis2_info key into session['cis2_info']" do
           an_object_which_includes_the_concern.send(:authenticate_user_by_jwt!)
-          expect(an_object_which_includes_the_concern.session["cis2_info"]).to eq(
-            user_info.first["data"]["cis2_info"]
-          )
+          expect(
+            an_object_which_includes_the_concern.session["cis2_info"]
+          ).to eq(user_info.first["data"]["cis2_info"])
         end
 
         it "calls authenticate_user!" do
-          expect(an_object_which_includes_the_concern).to receive(:authenticate_user!)
+          expect(an_object_which_includes_the_concern).to receive(
+            :authenticate_user!
+          )
           an_object_which_includes_the_concern.send(:authenticate_user_by_jwt!)
         end
       end
@@ -223,15 +243,19 @@ def current_user
         end
 
         it "calls client_id_error!" do
-          expect(an_object_which_includes_the_concern).to receive(:client_id_error!)
+          expect(an_object_which_includes_the_concern).to receive(
+            :client_id_error!
+          )
           an_object_which_includes_the_concern.send(:authenticate_user_by_jwt!)
         end
       end
     end
 
     context "when a valid jwt is not given" do
       it "causes a client_id_error!" do
-        expect(an_object_which_includes_the_concern).to receive(:client_id_error!)
+        expect(an_object_which_includes_the_concern).to receive(
+          :client_id_error!
+        )
         an_object_which_includes_the_concern.send(:authenticate_user_by_jwt!)
       end
     end
@@ -265,17 +289,19 @@ def current_user
         end
 
         it "returns the decoded JWT" do
-          expect(an_object_which_includes_the_concern.send(:decode_jwt!, jwt)).to eq(decoded_jwt)
+          expect(
+            an_object_which_includes_the_concern.send(:decode_jwt!, jwt)
+          ).to eq(decoded_jwt)
         end
       end
 
       context "when decoding does not work" do
         it "raises an exception" do
-          expect { an_object_which_includes_the_concern.send(:decode_jwt!, jwt) }.to raise_error(
-            JWT::DecodeError
-          )
+          expect {
+            an_object_which_includes_the_concern.send(:decode_jwt!, jwt)
+          }.to raise_error(JWT::DecodeError)
         end
       end
     end
   end
-end
+end
