require 'spec_helper' describe 'api' do before do fake_key = SecureRandom.hex(32) SiteSetting.stubs(:api_key).returns(fake_key) end describe PostsController do let(:user) do Fabricate(:user) end let(:post) do Fabricate(:post) end # choosing an arbitrarily easy to mock trusted activity it 'allows users with api key to bookmark posts' do PostAction.expects(:act).with(user,post,PostActionType.types[:bookmark]).returns(true) put :bookmark, bookmarked: "true" ,post_id: post.id , api_key: SiteSetting.api_key, api_username: user.username end it 'disallows phonies to bookmark posts' do lambda do put :bookmark, bookmarked: "true" ,post_id: post.id , api_key: SecureRandom.hex(32), api_username: user.username end.should raise_error Discourse::NotLoggedIn end it 'disallows blank api' do SiteSetting.stubs(:api_key).returns("") lambda do put :bookmark, bookmarked: "true" ,post_id: post.id , api_key: "", api_username: user.username end.should raise_error Discourse::NotLoggedIn end end end