Users can access their items via API. Authentication via API token. No public access to items.

2026-04-22 10:32:42 +02:00
parent 6076654aa4
commit b077a1c81c
7 changed files with 143 additions and 1 deletions
--- a/test/generic_rest_server/accounts_test.exs
+++ b/test/generic_rest_server/accounts_test.exs
@ -394,4 +394,15 @@ defmodule GenericRestServer.AccountsTest do
      refute inspect(%User{password: "123456"}) =~ "password: \"123456\""
    end
  end
+
+  ## API
+
+  describe "create_user_api_token/1 and fetch_user_by_api_token/1" do
+    test "creates and fetches by token" do
+      user = user_fixture()
+      token = Accounts.create_user_api_token(user)
+      assert Accounts.fetch_user_by_api_token(token) == {:ok, user}
+      assert Accounts.fetch_user_by_api_token("invalid") == :error
+    end
+  end
 end