Adjusted Otu API spec + fixed bug in API controller intercept

app/controllers/concerns/api/intercept.rb

@@ -23,10 +23,13 @@ module Intercept
     #   If authentication is requried, as defined in the routes, 
     #   then it must pass here.
     def intercept_api
-      intercept_user if params[:authenticate_user]
-      intercept_project if params[:authenticate_project]
-      set_project_from_params if params[:project_id]
       @api_request = true
+
+      res = intercept_user if params[:authenticate_user]
+      res = intercept_project if res && params[:authenticate_project]
+      res = set_project_from_params if res && params[:project_id]
+
+      res
     end
 
   end

spec/requests/api/v1/rest/otus_spec.rb

@@ -20,14 +20,15 @@
       it_behaves_like 'unauthorized response'
     end
 
-    context 'with a valid user token and project_id' do
+    # project token-only for now
+    xcontext 'with a valid user token and project_id' do
       before { get path, headers: headers, params: { project_id: otu.project_id } } 
       it_behaves_like 'a successful response'
     end
 
     context 'with a valid user token and valid project token (project set by proxy)' do
       before { otu.project.update(set_new_api_access_token: true) }
-      before { get path, headers: headers, params: { project_id: otu.project.api_access_token } } 
+      before { get path, headers: headers, params: { project_token: otu.project.api_access_token } }
       it_behaves_like 'a successful response'
     end