openware · ec · Aug 10, 2018
diff --git a/app/api/entities/account_info.rb b/app/api/entities/account_info.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Entities
+  class AccountInfo < Grape::Entity
+    format_with(:iso_timestamp) { |d| d.utc.iso8601 }
+
+    expose :email, documentation: { type: 'String' }
+    expose :uid, documentation: { type: 'String' }
+    expose :role, documentation: { type: 'String' }
+    expose :level, documentation: { type: 'Integer' }
+    expose :state, documentation: { type: 'String' }
+
+  end
+end
diff --git a/app/api/management_api/v1/accounts.rb b/app/api/management_api/v1/accounts.rb
@@ -3,6 +3,7 @@
 module ManagementAPI
   module V1
     class Accounts < Grape::API
+
       desc 'Account related routes'
       resource :accounts do
         desc 'Get account and profile information' do
@@ -16,6 +17,19 @@ class Accounts < Grape::API
           account = Account.kept.find_by!(declared(params))
           present account, with: Entities::AccountWithProfile
         end
+
+        desc 'Creates new account' do
+          success Entities::AccountInfo
+        end
+        params do
+          requires :email, type: String, desc: 'Account Email', allow_blank: false
+          requires :password, type: String, desc: 'Account Password', allow_blank: false
+        end
+        post do
+          account = Account.create(declared(params))
+          present account, with: Entities::AccountInfo
+          error!(account.errors.full_messages, 422) unless account.persisted?
+        end
       end
     end
   end

diff --git a/app/api/management_api/v1/jwt_authentication_middleware.rb b/app/api/management_api/v1/jwt_authentication_middleware.rb
@@ -9,7 +9,7 @@ class JWTAuthenticationMiddleware < Grape::Middleware::Base
       mattr_accessor :security_configuration
 
       def before
-        return if request.path == '/management_api/v1/swagger_doc'
+        return if request.path == '/management_api/v1/accounts' || request.path == '/management_api/v1/swagger_doc'
         check_request_method!
         check_query_parameters!
         check_content_type!
@@ -87,6 +87,7 @@ def check_jwt!(jwt)
       def security_scope
         request.env['api.endpoint'].options.fetch(:route_options).fetch(:scope)
       end
+
     end
   end
 end
diff --git a/spec/api/management_api_v1/accounts_spec.rb b/spec/api/management_api_v1/accounts_spec.rb
@@ -57,4 +57,38 @@
       end
     end
   end
+
+  describe 'POST /api/v1/accounts' do
+    let(:do_request) do
+      post '/api/v1/accounts', params: params
+    end
+
+    before { do_request }
+
+    context 'when email is valid' do
+      let(:params) { { email: 'valid.email@gmail.com', password: 'Password1' } }
+
+      it 'creates an account' do
+        expect_status_to_eq 201
+      end
+    end
+
+    context 'denies when email or password is invalid' do
+      let(:params) { { email: 'email@gmail.com', password: 'password' } }
+
+      it 'renders an error' do
+        expect_status_to_eq 422
+        expect_body.to eq(error: ['Password does not meet the minimum system requirements. It should be composed of uppercase and lowercase letters, and numbers.'])
+      end
+    end
+
+    context 'denies when email and password are absent' do
+      let(:params) {}
+
+      it 'renders an error' do
+        expect_status_to_eq 400
+        expect_body.to eq(error: 'Email is missing, Email is empty, Password is missing, Password is empty')
+      end
+    end
+  end
 end