From 78f79c4c343744ec54a2b4783bfacb4955246784 Mon Sep 17 00:00:00 2001
From: Thibault Jouan <tj@a13.fr>
Date: Wed, 6 May 2015 02:31:53 +0000
Subject: [PATCH 1/3] Add API authenticated ping resource

---
 app/controllers/api/application_controller.rb | 13 ++++++++++++-
 config/routes.rb                              |  1 +
 spec/integration/api/application_spec.rb      | 16 ++++++++++++++++
 3 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/app/controllers/api/application_controller.rb b/app/controllers/api/application_controller.rb
index aa14369..a4632d8 100644
--- a/app/controllers/api/application_controller.rb
+++ b/app/controllers/api/application_controller.rb
@@ -29,7 +29,11 @@ module API
     end
 
     def ping
-      render json: { pong: true }
+      ping_response
+    end
+
+    def ping_auth
+      ping_response
     end
 
     def authenticate!
@@ -43,5 +47,12 @@ module API
         head :not_acceptable, content_type: 'application/json'
       end
     end
+
+
+    private
+
+    def ping_response
+      render json: { pong: true }
+    end
   end
 end
diff --git a/config/routes.rb b/config/routes.rb
index 864093d..c098212 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -3,6 +3,7 @@ Rails.application.routes.draw do
 
   namespace :api do
     get '/ping', to: 'application#ping'
+    get '/ping/auth', to: 'application#ping_auth'
     match '*all', to: 'application#cor_preflight', via: :options
     resources :playlists, only: %i[index show create update destroy]
     resources :sessions, only: :create
diff --git a/spec/integration/api/application_spec.rb b/spec/integration/api/application_spec.rb
index 5db1d4f..3c7a4b3 100644
--- a/spec/integration/api/application_spec.rb
+++ b/spec/integration/api/application_spec.rb
@@ -7,6 +7,22 @@ describe 'API application' do
     end
   end
 
+  describe 'authenticated ping endpoint' do
+    before { get api_ping_auth_path, format: :json }
+
+    it 'requests authentication' do
+      expect(response).to have_http_status 401
+    end
+
+    context 'when session is authenticated' do
+      subject { response }
+
+      before { api_sign_in }
+
+      it { is_expected.to have_http_status 200 }
+    end
+  end
+
   describe 'formats handling' do
     before { api_sign_in }
 

From 0f1f7106b2bbd55ff599daf6d46fef6ff0047ad0 Mon Sep 17 00:00:00 2001
From: Thibault Jouan <tj@a13.fr>
Date: Wed, 6 May 2015 03:12:58 +0000
Subject: [PATCH 2/3] Implement Key.authenticate

---
 app/models/key.rb       |  6 ++++++
 spec/models/key_spec.rb | 16 ++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/app/models/key.rb b/app/models/key.rb
index 80ffe5f..76da4dd 100644
--- a/app/models/key.rb
+++ b/app/models/key.rb
@@ -4,4 +4,10 @@ class Key < ActiveRecord::Base
   has_secure_token :token
 
   validates :name, presence: true
+
+  class << self
+    def authenticate token
+      find_by_token token
+    end
+  end
 end
diff --git a/spec/models/key_spec.rb b/spec/models/key_spec.rb
index 0f0cfbf..05775e7 100644
--- a/spec/models/key_spec.rb
+++ b/spec/models/key_spec.rb
@@ -9,4 +9,20 @@ describe Key do
     key.save
     expect(key.token).to match /\A[\w\d]{24,}\z/
   end
+
+  describe '.authenticate' do
+    context 'when given token belong to existing key' do
+      before { key.save }
+
+      it 'returns the key' do
+        expect(described_class.authenticate key.token).to eq key
+      end
+    end
+
+    context 'when given token is unknown' do
+      it 'returns nil' do
+        expect(described_class.authenticate key.token).to be nil
+      end
+    end
+  end
 end

From ba3c0380d0141b92f89512e022318ad129b17245 Mon Sep 17 00:00:00 2001
From: Thibault Jouan <tj@a13.fr>
Date: Wed, 6 May 2015 03:14:11 +0000
Subject: [PATCH 3/3] Accept API authentication with keys token

---
 app/controllers/api/application_controller.rb |  3 +++
 spec/integration/api/application_spec.rb      | 17 ++++++++++++++---
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/app/controllers/api/application_controller.rb b/app/controllers/api/application_controller.rb
index a4632d8..9c82c96 100644
--- a/app/controllers/api/application_controller.rb
+++ b/app/controllers/api/application_controller.rb
@@ -37,6 +37,9 @@ module API
     end
 
     def authenticate!
+      if key = authenticate_with_http_token { |t| Key.authenticate(t) }
+        self.current_user = key.user
+      end
       head :unauthorized if current_user.nil?
     end
 
diff --git a/spec/integration/api/application_spec.rb b/spec/integration/api/application_spec.rb
index 3c7a4b3..a6ad821 100644
--- a/spec/integration/api/application_spec.rb
+++ b/spec/integration/api/application_spec.rb
@@ -8,19 +8,30 @@ describe 'API application' do
   end
 
   describe 'authenticated ping endpoint' do
-    before { get api_ping_auth_path, format: :json }
+    let(:headers) { {} }
+    subject       { response }
+
+    before { get api_ping_auth_path, { format: :json }, headers }
 
     it 'requests authentication' do
       expect(response).to have_http_status 401
     end
 
     context 'when session is authenticated' do
-      subject { response }
-
       before { api_sign_in }
 
       it { is_expected.to have_http_status 200 }
     end
+
+    context 'when requests has a valid authentication token' do
+      let(:key)     { create :key }
+      let(:headers) do {
+        'HTTP_AUTHORIZATION' => ActionController::HttpAuthentication::Token
+          .encode_credentials(key.token)
+      } end
+
+      it { is_expected.to have_http_status 200 }
+    end
   end
 
   describe 'formats handling' do