scube/scube-server
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'accept-api-auth_token'

Browse Source
This commit is contained in:
Thibault Jouan 2015-05-06 03:16:10 +00:00
commit 58a0bf4953
5 changed files with 65 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
app/controllers/api/application_controller.rb
View File

@ -29,10 +29,17 @@ module API
end end
def ping def ping
render json: { pong: true } ping_response
end
def ping_auth
ping_response
end end
def authenticate! def authenticate!
if key = authenticate_with_http_token { |t| Key.authenticate(t) }
self.current_user = key.user
end
head :unauthorized if current_user.nil? head :unauthorized if current_user.nil?
end end
@ -43,5 +50,12 @@ module API
head :not_acceptable, content_type: 'application/json' head :not_acceptable, content_type: 'application/json'
end end
end end
private
def ping_response
render json: { pong: true }
end
end end
end end

6
app/models/key.rb
View File

@ -4,4 +4,10 @@ class Key < ActiveRecord::Base
has_secure_token :token has_secure_token :token
validates :name, presence: true validates :name, presence: true
class << self
def authenticate token
find_by_token token
end
end
end end

1
config/routes.rb
View File

@ -3,6 +3,7 @@ Rails.application.routes.draw do
namespace :api do namespace :api do
get '/ping', to: 'application#ping' get '/ping', to: 'application#ping'
get '/ping/auth', to: 'application#ping_auth'
match '*all', to: 'application#cor_preflight', via: :options match '*all', to: 'application#cor_preflight', via: :options
resources :playlists, only: %i[index show create update destroy] resources :playlists, only: %i[index show create update destroy]
resources :sessions, only: :create resources :sessions, only: :create

27
spec/integration/api/application_spec.rb
View File

@ -7,6 +7,33 @@ describe 'API application' do
end end
end end
describe 'authenticated ping endpoint' do
let(:headers) { {} }
subject { response }
before { get api_ping_auth_path, { format: :json }, headers }
it 'requests authentication' do
expect(response).to have_http_status 401
end
context 'when session is authenticated' do
before { api_sign_in }
it { is_expected.to have_http_status 200 }
end
context 'when requests has a valid authentication token' do
let(:key) { create :key }
let(:headers) do {
'HTTP_AUTHORIZATION' => ActionController::HttpAuthentication::Token
.encode_credentials(key.token)
} end
it { is_expected.to have_http_status 200 }
end
end
describe 'formats handling' do describe 'formats handling' do
before { api_sign_in } before { api_sign_in }

16
spec/models/key_spec.rb
View File

@ -9,4 +9,20 @@ describe Key do
key.save key.save
expect(key.token).to match /\A[\w\d]{24,}\z/ expect(key.token).to match /\A[\w\d]{24,}\z/
end end
describe '.authenticate' do
context 'when given token belong to existing key' do
before { key.save }
it 'returns the key' do
expect(described_class.authenticate key.token).to eq key
end
end
context 'when given token is unknown' do
it 'returns nil' do
expect(described_class.authenticate key.token).to be nil
end
end
end
end end