Implement sessions/create in JSON API

2012-02-26 11:16:52 +00:00 · 2012-02-26 11:16:52 +00:00 · 5dfafdcc46
commit 5dfafdcc46
parent 499b06c9e5
6 changed files with 103 additions and 0 deletions
--- a/app/controllers/api/application_controller.rb
+++ b/app/controllers/api/application_controller.rb
@ -1,4 +1,7 @@
 class Api::ApplicationController < ApplicationController
+  skip_before_filter :verify_authenticity_token
+  skip_before_filter :authenticate!, :only => [:cor_preflight]
+
  before_filter :cor_filter

  def cor_filter
@ -12,4 +15,8 @@ class Api::ApplicationController < ApplicationController

    head :ok
  end
+
+  def authenticate!
+    head :unauthorized if current_user.nil?
+  end
 end
--- a/app/controllers/api/v0/sessions_controller.rb
+++ b/app/controllers/api/v0/sessions_controller.rb
@ -0,0 +1,14 @@
+class Api::V0::SessionsController < Api::ApplicationController
+  skip_before_filter :authenticate!, :only => [:create]
+
+  def create
+    user = User.find_by_email(params[:session][:email])
+
+    if ! user.try(:authenticate?, params[:session][:password])
+      return render :json => '', :status => :not_found
+    end
+
+    @user = user
+    self.current_user = @user
+  end
+end
--- a/app/views/api/v0/sessions/create.rabl
+++ b/app/views/api/v0/sessions/create.rabl
@ -0,0 +1,3 @@
+object @user
+
+attribute :id
--- a/config/routes.rb
+++ b/config/routes.rb
@ -2,6 +2,7 @@ Scube::Application.routes.draw do
  namespace :api do
    namespace :v0 do
      resources :playlists, :only => [:index]
+      resources :sessions, :only => [:create]
    end

    match '*all' => 'application#cor_preflight', :via => :options
--- a/spec/controllers/api/v0/sessions_controller_spec.rb
+++ b/spec/controllers/api/v0/sessions_controller_spec.rb
@ -0,0 +1,49 @@
+require 'spec_helper'
+
+describe Api::V0::SessionsController do
+  describe 'POST create' do
+    let(:user) { Factory.create(:user) }
+
+    def do_create
+      post :create, :format => :json, :session => {
+        :email    => user.email,
+        :password => user.password
+      }
+    end
+
+    context 'with valid credentials' do
+      before do
+        do_create
+      end
+
+      it 'signs the user in' do
+        controller.current_user.should == user
+      end
+
+      it 'assigns the user' do
+        assigns[:user].should == user
+      end
+    end
+
+    [:email, :password].each do |attr|
+      context "with invalid credentials (#{attr})" do
+        before do
+          user.stub(attr => user.send(attr) + '_INVALID')
+          do_create
+        end
+
+        it 'returns a not found response' do
+          response.should be_not_found
+        end
+
+        it 'returns an empty body' do
+          response.body.should be_empty
+        end
+
+        it 'assigns no user' do
+          assigns[:user].should be_nil
+        end
+      end
+    end
+  end
+end
--- a/spec/integration/api/v0/api_sign_in_spec.rb
+++ b/spec/integration/api/v0/api_sign_in_spec.rb
@ -0,0 +1,29 @@
+require 'spec_helper'
+
+feature 'API sign in' do
+  let(:user)  { Factory.create(:user) }
+
+  def do_create
+    post api_v0_sessions_path, :format => :json, :session => {
+      :email    => user.email,
+      :password => user.password
+    }
+  end
+
+  scenario 'signs the user in with valid credentials' do
+    do_create
+
+    response.should be_success
+    (JSON response.body).should include 'id'
+  end
+
+  [:email, :password].each do |attr|
+    scenario "rejects authentication with invalid credentials (#{attr})" do
+      user.stub(attr => user.send(attr) + '_INVALID')
+      do_create
+
+      response.should be_not_found
+      response.body.should be_empty
+    end
+  end
+end