diff --git a/app/controllers/api/application_controller.rb b/app/controllers/api/application_controller.rb index 2f639c1..18cda2d 100644 --- a/app/controllers/api/application_controller.rb +++ b/app/controllers/api/application_controller.rb @@ -1,4 +1,7 @@ class Api::ApplicationController < ApplicationController + skip_before_filter :verify_authenticity_token + skip_before_filter :authenticate!, :only => [:cor_preflight] + before_filter :cor_filter def cor_filter @@ -12,4 +15,8 @@ class Api::ApplicationController < ApplicationController head :ok end + + def authenticate! + head :unauthorized if current_user.nil? + end end diff --git a/app/controllers/api/v0/sessions_controller.rb b/app/controllers/api/v0/sessions_controller.rb new file mode 100644 index 0000000..8918122 --- /dev/null +++ b/app/controllers/api/v0/sessions_controller.rb @@ -0,0 +1,14 @@ +class Api::V0::SessionsController < Api::ApplicationController + skip_before_filter :authenticate!, :only => [:create] + + def create + user = User.find_by_email(params[:session][:email]) + + if ! user.try(:authenticate?, params[:session][:password]) + return render :json => '', :status => :not_found + end + + @user = user + self.current_user = @user + end +end diff --git a/app/views/api/v0/sessions/create.rabl b/app/views/api/v0/sessions/create.rabl new file mode 100644 index 0000000..d61dacb --- /dev/null +++ b/app/views/api/v0/sessions/create.rabl @@ -0,0 +1,3 @@ +object @user + +attribute :id diff --git a/config/routes.rb b/config/routes.rb index 1b9add3..80c6ccc 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -2,6 +2,7 @@ Scube::Application.routes.draw do namespace :api do namespace :v0 do resources :playlists, :only => [:index] + resources :sessions, :only => [:create] end match '*all' => 'application#cor_preflight', :via => :options diff --git a/spec/controllers/api/v0/sessions_controller_spec.rb b/spec/controllers/api/v0/sessions_controller_spec.rb new file mode 100644 index 0000000..7bbca43 --- /dev/null +++ b/spec/controllers/api/v0/sessions_controller_spec.rb @@ -0,0 +1,49 @@ +require 'spec_helper' + +describe Api::V0::SessionsController do + describe 'POST create' do + let(:user) { Factory.create(:user) } + + def do_create + post :create, :format => :json, :session => { + :email => user.email, + :password => user.password + } + end + + context 'with valid credentials' do + before do + do_create + end + + it 'signs the user in' do + controller.current_user.should == user + end + + it 'assigns the user' do + assigns[:user].should == user + end + end + + [:email, :password].each do |attr| + context "with invalid credentials (#{attr})" do + before do + user.stub(attr => user.send(attr) + '_INVALID') + do_create + end + + it 'returns a not found response' do + response.should be_not_found + end + + it 'returns an empty body' do + response.body.should be_empty + end + + it 'assigns no user' do + assigns[:user].should be_nil + end + end + end + end +end diff --git a/spec/integration/api/v0/api_sign_in_spec.rb b/spec/integration/api/v0/api_sign_in_spec.rb new file mode 100644 index 0000000..b8bcadb --- /dev/null +++ b/spec/integration/api/v0/api_sign_in_spec.rb @@ -0,0 +1,29 @@ +require 'spec_helper' + +feature 'API sign in' do + let(:user) { Factory.create(:user) } + + def do_create + post api_v0_sessions_path, :format => :json, :session => { + :email => user.email, + :password => user.password + } + end + + scenario 'signs the user in with valid credentials' do + do_create + + response.should be_success + (JSON response.body).should include 'id' + end + + [:email, :password].each do |attr| + scenario "rejects authentication with invalid credentials (#{attr})" do + user.stub(attr => user.send(attr) + '_INVALID') + do_create + + response.should be_not_found + response.body.should be_empty + end + end +end