Implement sessions/create in JSON API

2012-02-26 11:16:52 +00:00 · 2012-02-26 11:16:52 +00:00 · 5dfafdcc46
commit 5dfafdcc46
parent 499b06c9e5
6 changed files with 103 additions and 0 deletions
--- a/app/controllers/api/application_controller.rb
+++ b/app/controllers/api/application_controller.rb
@ -1,4 +1,7 @@
 class Api::ApplicationController < ApplicationController
  skip_before_filter :verify_authenticity_token
  skip_before_filter :authenticate!, :only => [:cor_preflight]
  before_filter :cor_filter
  def cor_filter
@ -12,4 +15,8 @@ class Api::ApplicationController < ApplicationController
    head :ok
  end
  def authenticate!
    head :unauthorized if current_user.nil?
  end
 end
--- a/app/controllers/api/v0/sessions_controller.rb
+++ b/app/controllers/api/v0/sessions_controller.rb
@ -0,0 +1,14 @@
 class Api::V0::SessionsController < Api::ApplicationController
  skip_before_filter :authenticate!, :only => [:create]
  def create
    user = User.find_by_email(params[:session][:email])
    if ! user.try(:authenticate?, params[:session][:password])
      return render :json => '', :status => :not_found
    end
    @user = user
    self.current_user = @user
  end
 end
--- a/app/views/api/v0/sessions/create.rabl
+++ b/app/views/api/v0/sessions/create.rabl
@ -0,0 +1,3 @@
 object @user
 attribute :id
--- a/config/routes.rb
+++ b/config/routes.rb
@ -2,6 +2,7 @@ Scube::Application.routes.draw do
  namespace :api do
    namespace :v0 do
      resources :playlists, :only => [:index]
      resources :sessions, :only => [:create]
    end
    match '*all' => 'application#cor_preflight', :via => :options
--- a/spec/controllers/api/v0/sessions_controller_spec.rb
+++ b/spec/controllers/api/v0/sessions_controller_spec.rb
@ -0,0 +1,49 @@
 require 'spec_helper'
 describe Api::V0::SessionsController do
  describe 'POST create' do
    let(:user) { Factory.create(:user) }
    def do_create
      post :create, :format => :json, :session => {
        :email    => user.email,
        :password => user.password
      }
    end
    context 'with valid credentials' do
      before do
        do_create
      end
      it 'signs the user in' do
        controller.current_user.should == user
      end
      it 'assigns the user' do
        assigns[:user].should == user
      end
    end
    [:email, :password].each do |attr|
      context "with invalid credentials (#{attr})" do
        before do
          user.stub(attr => user.send(attr) + '_INVALID')
          do_create
        end
        it 'returns a not found response' do
          response.should be_not_found
        end
        it 'returns an empty body' do
          response.body.should be_empty
        end
        it 'assigns no user' do
          assigns[:user].should be_nil
        end
      end
    end
  end
 end
--- a/spec/integration/api/v0/api_sign_in_spec.rb
+++ b/spec/integration/api/v0/api_sign_in_spec.rb
@ -0,0 +1,29 @@
 require 'spec_helper'
 feature 'API sign in' do
  let(:user)  { Factory.create(:user) }
  def do_create
    post api_v0_sessions_path, :format => :json, :session => {
      :email    => user.email,
      :password => user.password
    }
  end
  scenario 'signs the user in with valid credentials' do
    do_create
    response.should be_success
    (JSON response.body).should include 'id'
  end
  [:email, :password].each do |attr|
    scenario "rejects authentication with invalid credentials (#{attr})" do
      user.stub(attr => user.send(attr) + '_INVALID')
      do_create
      response.should be_not_found
      response.body.should be_empty
    end
  end
 end