From ba3c0380d0141b92f89512e022318ad129b17245 Mon Sep 17 00:00:00 2001 From: Thibault Jouan Date: Wed, 6 May 2015 03:14:11 +0000 Subject: [PATCH] Accept API authentication with keys token --- app/controllers/api/application_controller.rb | 3 +++ spec/integration/api/application_spec.rb | 17 ++++++++++++++--- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/app/controllers/api/application_controller.rb b/app/controllers/api/application_controller.rb index a4632d8..9c82c96 100644 --- a/app/controllers/api/application_controller.rb +++ b/app/controllers/api/application_controller.rb @@ -37,6 +37,9 @@ module API end def authenticate! + if key = authenticate_with_http_token { |t| Key.authenticate(t) } + self.current_user = key.user + end head :unauthorized if current_user.nil? end diff --git a/spec/integration/api/application_spec.rb b/spec/integration/api/application_spec.rb index 3c7a4b3..a6ad821 100644 --- a/spec/integration/api/application_spec.rb +++ b/spec/integration/api/application_spec.rb @@ -8,19 +8,30 @@ describe 'API application' do end describe 'authenticated ping endpoint' do - before { get api_ping_auth_path, format: :json } + let(:headers) { {} } + subject { response } + + before { get api_ping_auth_path, { format: :json }, headers } it 'requests authentication' do expect(response).to have_http_status 401 end context 'when session is authenticated' do - subject { response } - before { api_sign_in } it { is_expected.to have_http_status 200 } end + + context 'when requests has a valid authentication token' do + let(:key) { create :key } + let(:headers) do { + 'HTTP_AUTHORIZATION' => ActionController::HttpAuthentication::Token + .encode_credentials(key.token) + } end + + it { is_expected.to have_http_status 200 } + end end describe 'formats handling' do