Accept API authentication with keys token

2015-05-06 03:14:11 +00:00 · 2015-05-06 03:14:11 +00:00 · ba3c0380d0
commit ba3c0380d0
parent 0f1f7106b2
2 changed files with 17 additions and 3 deletions
--- a/app/controllers/api/application_controller.rb
+++ b/app/controllers/api/application_controller.rb
@ -37,6 +37,9 @@ module API
    end

    def authenticate!
+      if key = authenticate_with_http_token { |t| Key.authenticate(t) }
+        self.current_user = key.user
+      end
      head :unauthorized if current_user.nil?
    end

--- a/spec/integration/api/application_spec.rb
+++ b/spec/integration/api/application_spec.rb
@ -8,19 +8,30 @@ describe 'API application' do
  end

  describe 'authenticated ping endpoint' do
-    before { get api_ping_auth_path, format: :json }
+    let(:headers) { {} }
+    subject       { response }
+
+    before { get api_ping_auth_path, { format: :json }, headers }

    it 'requests authentication' do
      expect(response).to have_http_status 401
    end

    context 'when session is authenticated' do
-      subject { response }
-
      before { api_sign_in }

      it { is_expected.to have_http_status 200 }
    end
+
+    context 'when requests has a valid authentication token' do
+      let(:key)     { create :key }
+      let(:headers) do {
+        'HTTP_AUTHORIZATION' => ActionController::HttpAuthentication::Token
+          .encode_credentials(key.token)
+      } end
+
+      it { is_expected.to have_http_status 200 }
+    end
  end

  describe 'formats handling' do