Merge bf17d0a into 48f4c32

JonathanPorta · Jan 12, 2015 · 0943b81 · 0943b81
2 parents 48f4c32 + bf17d0a
commit 0943b81
Show file tree

Hide file tree

Showing 14 changed files with 88 additions and 10 deletions.
diff --git a/Gemfile b/Gemfile
@@ -21,6 +21,7 @@ gem 'omniauth-facebook-access-token','0.1.6'
 gem 'koala'
 gem 'apns'
 gem 'librato-rails'
+gem 'bcrypt-ruby', require: 'bcrypt'
 
 gem 'draper', '1.3.1'
 gem 'verbs', '2.1.4'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -37,6 +37,9 @@ GEM
     ast (2.0.0)
     astrolabe (1.3.0)
       parser (>= 2.2.0.pre.3, < 3.0)
+    bcrypt (3.1.9)
+    bcrypt-ruby (3.1.5)
+      bcrypt (>= 3.1.3)
     better_errors (2.0.0)
       coderay (>= 1.0.0)
       erubis (>= 2.6.6)
@@ -349,6 +352,7 @@ PLATFORMS
 DEPENDENCIES
   annotate
   apns
+  bcrypt-ruby
   better_errors
   binding_of_caller
   capybara

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -5,16 +5,22 @@ class ApplicationController < ActionController::Base
 
   private
 
-  def current_user
-    # logger.debug request.headers.inspect
+  def access_token
     logger.debug request.headers['HTTP_ACCESS_TOKEN']
-    # logger.debug request.headers['access_token']
+    request.headers['HTTP_ACCESS_TOKEN']
+  end
+
+  def api_version
+    request.headers['HTTP_API_VERSION']
+  end
+
+  def current_user
     if session[:user_id]
       logger.warn 'Getting user because the session had a user_id.'
       @current_user ||= User.find(session[:user_id]) if session[:user_id]
-    elsif request.headers['HTTP_ACCESS_TOKEN']
+    elsif access_token
       logger.warn 'Getting user because request had an access token.'
-      @urrent_user ||= User.find_by_access_token request.headers['HTTP_ACCESS_TOKEN']
+      @current_user ||= User.find_by_access_token access_token
     end
 
   rescue ActiveRecord::RecordNotFound => e
@@ -23,5 +29,14 @@ def current_user
     redirect_to '/logout'
   end
 
+  def require_authentication
+    unauthorized unless current_user
+  end
+
+  def unauthorized
+    render nothing: true, status: 401
+  end
+
   helper_method :current_user
+  before_action :require_authentication
 end
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
@@ -1,4 +1,6 @@
 class SessionsController < ApplicationController
+  skip_before_action :require_authentication, only: [:create]
+
   def create
     logger.debug env['omniauth.auth']
     user = User.from_omniauth env['omniauth.auth']

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
@@ -1,10 +1,27 @@
 class UsersController < ApplicationController
   before_action :set_user, only: []
+  skip_before_action :require_authentication, only: [:create]
+
+  # POST /users.json
+  def create
+    @user = User.new user_params
+
+    if @user.save
+      render :show, status: :created, location: @user
+    else
+      render json: @user.errors, status: :unprocessable_entity
+    end
+  end
 
   private
 
   # Use callbacks to share common setup or constraints between actions.
   def set_user
     @user = User.find(params[:id])
   end
+
+  # Never trust parameters from the scary internet, only allow the white list through.
+  def user_params
+    params.require(:user).permit(:email, :first_name, :last_name, :password)
+  end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -11,8 +11,11 @@ class User < ActiveRecord::Base
 
   has_many :auth_providers
 
-  validates :email, :first_name, :last_name, presence: true
   validates :id, absence: true, on: :create
+  validates :email, :first_name, :last_name, presence: true
+  validates :email, uniqueness: true
+
+  has_secure_password validations: false
 
   after_save do
     Librato.measure 'users.count', User.count, sporadic: true
@@ -43,6 +46,10 @@ def self.from_omniauth(auth)
     user
   end
 
+  def self.authenticate(email, password)
+    User.find_by(email: email).try :authenticate, password
+  end
+
   def self.from_facebook(user_hash)
     facebook_auth_provider = AuthProvider.where(provider: 'facebook', uid: user_hash['id']).first
     facebook_auth_provider.user if facebook_auth_provider

diff --git a/app/views/users/show.json.jbuilder b/app/views/users/show.json.jbuilder
@@ -0,0 +1,2 @@
+user = @user.decorate
+json.extract! user, :id, :email, :first_name, :last_name
diff --git a/config/routes.rb b/config/routes.rb
@@ -19,13 +19,14 @@
 
   # You can have the root of your site routed with "root"
   root 'sessions#show', format: 'json'
+  get 'me', to: 'sessions#show', format: 'json'
+  get 'user' => 'sessions#show', format: 'json'
+  post 'users' => 'users#create', format: 'json'
 
   match 'auth/:provider/callback', to: 'sessions#create', via: [:get, :post]
   match 'auth/failure', to: redirect('/'), via: [:get, :post]
   match 'logout', to: 'sessions#destroy', as: 'logout', via: [:get, :post]
 
-  get 'user' => 'sessions#show', format: 'json'
-
   get 'messages', to: redirect('activities')
   get 'messages/sent' => 'messages#sent'
   get 'messages/received' => 'messages#received'

diff --git a/db/migrate/20150112014931_add_password_to_user.rb b/db/migrate/20150112014931_add_password_to_user.rb
@@ -0,0 +1,6 @@
+class AddPasswordToUser < ActiveRecord::Migration
+  def change
+    add_column :users, :password_digest, :string
+    add_index :users, :email, unique: true
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20141206021950) do
+ActiveRecord::Schema.define(version: 20150112014931) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -77,6 +77,9 @@
     t.string   "birthday"
     t.datetime "created_at"
     t.datetime "updated_at"
+    t.string   "password_digest"
   end
 
+  add_index "users", ["email"], name: "index_users_on_email", unique: true, using: :btree
+
 end
diff --git a/spec/controllers/auth_providers_controller_spec.rb b/spec/controllers/auth_providers_controller_spec.rb
@@ -20,6 +20,10 @@
 
 RSpec.describe AuthProvidersController, type: :controller do
 
+  before :each do
+    @user = FactoryGirl.create :user
+  end
+
   # This should return the minimal set of attributes required to create a valid
   # AuthProvider. As you add validations to AuthProvider, be sure to
   # adjust the attributes here as well.
@@ -30,7 +34,7 @@
   # This should return the minimal set of values that should be in the session
   # in order to pass any filters (e.g. authentication) defined in
   # AuthProvidersController. Be sure to keep this updated too.
-  let(:valid_session) { {} }
+  let(:valid_session) { { user_id: @user.id } }
 
   describe 'GET index' do
     it 'assigns all auth_providers as @auth_providers' do

diff --git a/spec/factories/users.rb b/spec/factories/users.rb
@@ -6,6 +6,7 @@
     first_name { Faker::Name.first_name }
     last_name { Faker::Name.last_name }
     birthday { Faker::Business.credit_card_expiry_date }
+    password 'password'
 
     factory :user_with_facebook_auth do
       after(:create) do |user|

diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
@@ -77,4 +77,17 @@
       expect(@user.friends.first).to eq(@friend)
     end
   end
+
+  describe 'User authentication' do
+    before :each do
+      @user = FactoryGirl.create :user
+      @email = @user.email
+      @password = @user.password
+    end
+
+    it 'Should authenticate a user and return a model' do
+      user = User.authenticate @email, @password
+      expect(user).to eq(@user)
+    end
+  end
 end
diff --git a/spec/requests/auth_providers_spec.rb b/spec/requests/auth_providers_spec.rb
@@ -3,6 +3,8 @@
 RSpec.describe 'AuthProviders', type: :request do
   describe 'GET /auth_providers' do
     it 'works! (now write some real specs)' do
+      login_with_oauth
+
       get auth_providers_path
       expect(response.status).to be(200)
     end