Permalink
Browse files

Authenticating resources with jwt token

  • Loading branch information...
RohitRox committed Jun 24, 2015
1 parent 548a126 commit a7714cf68f62e4b0342b155bc3308ca20fa2ae2b
Showing with 291 additions and 291 deletions.
  1. +1 −0 app/controllers/api/posts_controller.rb
  2. +2 −2 app/controllers/api/registrations_controller.rb
  3. +2 −0 app/controllers/api/sessions_controller.rb
  4. +1 −0 app/views/api/registrations/create.json.jbuilder
  5. +1 −0 app/views/api/sessions/create.json.jbuilder
  6. +17 −17 doc/api/index.json
  7. +4 −3 ...pi/posts/{create_a_new_post_with_invalid_title.json → create_a_new_post_with_invalid_params.json}
  8. +3 −2 doc/api/posts/create_a_new_post_with_valid_params.json
  9. +3 −2 doc/api/posts/delete_a_post.json
  10. +5 −5 doc/api/posts/get_posts.json
  11. +3 −2 doc/api/posts/update_a_new_post_with_invalid_params.json
  12. +3 −2 doc/api/posts/update_a_post_with_valid_params.json
  13. +14 −24 ...ers/signing_in_user_with_blank_params.json → protected_resource/request_with_authentic_user.json}
  14. +45 −0 doc/api/protected_resource/request_without_authentic_user.json
  15. +0 −56 doc/api/users/creating_a_new_user_with_blank_params.json
  16. +2 −2 doc/api/users/creating_a_new_user_with_invalid_params.json
  17. +5 −5 doc/api/users/creating_a_new_user_with_valid_params.json
  18. +0 −56 doc/api/users/signing_in_user_with_improper_params.json
  19. +3 −3 ...{signing_in_user_with_invalid_password.json → signing_in_user_with_invalid_user_or_password.json}
  20. +5 −5 doc/api/users/signing_in_user_with_valid_email_and_password.json
  21. +13 −0 lib/json_web_token.rb
  22. +26 −0 spec/acceptance/errors_features_spec.rb
  23. +7 −2 spec/acceptance/posts_feature_spec.rb
  24. +2 −33 spec/acceptance/users_feature_spec.rb
  25. +100 −68 spec/controllers/api/posts_controller_spec.rb
  26. +1 −0 spec/controllers/api/registrations_controller_spec.rb
  27. +1 −0 spec/controllers/api/sessions_controller_spec.rb
  28. +1 −1 spec/factories/users.rb
  29. +6 −1 spec/rails_helper.rb
  30. +8 −0 spec/support/controller_spec_helpers.rb
  31. +7 −0 spec/support/rspec_api_helpers.rb
@@ -1,4 +1,5 @@
class Api::PostsController < Api::BaseController
+ skip_before_filter :authenticate_user_from_token!, only: [:index, :show]
before_action :set_post, only: [:show, :update, :destroy]
def index
@@ -1,8 +1,8 @@
class Api::RegistrationsController < Api::BaseController
-
+ skip_before_filter :authenticate_user_from_token!
def create
@user = User.new(user_params)
- @user.save
+ @auth_token = jwt_token(@user) if @user.save
end
private
@@ -1,10 +1,12 @@
class Api::SessionsController < Api::BaseController
+ skip_before_filter :authenticate_user_from_token!
before_filter :ensure_params_exist
def create
@user = User.find_for_database_authentication(email: user_params[:email])
return invalid_login_attempt unless @user
return invalid_login_attempt unless @user.valid_password?(user_params[:password])
+ @auth_token = jwt_token(@user)
end
protected
@@ -6,6 +6,7 @@ if @user.errors.present?
else
json.data do
json.email @user.email
+ json.auth_token @auth_token
end
json.response do
json.code 201
@@ -1,5 +1,6 @@
json.data do
json.email @user.email
+ json.auth_token @auth_token
end
json.response do
json.code 200
View
@@ -4,8 +4,8 @@
"name": "Posts",
"examples": [
{
- "description": "Create a new post with invalid title",
- "link": "posts/create_a_new_post_with_invalid_title.json",
+ "description": "Create a new post with invalid params",
+ "link": "posts/create_a_new_post_with_invalid_params.json",
"groups": "all"
},
{
@@ -36,13 +36,23 @@
]
},
{
- "name": "Users",
+ "name": "Protected Resource",
"examples": [
{
- "description": "Creating a new user with blank params",
- "link": "users/creating_a_new_user_with_blank_params.json",
+ "description": "Request with authentic user",
+ "link": "protected_resource/request_with_authentic_user.json",
"groups": "all"
},
+ {
+ "description": "Request without authentic user",
+ "link": "protected_resource/request_without_authentic_user.json",
+ "groups": "all"
+ }
+ ]
+ },
+ {
+ "name": "Users",
+ "examples": [
{
"description": "Creating a new user with invalid params",
"link": "users/creating_a_new_user_with_invalid_params.json",
@@ -54,18 +64,8 @@
"groups": "all"
},
{
- "description": "Signing in user with blank params",
- "link": "users/signing_in_user_with_blank_params.json",
- "groups": "all"
- },
- {
- "description": "Signing in user with improper params",
- "link": "users/signing_in_user_with_improper_params.json",
- "groups": "all"
- },
- {
- "description": "Signing in user with invalid password",
- "link": "users/signing_in_user_with_invalid_password.json",
+ "description": "Signing in user with invalid user or password",
+ "link": "users/signing_in_user_with_invalid_user_or_password.json",
"groups": "all"
},
{
@@ -2,7 +2,7 @@
"resource": "Posts",
"http_method": "POST",
"route": "api/posts",
- "description": "Create a new post with invalid title",
+ "description": "Create a new post with invalid params",
"explanation": null,
"parameters": [
{
@@ -29,6 +29,7 @@
"request_headers": {
"Accept": "application/json",
"Content-Type": "application/json",
+ "Authorization": "AUTH-BASIC eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoidGVzdCt1c2VyQGV4YW1wbGUuY29tIiwiZXhwIjoxNDM1MTkzMDY4fQ.bCXvHxAVm_6wQXaywbXNr3MNGwgtFUXx-3P5OYyioxo",
"Host": "example.org",
"Cookie": ""
},
@@ -45,8 +46,8 @@
"Content-Type": "application/json; charset=utf-8",
"ETag": "W/\"7c8ac7d7a81e80de2f74b51a33b85915\"",
"Cache-Control": "max-age=0, private, must-revalidate",
- "X-Request-Id": "05329767-e67c-4afa-897d-bf826a2b0aec",
- "X-Runtime": "0.035359",
+ "X-Request-Id": "eb85d7dd-a959-4017-8d27-27a09dbcbcdc",
+ "X-Runtime": "0.028772",
"Content-Length": "134"
},
"response_content_type": "application/json; charset=utf-8",
@@ -29,6 +29,7 @@
"request_headers": {
"Accept": "application/json",
"Content-Type": "application/json",
+ "Authorization": "AUTH-BASIC eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoidGVzdCt1c2VyQGV4YW1wbGUuY29tIiwiZXhwIjoxNDM1MTkzMDY4fQ.bCXvHxAVm_6wQXaywbXNr3MNGwgtFUXx-3P5OYyioxo",
"Host": "example.org",
"Cookie": ""
},
@@ -45,8 +46,8 @@
"Content-Type": "application/json; charset=utf-8",
"ETag": "W/\"691eec56b0faf743df98c78c11330d81\"",
"Cache-Control": "max-age=0, private, must-revalidate",
- "X-Request-Id": "91c7750f-905a-40c9-a6af-2a5d9dbdd3f1",
- "X-Runtime": "0.005697",
+ "X-Request-Id": "dacf735c-2fb8-4baf-9571-f8df063d2db2",
+ "X-Runtime": "0.008175",
"Content-Length": "154"
},
"response_content_type": "application/json; charset=utf-8",
@@ -18,6 +18,7 @@
"request_headers": {
"Accept": "application/json",
"Content-Type": "application/json",
+ "Authorization": "AUTH-BASIC eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoidGVzdCt1c2VyQGV4YW1wbGUuY29tIiwiZXhwIjoxNDM1MTkzMDY4fQ.bCXvHxAVm_6wQXaywbXNr3MNGwgtFUXx-3P5OYyioxo",
"Host": "example.org",
"Cookie": ""
},
@@ -34,8 +35,8 @@
"Content-Type": "application/json; charset=utf-8",
"ETag": "W/\"ac74fb0159d8224a1689d5eeeb10b55e\"",
"Cache-Control": "max-age=0, private, must-revalidate",
- "X-Request-Id": "be780fb8-8b3f-4000-8d12-d5bed9de8c18",
- "X-Runtime": "0.013113",
+ "X-Request-Id": "f5c9c75a-c7b6-4ef0-949b-63a91acd3c90",
+ "X-Runtime": "0.007474",
"Content-Length": "25"
},
"response_content_type": "application/json; charset=utf-8",
@@ -53,17 +53,17 @@
"request_content_type": "application/json",
"response_status": 200,
"response_status_text": "OK",
- "response_body": "{\"data\":[{\"id\":2,\"title\":\"Numquam pariatur ipsum magnam ut tempore mollitia sit iure.\",\"content\":\"Porro tempora sunt fugit culpa. Quibusdam expedita reiciendis blanditiis omnis voluptatum recusandae. Dolor sit nobis aliquam dolorem a est tenetur distinctio. Dicta vitae quos expedita corrupti est.\"},{\"id\":1,\"title\":\"Eveniet dolor nulla iure sunt enim aspernatur cumque.\",\"content\":\"Porro tempora sunt fugit culpa. Quibusdam expedita reiciendis blanditiis omnis voluptatum recusandae. Dolor sit nobis aliquam dolorem a est tenetur distinctio. Dicta vitae quos expedita corrupti est.\"}],\"meta\":{\"current_page\":1,\"next_page\":null,\"prev_page\":null,\"total_pages\":1,\"total_count\":2,\"sort\":\"created_at\",\"order\":\"desc\"}}",
+ "response_body": "{\"data\":[{\"id\":2,\"title\":\"Vel sit in molestias iste voluptas nam ad.\",\"content\":\"Facilis rem quia quas repudiandae non. Dignissimos dolores rerum aperiam inventore non doloremque laborum. Ex aut autem deserunt molestiae quae repellendus consequatur.\"},{\"id\":1,\"title\":\"Aliquid atque distinctio ab quaerat qui adipisci.\",\"content\":\"Facilis rem quia quas repudiandae non. Dignissimos dolores rerum aperiam inventore non doloremque laborum. Ex aut autem deserunt molestiae quae repellendus consequatur.\"}],\"meta\":{\"current_page\":1,\"next_page\":null,\"prev_page\":null,\"total_pages\":1,\"total_count\":2,\"sort\":\"created_at\",\"order\":\"desc\"}}",
"response_headers": {
"X-Frame-Options": "SAMEORIGIN",
"X-XSS-Protection": "1; mode=block",
"X-Content-Type-Options": "nosniff",
"Content-Type": "application/json; charset=utf-8",
- "ETag": "W/\"e06c92fdfc71ee4bea77a997f1e3a187\"",
+ "ETag": "W/\"3aceba322745a8bbc0e32f87304f7418\"",
"Cache-Control": "max-age=0, private, must-revalidate",
- "X-Request-Id": "e2425e8c-0f03-4ca2-aaf6-757c2c6ceb9f",
- "X-Runtime": "0.046905",
- "Content-Length": "713"
+ "X-Request-Id": "fbd2dfc1-5efc-485b-9277-9a5ec66cf5d8",
+ "X-Runtime": "0.014899",
+ "Content-Length": "630"
},
"response_content_type": "application/json; charset=utf-8",
"curl": null
@@ -29,6 +29,7 @@
"request_headers": {
"Accept": "application/json",
"Content-Type": "application/json",
+ "Authorization": "AUTH-BASIC eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoidGVzdCt1c2VyQGV4YW1wbGUuY29tIiwiZXhwIjoxNDM1MTkzMDY4fQ.bCXvHxAVm_6wQXaywbXNr3MNGwgtFUXx-3P5OYyioxo",
"Host": "example.org",
"Cookie": ""
},
@@ -45,8 +46,8 @@
"Content-Type": "application/json; charset=utf-8",
"ETag": "W/\"7c8ac7d7a81e80de2f74b51a33b85915\"",
"Cache-Control": "max-age=0, private, must-revalidate",
- "X-Request-Id": "badb442b-06ec-498a-a294-bea83deaceca",
- "X-Runtime": "0.023467",
+ "X-Request-Id": "10b8c13d-594f-430f-a38e-825040956d6f",
+ "X-Runtime": "0.022790",
"Content-Length": "134"
},
"response_content_type": "application/json; charset=utf-8",
@@ -29,6 +29,7 @@
"request_headers": {
"Accept": "application/json",
"Content-Type": "application/json",
+ "Authorization": "AUTH-BASIC eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoidGVzdCt1c2VyQGV4YW1wbGUuY29tIiwiZXhwIjoxNDM1MTkzMDY4fQ.bCXvHxAVm_6wQXaywbXNr3MNGwgtFUXx-3P5OYyioxo",
"Host": "example.org",
"Cookie": ""
},
@@ -45,8 +46,8 @@
"Content-Type": "application/json; charset=utf-8",
"ETag": "W/\"74967b4ccbef6294000347ef90ca027f\"",
"Cache-Control": "max-age=0, private, must-revalidate",
- "X-Request-Id": "9b93b605-a502-4ea5-9870-2d76072b66ca",
- "X-Runtime": "0.007030",
+ "X-Request-Id": "c834d8a0-5ac8-41dc-ab2c-d78cb969969c",
+ "X-Runtime": "0.010801",
"Content-Length": "158"
},
"response_content_type": "application/json; charset=utf-8",
@@ -1,34 +1,24 @@
{
- "resource": "Users",
- "http_method": "POST",
- "route": "/api/users/sign_in",
- "description": "Signing in user with blank params",
+ "resource": "Protected Resource",
+ "http_method": "DELETE",
+ "route": "api/posts/:id",
+ "description": "Request with authentic user",
"explanation": null,
"parameters": [
- {
- "required": true,
- "scope": "user",
- "name": "email",
- "description": "Email"
- },
- {
- "required": true,
- "scope": "user",
- "name": "password",
- "description": "Password"
- }
+
],
"response_fields": [
],
"requests": [
{
- "request_method": "POST",
- "request_path": "/api/users/sign_in",
- "request_body": "{\"user\":{\"email\":\"\",\"password\":\"\"}}",
+ "request_method": "DELETE",
+ "request_path": "api/posts/1",
+ "request_body": null,
"request_headers": {
"Accept": "application/json",
"Content-Type": "application/json",
+ "Authorization": "AUTH-BASIC eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoidGVzdCt1c2VyQGV4YW1wbGUuY29tIiwiZXhwIjoxNDM1MTkzMDY4fQ.bCXvHxAVm_6wQXaywbXNr3MNGwgtFUXx-3P5OYyioxo",
"Host": "example.org",
"Cookie": ""
},
@@ -37,17 +27,17 @@
"request_content_type": "application/json",
"response_status": 200,
"response_status_text": "OK",
- "response_body": "{\"errors\":{\"unauthenticated\":[\"Incomplete credentials\"]},\"response\":{\"code\":401}}",
+ "response_body": "{\"response\":{\"code\":204}}",
"response_headers": {
"X-Frame-Options": "SAMEORIGIN",
"X-XSS-Protection": "1; mode=block",
"X-Content-Type-Options": "nosniff",
"Content-Type": "application/json; charset=utf-8",
- "ETag": "W/\"5cd379817cdd6a32f8b3d879772a2eea\"",
+ "ETag": "W/\"ac74fb0159d8224a1689d5eeeb10b55e\"",
"Cache-Control": "max-age=0, private, must-revalidate",
- "X-Request-Id": "eadb8540-e3f5-4a8c-bc42-dad11d5c9acf",
- "X-Runtime": "0.003747",
- "Content-Length": "81"
+ "X-Request-Id": "aee802e8-0476-4104-b3e2-a7480fd45c8a",
+ "X-Runtime": "0.029942",
+ "Content-Length": "25"
},
"response_content_type": "application/json; charset=utf-8",
"curl": null
@@ -0,0 +1,45 @@
+{
+ "resource": "Protected Resource",
+ "http_method": "DELETE",
+ "route": "api/posts/:id",
+ "description": "Request without authentic user",
+ "explanation": null,
+ "parameters": [
+
+ ],
+ "response_fields": [
+
+ ],
+ "requests": [
+ {
+ "request_method": "DELETE",
+ "request_path": "api/posts/1",
+ "request_body": null,
+ "request_headers": {
+ "Accept": "application/json",
+ "Content-Type": "application/json",
+ "Host": "example.org",
+ "Cookie": ""
+ },
+ "request_query_parameters": {
+ },
+ "request_content_type": "application/json",
+ "response_status": 200,
+ "response_status_text": "OK",
+ "response_body": "{\"errors\":{\"unauthorized\":[\"You are not authorized perform this action.\"]},\"response\":{\"code\":401}}",
+ "response_headers": {
+ "X-Frame-Options": "SAMEORIGIN",
+ "X-XSS-Protection": "1; mode=block",
+ "X-Content-Type-Options": "nosniff",
+ "Content-Type": "application/json; charset=utf-8",
+ "ETag": "W/\"3f7b2b789dd37f13a3d27c63ac70daab\"",
+ "Cache-Control": "max-age=0, private, must-revalidate",
+ "X-Request-Id": "27a5b27f-41aa-4c3a-b3d3-e4a4f73ba2a1",
+ "X-Runtime": "0.022386",
+ "Content-Length": "99"
+ },
+ "response_content_type": "application/json; charset=utf-8",
+ "curl": null
+ }
+ ]
+}
Oops, something went wrong.

0 comments on commit a7714cf

Please sign in to comment.