Permalink
Browse files

improved authentication and user propagation

  • Loading branch information...
1 parent 17bb211 commit 5b6c517e5f266216c6d4d0e812f845c6bbb098be @theganyo theganyo committed Oct 19, 2012
View
@@ -29,21 +29,23 @@ Or install it yourself as:
### Getting started with the Usergrid_ironhorse SDK is super simple!
+#### Setup
+
* Add 'gem usergrid_ironhorse' to your Gemfile
* Create a 'config/usergrid.yml' file that looks something like this (the
auth_token is your application admin token):
<pre>
development:
- :application_url: http://localhost:8080/my-organization/my-application
- :auth_token: YWMtc4WjqhcbEeK6UhQQn9SVgQAAATpryjMnLy9oFaPbP-0qIxoUx_4vtaOmpmE
+ application_url: http://localhost:8080/my-organization/my-application
+ auth_token: YWMtc4WjqhcbEeK6UhQQn9SVgQAAATpryjMnLy9oFaPbP-0qIxoUx_4vtaOmpmE
development:
- :application_url: http://localhost:8080/my-organization/my-application
- :auth_token: YWMtc4WjqhcbEeK6UhQQn9SVgQAAATpryjMnLy9oFaPbP-0qIxoUx_4vtaOmpmE
+ application_url: http://localhost:8080/my-organization/my-application
+ auth_token: YWMtc4WjqhcbEeK6UhQQn9SVgQAAATpryjMnLy9oFaPbP-0qIxoUx_4vtaOmpmE
production:
- :application_url: http://api.usergrid.com/my-organization/my-application
- :auth_token: YWMtc4WjqhcbEeK6UhQQn9SVgQAAATpryjMnLy9oFaPbP-0qIxoUx_4vtaOmpmE
+ application_url: http://api.usergrid.com/my-organization/my-application
+ auth_token: YWMtc4WjqhcbEeK6UhQQn9SVgQAAATpryjMnLy9oFaPbP-0qIxoUx_4vtaOmpmE
</pre>
* Your User model should subclass Usergrid::Ironhorse::Base and extend
Usergrid::Ironhorse::UserContext like so:
@@ -58,20 +60,55 @@ end
* Use `User.clear_authentication(session)` to log out.
* Propogate the authentication in your ApplicationController:
<pre>
- before_filter :set_thread_context
- def set_thread_context
- User.set_thread_context session
- end
+before_filter :set_thread_context
+def set_thread_context
+ User.set_thread_context session
+end
</pre>
* Optionally, if you need to access the User from your view, you may add something
like the following to your ApplicationController:
<pre>
- helper_method :current_user
- def current_user
- User.current_user
- end
+helper_method :current_user
+def current_user
+ User.current_user
+end
</pre>
+#### Get going!
+
+* Subclass Usergrid::Ironhorse::Base for your models.
+Your models will automatically be stored in a collection according to the name of your
+class as defined by Rails' ActiveModel::Naming module. (Which you may override by
+implementing model_name if desired.)
+
+<pre>
+class Developer < Usergrid::Ironhorse::Base
+ validates :name, :presence => true # Yes, of course you can use validation
+
+end
+</pre>
+* Now just use the Rails methods you're already familiar with:
+<pre>
+
+ dev = Developer.new language: 'Ruby'
+ dev.valid? # nope!
+ dev.errors # {:name=>["can't be blank"]}
+ dev.name = 'Scott'
+ dev.save!
+
+ dev = Developer.find_or_create_by_name 'Scott'
+ dev.favorite_color = 'green' # assign new attributes automatically
+
+ dev = Developer.find_by_name 'Scott'
+</pre>
+* BTW: If you need to do management tasks, wrapping the work in an as_admin block
+will use the auth_token from your settings:
+
+<pre>
+User.as_admin do
+ # do protected task
+end
+</pre>
## Contributing
@@ -85,8 +122,8 @@ We welcome your enhancements!
4. Push your changes to the upstream branch (`git push origin my-new-feature`)
5. Create new Pull Request
-We've got 100% rspec coverage and we're looking to keep it that way!*
-(*Not yet, but soon)
+We're shooting for 100% rspec coverage, so keep that in mind!
+
In order to run the tests, check out the Usergrid open source project
(https://github.com/apigee/usergrid-stack), build, and launch it locally.
View
@@ -0,0 +1,26 @@
+# overrides methods dealing with auth_token to operate on a thread basis
+module Usergrid
+ class Resource
+ def options
+ options = @options.clone
+ auth_token = Thread.current[:usergrid_auth_token]
+ options[:headers].delete :Authorization
+ options[:headers][:Authorization] = "Bearer #{auth_token}" if auth_token
+ options
+ end
+
+ # gets user token and automatically set auth header for future requests on this Thread
+ # precondition: resource must already be set to the correct context (application or management)
+ def login(username, password)
+ params = { grant_type: "password", username: username, password: password }
+ response = self['token'].get({ params: params })
+ user_uuid = response.data['user']['uuid']
+ user_access_token = response.data['access_token']
+ Thread.current[:usergrid_user_id] = user_uuid
+ Thread.current[:usergrid_auth_token] = user_access_token
+ @current_user = self["/users/#{user_uuid}"].get.entity
+ response
+ end
+
+ end
+end
@@ -147,11 +147,7 @@ def self.group
# Creates a Usergrid::Resource
def self.resource
app = Usergrid::Application.new settings[:application_url]
- if Thread.current[:auth_token]
- app.auth_token = Thread.current[:auth_token]
- else
- app.auth_token = settings[:auth_token]
- end
+ #app.auth_token = Thread.current[:usergrid_auth_token]
app[group]
end
@@ -32,18 +32,12 @@ def clear_authentication(session)
# allows admin actions to be done in a block
def as_admin(&block)
- save_user_id = Thread.current[:usergrid_user_id]
save_auth_token = Thread.current[:usergrid_auth_token]
- save_user = Thread.current[:usergrid_current_user]
begin
- Thread.current[:usergrid_user_id] = nil
Thread.current[:usergrid_auth_token] = Base.settings[:auth_token]
- Thread.current[:usergrid_current_user] = nil
yield block
ensure
- Thread.current[:usergrid_user_id] = save_user_id
Thread.current[:usergrid_auth_token] = save_auth_token
- Thread.current[:usergrid_current_user] = save_user
end
end
View
@@ -54,7 +54,6 @@ def login_management
def create_random_application
management = login_management
organization = management.organization SPEC_SETTINGS[:organization][:name]
-
app_name = "_test_app_#{SecureRandom.hex}"
organization.create_application app_name
management.application SPEC_SETTINGS[:organization][:name], app_name
@@ -2,6 +2,10 @@
it_should_behave_like 'ActiveModel'
+ class User < Usergrid::Ironhorse::Base
+ extend Usergrid::Ironhorse::UserContext
+ end
+
before :all do
@application = create_random_application
Foo.configure!(@application.url, @application.auth_token)
@@ -22,6 +26,20 @@ class Bar < Usergrid::Ironhorse::Base; end
describe 'subclasses should be able to' do
+ it "do tasks as admin when requested" do
+ organization = @foo.management.organization SPEC_SETTINGS[:organization][:name]
+
+ # should fail under current user's context
+ expect {
+ organization.create_application "_test_app_#{SecureRandom.hex}"
+ }.to raise_error RestClient::Unauthorized
+
+ # should succeed under admin context
+ User.as_admin do
+ organization.create_application "_test_app_#{SecureRandom.hex}"
+ end
+ end
+
it 'be created and destroyed' do
foo = Foo.create name: 'foo2'
foo.persisted?.should be_true

0 comments on commit 5b6c517

Please sign in to comment.