Skip to content
Browse files

Issue #68

* jaribio/Gemfile: did a bundle update on ruby-debug and no longer seem
to need to specify the linecache19 gem
* jaribio/app/controllers/application_controller.rb (skip_csrf?):
provide a real implementation
* jaribio/app/controllers/test_cases_controller.rb (create): to make
activeresource happy, a successful create should not redirect (302), so
for json we no longer do that
* jaribio/app/models/test_case.rb: has_many :plans
* jaribio/app/models/user.rb (after_token_authentication): implemented
callback to set an instance variable @token_authenticated so we can
later determine how the user was authenticated, we only want to disable
csrf for valid token authentication
(token_authenticated?): if @token_authenticated is set, returns it,
otherwise false
* jaribio/spec/controllers/api_authentication_spec.rb: new file, these
are tests around the csrf protection avoidance with api authentication
* jaribio/spec/controllers/test_cases_controller_spec.rb: tests for the
new json specific functionality of create()
* jaribio/spec/models/test_case_spec.rb: added a dumb test for plans
relationship
* jaribio/spec/models/user_spec.rb: added a test around token
authentication logic now in model
  • Loading branch information...
1 parent f049176 commit c0f5b58f813f18a05024915190871f37b5a34009 Brian Jones committed May 4, 2012
View
1 jaribio/Gemfile
@@ -29,7 +29,6 @@ group :development, :test do
# gem 'ruby-debug19', :platform => :mri
# See http://blog.wyeworks.com/2011/11/1/ruby-1-9-3-and-ruby-debug
# gem 'ruby-debug-base19', '>=0.11.26'
-# gem 'linecache19', '>=0.5.13'
end
View
6 jaribio/app/controllers/application_controller.rb
@@ -4,7 +4,9 @@ class ApplicationController < ActionController::Base
skip_before_filter :verify_authenticity_token, :if => :skip_csrf?
def skip_csrf?
- # FIXME: make this more specific to avoid completely turning this off
- true
+ if (user_signed_in?() && current_user.token_authenticated?)
+ return true
+ end
+ false
end
end
View
5 jaribio/app/controllers/test_cases_controller.rb
@@ -54,7 +54,10 @@ def create
end
if @test_case.save
flash[:notice] = "Successfully created test case."
- redirect_to edit_test_case_path(@test_case)
+ respond_to do |format|
+ format.html { redirect_to edit_test_case_path(@test_case) }
+ format.json { render :json => @test_case, :status => :created, :location => @test_case }
+ end
else
respond_with @test_case
end
View
1 jaribio/app/models/test_case.rb
@@ -5,6 +5,7 @@ class TestCase < ActiveRecord::Base
has_many :steps, :order => "steps.position ASC"
belongs_to :user
belongs_to :pre_step
+ has_many :plans, :through => :suites
validates_presence_of :name, :unique_key
validates_uniqueness_of :unique_key
View
10 jaribio/app/models/user.rb
@@ -10,11 +10,21 @@ class User < ActiveRecord::Base
:validatable,
:token_authenticatable
+ def token_authenticated?
+ return false unless defined? @token_authenticated
+ @token_authenticated
+ end
+
+ def after_token_authentication
+ @token_authenticated = true
+ end
+
# Setup accessible (or protected) attributes for your model
attr_accessible :email, :password, :password_confirmation, :remember_me
has_many :test_cases
has_many :suites
has_many :plans
has_many :executions
+
end
View
30 jaribio/spec/controllers/api_authentication_spec.rb
@@ -0,0 +1,30 @@
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+
+describe "API Authentication" do
+ controller do
+ def create
+ render :nothing => true
+ end
+ end
+
+ it "should check whether to skip csrf protection" do
+ controller.should_receive(:skip_csrf?).and_return(false)
+ post :create
+ end
+
+ it "should not call verify_authenticity_token" do
+ @request.env["devise.mapping"] = Devise.mappings[:user]
+ user = Factory.create(:user)
+ user.confirm!
+ sign_in user
+ # pretend it was token auth and call the callback manually
+ controller.current_user.after_token_authentication
+ @verified = false
+ controller.stub(:verify_authenticity_token) do
+ @verified = true
+ end
+ controller.skip_csrf?.should be_true
+ post :create
+ @verified.should be_false
+ end
+end
View
10 jaribio/spec/controllers/test_cases_controller_spec.rb
@@ -67,6 +67,16 @@
post :create, :test_case => Factory.attributes_for(:test_case)
response.should redirect_to(edit_test_case_path(TestCase.last))
end
+
+ it "does not redirect for json post" do
+ post :create, :format => :json, :test_case => Factory.attributes_for(:test_case)
+ response.status.should == 201
+ end
+
+ it "sets location for json post" do
+ post :create, :format => :json, :test_case => Factory.attributes_for(:test_case)
+ response.location.should match(/#{test_case_path(assigns(:test_case))}$/)
+ end
end
describe "with invalid params" do
View
7 jaribio/spec/models/test_case_spec.rb
@@ -19,6 +19,11 @@
@case.should have(1).executions
end
+ it "has many plans" do
+ @case.plans << @plan
+ @case.should have(1).plans
+ end
+
it "can be searched" do
@case.save!
@@ -98,5 +103,5 @@
new_case.id.should_not eq @case.id
new_case.suite_ids.should eq @case.suite_ids
end
-
+
end
View
7 jaribio/spec/models/user_spec.rb
@@ -25,4 +25,11 @@
it "has many executions" do
@user.should have(1).executions
end
+
+ it "remembers when token_authenticated" do
+ @user.token_authenticated?.should be_false
+ @user.after_token_authentication
+ @user.token_authenticated?.should be_true
+ end
+
end

0 comments on commit c0f5b58

Please sign in to comment.
Something went wrong with that request. Please try again.