Merge pull request #176 from mallowlabs/id/176

api/v1/user.json returns a user without api_key
codefirst · Mar 24, 2014 · 1dc3001 · 1dc3001
2 parents e5d4e19 + ba6f61e
commit 1dc3001
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 5 deletions.
diff --git a/app/controllers/api/v1/user_controller.rb b/app/controllers/api/v1/user_controller.rb
@@ -3,10 +3,13 @@ module Api
   module V1
     class UserController < ApplicationController
       include ApiHelper
+
+      before_filter :check_spell
+
       def show
-        users = User.where(:spell => params[:api_key])
-        if users.first
-          render :json => users.first.to_json
+        user = current_user
+        if user
+          render :json => user.to_json
           return
         end
         render_error 'user not found', 403
@@ -42,7 +45,7 @@ def delete_device
 
       private
       def manage_device(&proc)
-        user = User.where(:spell => params[:api_key]).first
+        user = current_user
         unless user
           render_error 'user not found', 403
           return

diff --git a/spec/controllers/api/v1/user_controller_spec.rb b/spec/controllers/api/v1/user_controller_spec.rb
@@ -9,6 +9,10 @@
                      :profile_image_url => 'url',
                      :spell => 'spell')
     @user.save!
+    User.new(:name => 'test',
+             :screen_name => 'test-name',
+             :profile_image_url => 'test-url',
+             :spell => nil).save!
   end
 
   describe "show" do
@@ -32,6 +36,16 @@
       its(:body) { should have_json("/status[text() = 'error']") }
       its(:body) { should have_json("/error[text() = 'user not found']") }
     end
+
+    context "without api_key" do
+      before {
+        get :show, :api_key => nil, :format => 'json'
+      }
+      subject { response }
+      its(:response_code) { should == 403 }
+      its(:body) { should have_json("/status[text() = 'error']") }
+      its(:body) { should have_json("/error[text() = 'user not found']") }
+    end
   end
 
   describe "add_device" do
@@ -58,7 +72,7 @@
         devices = mock 'devices'
         devices.stub(:where => [mock('device')])
         user.stub(:save => false, :devices => devices, :to_json => '')
-        User.stub(:where => [user])
+        controller.stub(:current_user) { user }
         post :add_device, :api_key => @user.spell, :format => 'json', :device => 'device_id'
       }
       subject { response }