Integrate authentication engine with API engine. Added integration te…

…sts for both admin and api integrations.

admin/Gemfile

@@ -11,6 +11,7 @@ gemspec
 # your gem to rubygems.org.
 
 gem 'push_type_core', path: '../core'
+gem 'push_type_api',  path: '../api'
 
 gem 'closure_tree', git: 'https://github.com/aaronrussell/closure_tree.git', branch: 'rails-5'
 

admin/lib/push_type/admin.rb

@@ -1,4 +1,5 @@
 require 'push_type_core'
+require 'push_type_api'
 
 require 'coffee-rails'
 require 'sass-rails'

admin/push_type_admin.gemspec

@@ -18,8 +18,10 @@ Gem::Specification.new do |s|
   s.homepage      = 'http://www.pushtype.org'
   s.license       = 'MIT'
 
-  s.add_dependency 'push_type_core', PushType::VERSION
+  s.add_dependency 'push_type_core',              PushType::VERSION
+  s.add_dependency 'push_type_api',               PushType::VERSION
   s.add_dependency 'haml-rails',                  '~> 0.9'
+  s.add_dependency 'coffee-rails',                '~> 4.1.1'
   s.add_dependency 'jquery-rails',                '~> 4.1.0'
   s.add_dependency 'foundation-rails',            '~> 5.5.3.2'
   s.add_dependency 'foundation-icons-sass-rails', '~> 3.0.0'

api/lib/push_type/api.rb

@@ -1,4 +1,5 @@
 require 'push_type_core'
+
 require 'jbuilder'
 require 'kaminari'
 

api/push_type_api.gemspec

@@ -20,7 +20,7 @@ Gem::Specification.new do |s|
 
   s.add_dependency 'push_type_core',              PushType::VERSION
   s.add_dependency 'jbuilder',                    '~> 2.5.0'
-  s.add_dependency 'kaminari',                    '~> 0.16.3'
+  s.add_dependency 'kaminari',                    '~> 0.17.0'
 
   s.add_development_dependency 'minitest-spec-rails', '~> 5.3.0'
   s.add_development_dependency 'database_cleaner',    '~> 1.5.1'

api/test/controllers/push_type/api/nodes_controller_test.rb

@@ -3,13 +3,16 @@
 module PushType
   class Api::NodesControllerTest < ActionController::TestCase
 
-    let(:node_attrs) { FactoryGirl.attributes_for(:node, type: 'Page') }
+    def node_attrs
+      FactoryGirl.attributes_for :node, type: 'Page'
+    end
+
     let(:node) { Page.create node_attrs }
 
     describe 'GET #index' do
       before :all do
-        @parent = FactoryGirl.create :node
-        5.times { FactoryGirl.create :node, parent_id: @parent.id }
+        @parent = Page.create node_attrs
+        5.times { Page.create node_attrs.merge(parent_id: @parent.id) }
       end
       describe 'with no scope' do
         before { get :index }

auth/Gemfile

@@ -11,6 +11,7 @@ gemspec
 # your gem to rubygems.org.
 
 gem 'push_type_core',   path: '../core'
+gem 'push_type_api',    path: '../api'
 gem 'push_type_admin',  path: '../admin'
 
 gem 'closure_tree', git: 'https://github.com/aaronrussell/closure_tree.git', branch: 'rails-5'

auth/app/controllers/concerns/push_type/api_authentication_methods.rb

@@ -0,0 +1,10 @@
+module PushType
+  module ApiAuthenticationMethods
+    extend ActiveSupport::Concern
+
+    included do
+      acts_as_token_authentication_handler_for PushType::User, as: :user
+    end
+
+  end
+end

auth/app/models/concerns/push_type/authenticatable.rb

@@ -3,15 +3,25 @@ module Authenticatable
     extend ActiveSupport::Concern
 
     included do
+      acts_as_token_authenticatable
+
       # Include default devise modules. Others available are:
       # :lockable, :timeoutable and :omniauthable
       devise :database_authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable
 
+      def after_database_authentication
+        reset_authentication_token
+      end
+
       protected
 
       def password_required?
         persisted? ? super : false
-      end  
+      end
+    end
+
+    def reset_authentication_token
+      update_attribute :authentication_token, nil
     end
 
   end

auth/config/initializers/simple_token_authentication.rb

@@ -0,0 +1,65 @@
+SimpleTokenAuthentication.configure do |config|
+
+  # Configure the session persistence policy after a successful sign in,
+  # in other words, if the authentication token acts as a signin token.
+  # If true, user is stored in the session and the authentication token and
+  # email may be provided only once.
+  # If false, users must provide their authentication token and email at every request.
+  # config.sign_in_token = false
+
+  # Configure the name of the HTTP headers watched for authentication.
+  #
+  # Default header names for a given token authenticatable entity follow the pattern:
+  #   { entity: { authentication_token: 'X-Entity-Token', email: 'X-Entity-Email'} }
+  #
+  # When several token authenticatable models are defined, custom header names
+  # can be specified for none, any, or all of them.
+  #
+  # Note: when using the identifiers options, this option behaviour is modified.
+  # Please see the example below.
+  #
+  # Examples
+  #
+  #   Given User and SuperAdmin are token authenticatable,
+  #   When the following configuration is used:
+  #     `config.header_names = { super_admin: { authentication_token: 'X-Admin-Auth-Token' } }`
+  #   Then the token authentification handler for User watches the following headers:
+  #     `X-User-Token, X-User-Email`
+  #   And the token authentification handler for SuperAdmin watches the following headers:
+  #     `X-Admin-Auth-Token, X-SuperAdmin-Email`
+  #
+  #   When the identifiers option is set:
+  #     `config.identifiers = { super_admin: :phone_number }`
+  #   Then both the header names identifier key and default value are modified accordingly:
+  #     `config.header_names = { super_admin: { phone_number: 'X-SuperAdmin-PhoneNumber' } }`
+  #
+  # config.header_names = { user: { authentication_token: 'X-User-Token', email: 'X-User-Email' } }
+
+  # Configure the name of the attribute used to identify the user for authentication.
+  # That attribute must exist in your model.
+  #
+  # The default identifiers follow the pattern:
+  # { entity: 'email' }
+  #
+  # Note: the identifer must match your Devise configuration,
+  # see https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-sign-in-using-their-username-or-email-address#tell-devise-to-use-username-in-the-authentication_keys
+  #
+  # Note: setting this option does modify the header_names behaviour,
+  # see the header_names section above.
+  #
+  # Example:
+  #
+  #   `config.identifiers = { super_admin: 'phone_number', user: 'uuid' }`
+  #
+  # config.identifiers = { user: 'email' }
+
+  # Configure the Devise trackable strategy integration.
+  #
+  # If true, tracking is disabled for token authentication: signing in through
+  # token authentication won't modify the Devise trackable statistics.
+  #
+  # If false, given Devise trackable is configured for the relevant model,
+  # then signing in through token authentication will be tracked as any other sign in.
+  #
+  # config.skip_devise_trackable = true
+end

auth/db/migrate/20160711133742_add_authentication_token_to_push_type_users.rb

@@ -0,0 +1,6 @@
+class AddAuthenticationTokenToPushTypeUsers < ActiveRecord::Migration[5.0]
+  def change
+    add_column :push_type_users, :authentication_token, :string, limit: 30
+    add_index :push_type_users, :authentication_token, unique: true
+  end
+end

auth/lib/push_type/auth.rb

@@ -1,6 +1,9 @@
 require 'push_type_core'
+require 'push_type_api'
 require 'push_type_admin'
+
 require 'devise'
+require 'simple_token_authentication'
 
 module PushType
 

auth/lib/push_type/auth/engine.rb

@@ -16,6 +16,7 @@ class Engine < ::Rails::Engine
 
         # Extend controllers with auth/invitation methos
         PushType::AdminController.include PushType::AuthenticationMethods
+        PushType::ApiController.include PushType::ApiAuthenticationMethods
         PushType::UsersController.include PushType::InvitationMethods
 
         # Configure devise with helpers and layout

auth/push_type_auth.gemspec

@@ -19,8 +19,10 @@ Gem::Specification.new do |s|
   s.license       = 'MIT'
 
   s.add_dependency 'push_type_core',  PushType::VERSION
+  s.add_dependency 'push_type_api',   PushType::VERSION
   s.add_dependency 'push_type_admin', PushType::VERSION
   s.add_dependency 'devise',          '~> 4.1.1'
+  s.add_dependency 'simple_token_authentication', '~> 1.14.0'
   s.add_dependency 'highline',        '~> 1.7.8'
 
   s.add_development_dependency 'minitest-spec-rails', '~> 5.3.0'

auth/test/controllers/concerns/push_type/api_authentication_methods_test.rb

@@ -0,0 +1,15 @@
+require 'test_helper'
+
+module PushType
+  class ApiAuthenticationMethodsTest < ActiveSupport::TestCase
+
+    subject { PushType::ApiController.new }
+    let :before_filters do
+      subject._process_action_callbacks.find_all { |x| x.kind == :before }.map(&:filter)
+    end
+
+    it { subject.methods.include?(:authenticate_user_from_token!).must_equal true }
+    it { before_filters.include?(:authenticate_user_from_token!).must_equal true }
+
+  end
+end

auth/test/integration/push_type/authenticated_api_controller_test.rb

@@ -0,0 +1,17 @@
+require 'test_helper'
+
+class AuthenticatedApiControllerTest < ActionDispatch::IntegrationTest
+
+  let(:current_user) { FactoryGirl.create(:confirmed_user) }
+
+  describe 'unauthenticated request' do
+    before { get api_nodes_path }
+    it { response.must_respond_with :unauthorized }
+  end
+
+  describe 'authenticated request' do
+    before { get api_nodes_path, headers: { 'X-User-Email' => current_user.email, 'X-User-Token' => current_user.authentication_token } }
+    it { response.must_respond_with :success }
+  end
+
+end

auth/test/integration/push_type/authenticated_controller_test.rb

@@ -0,0 +1,20 @@
+require 'test_helper'
+
+class AuthenticatedControllerTest < ActionDispatch::IntegrationTest
+
+  let(:current_user) { FactoryGirl.create(:confirmed_user, password: 'password', password_confirmation: 'password') }
+
+  describe 'unauthenticated request' do
+    before { get nodes_path }
+    it { response.must_redirect_to new_user_session_path }
+  end
+
+  describe 'authenticated request' do
+    before do
+      post user_session_path, params: { user: { email: current_user.email, password: 'password' } }
+      get nodes_path
+    end
+    it { response.must_respond_with :success }
+  end
+
+end

auth/test/models/concerns/push_type/authenticatable_test.rb

@@ -47,6 +47,24 @@ class AuthenticatableTest < ActiveSupport::TestCase
         it { subject.must_equal true }
       end
     end
+
+    describe '#after_database_authentication' do
+      let(:user) { FactoryGirl.create :user }
+      before do
+        @token = user.authentication_token
+        user.after_database_authentication
+      end
+      it { user.reload.authentication_token.wont_equal @token }
+    end
+
+    describe '#reset_authentication_token' do
+      let(:user) { FactoryGirl.create :user }
+      before do
+        @token = user.authentication_token
+        user.reset_authentication_token
+      end
+      it { user.reload.authentication_token.wont_equal @token }
+    end
 
   end
 end

auth/test/test_helper.rb

@@ -12,4 +12,8 @@
 
 class ActionController::TestCase
   include Devise::TestHelpers
-end
+end
+
+class ActionDispatch::IntegrationTest
+  include PushType::Core::Engine.routes.url_helpers
+end