Permalink
Browse files

Implement token-based authentication API base

  • Loading branch information...
radar committed Aug 10, 2012
1 parent b67926f commit 7271f8a67814ef1d87ca1f5eacb8b73ce7e76cfd
View
@@ -1,6 +1,6 @@
source 'https://rubygems.org'
-gem 'rails', '3.2.7'
+gem 'rails', '3.2.8'
gem 'dynamic_form', '1.1.4'
gem 'devise', '2.1.0.rc'
gem 'cancan', '1.6.7'
View
@@ -47,7 +47,7 @@ GEM
rack-test (>= 0.5.4)
selenium-webdriver (~> 2.0)
xpath (~> 0.1.4)
- childprocess (0.3.4)
+ childprocess (0.3.5)
ffi (~> 1.0, >= 1.0.6)
cocaine (0.2.1)
coffee-rails (3.2.2)
@@ -81,7 +81,7 @@ GEM
multi_json (~> 1.0)
factory_girl (2.6.4)
activesupport (>= 2.3.9)
- ffi (1.1.3)
+ ffi (1.1.5)
gmail (0.4.0)
gmail_xoauth (>= 0.3.0)
mail (>= 2.2.1)
@@ -95,7 +95,7 @@ GEM
railties (>= 3.2.0, < 5.0)
thor (~> 0.14)
json (1.7.4)
- launchy (2.1.1)
+ launchy (2.1.2)
addressable (~> 2.3)
libwebsocket (0.1.5)
addressable
@@ -175,7 +175,7 @@ GEM
polyglot
polyglot (>= 0.3.1)
tzinfo (0.3.33)
- uglifier (1.2.6)
+ uglifier (1.2.7)
execjs (>= 0.3.0)
multi_json (~> 1.3)
warden (1.1.1)
@@ -0,0 +1,17 @@
+class Api::V1::BaseController < ActionController::Base
+ respond_to :json
+
+ before_filter :authenticate_user
+
+ private
+ def authenticate_user
+ @current_user = User.find_by_authentication_token(params[:token])
+ unless @current_user
+ respond_with({:error => "Token is invalid." })
+ end
+ end
+
+ def current_user
+ @current_user
+ end
+end
@@ -0,0 +1,5 @@
+class Api::V1::ProjectsController < Api::V1::BaseController
+ def index
+ respond_with(Project.for(current_user).all)
+ end
+end
View
@@ -3,12 +3,14 @@ class User < ActiveRecord::Base
# :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable,
- :confirmable
+ :confirmable, :token_authenticatable
# Setup accessible (or protected) attributes for your model
attr_accessible :email, :password, :password_confirmation, :remember_me
attr_accessible :email, :password, :admin, :as => :admin
# attr_accessible :title, :body
+ #
+ before_save :ensure_authentication_token
has_many :permissions
View
@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+#
+# This file was generated by Bundler.
+#
+# The application 'sprockets' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'pathname'
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path("../../Gemfile",
+ Pathname.new(__FILE__).realpath)
+
+require 'rubygems'
+require 'bundler/setup'
+
+load Gem.bin_path('sprockets', 'sprockets')
View
@@ -1,4 +1,10 @@
Ticketee::Application.routes.draw do
+ namespace :api do
+ namespace :v1 do
+ resources :projects
+ end
+ end
+
devise_for :users, :controllers => { :registrations => "registrations" }
root :to => "projects#index"
@@ -0,0 +1,5 @@
+class AddAuthenticationTokenToUsers < ActiveRecord::Migration
+ def change
+ add_column :users, :authentication_token, :string
+ end
+end
View
@@ -11,7 +11,7 @@
#
# It's strongly recommended to check this file into your version control system.
-ActiveRecord::Schema.define(:version => 20120711214118) do
+ActiveRecord::Schema.define(:version => 20120807214133) do
create_table "assets", :force => true do |t|
t.string "asset_file_name"
@@ -103,6 +103,7 @@
t.datetime "confirmation_sent_at"
t.string "unconfirmed_email"
t.boolean "admin", :default => false
+ t.string "authentication_token"
end
add_index "users", ["email"], :name => "index_users_on_email", :unique => true
@@ -0,0 +1,11 @@
+require "spec_helper"
+
+describe "API errors", :type => :api do
+
+ it "making a request with no token" do
+ get "/api/v1/projects.json", :token => ""
+ error = { :error => "Token is invalid." }
+ last_response.body.should eql(error.to_json)
+ end
+
+end
@@ -0,0 +1,37 @@
+require "spec_helper"
+
+describe "/api/v1/projects", :type => :api do
+ let!(:user) { Factory(:user) }
+ let!(:token) { user.authentication_token }
+ let!(:project) { Factory(:project) }
+
+ before do
+ user.permissions.create!(:action => "view", :thing => project)
+ end
+
+ context "projects viewable by this user" do
+
+ before do
+ Factory(:project, :name => "Access Denied")
+ end
+
+ let(:url) { "/api/v1/projects" }
+ it "json" do
+ get "#{url}.json", :token => token
+
+ projects_json = Project.for(user).all.to_json
+ last_response.body.should eql(projects_json)
+ last_response.status.should eql(200)
+
+ projects = JSON.parse(last_response.body)
+
+ projects.any? do |p|
+ p["name"] == project.name
+ end.should be_true
+
+ projects.any? do |p|
+ p["name"] == "Access Denied"
+ end.should be_false
+ end
+ end
+end
View
@@ -1,5 +1,5 @@
# This file is copied to spec/ when you run 'rails generate rspec:install'
-ENV["RAILS_ENV"] ||= 'test'
+ENV["RAILS_ENV"] = 'test'
require File.expand_path("../../config/environment", __FILE__)
require 'rspec/rails'
require 'rspec/autorun'
@@ -0,0 +1,11 @@
+module ApiHelper
+ include Rack::Test::Methods
+
+ def app
+ Rails.application
+ end
+end
+
+RSpec.configure do |c|
+ c.include ApiHelper, :type => :api
+end

0 comments on commit 7271f8a

Please sign in to comment.