Permalink
Browse files

Merge branch 'api_key'

  • Loading branch information...
2 parents 6c9e270 + bc0fb0f commit 1fd3a357c9e6de18d5ac9f0d5b0de1e207734be4 @skalnik skalnik committed Jun 30, 2010
@@ -0,0 +1,20 @@
+class ApiKeysController < ApplicationController
+ before_filter :login_from_cookie
+ before_filter :login_required
+
+ def create
+ current_user.enable_api!
+
+ respond_to do |format|
+ format.html { redirect_to edit_user_path(current_user) }
+ end
+ end
+
+ def destroy
+ current_user.disable_api!
+
+ respond_to do |format|
+ format.html { redirect_to edit_user_path(current_user) }
+ end
+ end
+end
@@ -0,0 +1,2 @@
+module ApiKeysHelper
+end
View
@@ -66,6 +66,28 @@ def hours(filter, date)
hours
end
+ def enable_api!
+ self.generate_api_key!
+ end
+
+ def disable_api!
+ self.update_attribute(:api_key, "")
+ end
+
+ def api_is_enabled?
+ !self.api_key.empty?
+ end
+
+ def self.authenticate(login, password)
+ return nil if login.blank? || password.blank?
+ if password.downcase == "x" # This is an API request
+ u = find_by_api_key(login)
+ else
+ u = find_by_login(login.downcase)
+ u && u.authenticated?(password) ? u : nil
+ end
+ end
+
protected
def with_memberships
project_ids = memberships.collect { |m| m.project_id }
@@ -84,4 +106,12 @@ def accessible_project_id?(project_id)
projects.collect { |p| p.id }.include?(project_id) :
projects.exists?(['projects.id = ?', project_id])
end
+
+ def secure_digest(*args)
+ Digest::SHA1.hexdigest(args.flatten.join('--'))
+ end
+
+ def generate_api_key!
+ self.update_attribute(:api_key, secure_digest(Time.now, (1..10).map { rand.to_i }))
+ end
end
@@ -34,4 +34,21 @@
<%= form.text_field :time_zone, :readonly => true %>
</p>
<p>Your timezone is set automatically by checking the offset from your browser.
- So, don't worry if the name is incorrect, as long as the hour offset matches.</p>
+ So, don't worry if the name is incorrect, as long as the hour offset matches.</p>
+
+<% if @user.api_is_enabled? %>
+ <p>
+ Your API Key:
+ (<%= link_to 're-generate', api_keys_path, :method => :post %> | <%= link_to "disable", api_key_path, :method => :delete %>)
+ </p>
+ <p>
+ <strong><%= @user.api_key %></strong>
+ </p>
+<% else %>
+ <p>
+ You'll need a unique key to make API calls. Remember to keep this key a secret as it can be used to access your account.
+ </p>
+ <p>
+ <%= link_to("Get a key", api_keys_path, :method => :post) %>
+ </p>
+<% end %>
View
@@ -6,7 +6,7 @@
map.resources :helps, :controller => "help"
map.resources :statuses, :collection => { 'import' => :get, :last => :get }
map.resources :projects, :member => { :invite => :post }
- map.resources :contexts, :notifies, :tendrils
+ map.resources :contexts, :notifies, :tendrils, :api_keys
map.filtered_user 'users/:id/:filter', :filter => status_filters, :controller => 'users', :action => 'show'
@@ -0,0 +1,9 @@
+class AddApiKeyToUsers < ActiveRecord::Migration
+ def self.up
+ add_column :users, :api_key, :string, :limit => 40, :default => ""
+ end
+
+ def self.down
+ remove_column :users, :api_key
+ end
+end
View
@@ -9,7 +9,7 @@
#
# It's strongly recommended to check this file into your version control system.
-ActiveRecord::Schema.define(:version => 20100623170744) do
+ActiveRecord::Schema.define(:version => 20100630014806) do
create_table "bj_config", :primary_key => "bj_config_id", :force => true do |t|
t.string "hostname"
@@ -208,6 +208,7 @@
t.string "identity_url"
t.string "permalink"
t.string "aim_status"
+ t.string "api_key", :limit => 40, :default => ""
end
add_index "users", ["email"], :name => "index_users_on_email"
@@ -8,7 +8,7 @@ def logged_in?
# Accesses the current user from the session. Set it to :false if login fails
# so that future calls do not hit the database.
def current_user
- @current_user ||= (login_from_session || login_from_basic_auth || login_from_cookie || :false)
+ @current_user ||= (login_from_session || login_from_api_key || login_from_basic_auth || login_from_cookie || :false)
end
# Store the given user id in the session.
@@ -115,4 +115,8 @@ def login_from_cookie
self.current_user = user
end
end
+
+ def login_from_api_key
+ self.current_user = User.find_by_api_key(params[:api_key]) unless params.nil? and params[:api_key].empty?
+ end
end
@@ -0,0 +1,8 @@
+require 'test_helper'
+
+class APIKeysControllerTest < ActionController::TestCase
+ # Replace this with your real tests.
+ test "the truth" do
+ assert true
+ end
+end
@@ -0,0 +1,4 @@
+require 'test_helper'
+
+class APIKeysHelperTest < ActionView::TestCase
+end

0 comments on commit 1fd3a35

Please sign in to comment.