Skip to content

Commit

Permalink
Merge pull request #3029 from nebulab/twist900/authorization-header
Browse files Browse the repository at this point in the history 
Deprecate 'X-SPREE-TOKEN' header 2
  • Loading branch information
@kennyadsl
kennyadsl committed Jan 18, 2019
2 parents e6f648f + 88068cb commit 7ac4397
Show file tree
Hide file tree
Showing 12 changed files with 42 additions and 24 deletions.
19 changes: 18 additions & 1 deletion api/app/controllers/spree/api/base_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,10 +100,27 @@ def invalid_resource!(resource)
end

def api_key
request.headers["X-Spree-Token"] || params[:token]
bearer_token || spree_token || params[:token]
end
helper_method :api_key

def bearer_token
pattern = /^Bearer /
header = request.headers["Authorization"]
header.gsub(pattern, '') if header.present? && header.match(pattern)
end

def spree_token
token = request.headers["X-Spree-Token"]
return unless token.present?

Spree::Deprecation.warn(
'The custom X-Spree-Token request header is deprecated and will be removed in the next release.' \
' Please use bearer token authorization header instead.'
)
token
end

def order_token
request.headers["X-Spree-Order-Token"] || params[:order_token]
end
Expand Down
2 changes: 1 addition & 1 deletion api/spec/controllers/spree/api/base_controller_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ def index
end

it "with an invalid API key" do
request.headers["X-Spree-Token"] = "fake_key"
request.headers["Authorization"] = "Bearer fake_key"
get :index, params: {}
expect(json_response).to eq({ "error" => "Invalid API key (fake_key) specified." })
expect(response.status).to eq(401)
Expand Down
22 changes: 11 additions & 11 deletions api/spec/requests/api/address_books_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ module Spree
user.save_in_address_book(ron_address_attributes, false)

get "/api/users/#{user.id}/address_book",
headers: { 'X-SPREE-TOKEN' => 'galleon' }
headers: { Authorization: 'Bearer galleon' }

json_response = JSON.parse(response.body)
expect(response.status).to eq(200)
Expand All @@ -60,7 +60,7 @@ module Spree
expect {
put "/api/users/#{user.id}/address_book",
params: { address_book: harry_address_attributes.merge('id' => address.id) },
headers: { 'X-SPREE-TOKEN' => 'galleon' }
headers: { Authorization: 'Bearer galleon' }
}.to change { UserAddress.count }.from(1).to(2)

expect(response.status).to eq(200)
Expand All @@ -74,7 +74,7 @@ module Spree
expect {
put "/api/users/#{user.id}/address_book",
params: { address_book: harry_address_attributes },
headers: { 'X-SPREE-TOKEN' => 'galleon' }
headers: { Authorization: 'Bearer galleon' }
}.to change { UserAddress.count }.by(1)

user_address = UserAddress.last
Expand All @@ -93,7 +93,7 @@ module Spree
expect {
put "/api/users/#{user.id}/address_book",
params: { address_book: harry_address_attributes },
headers: { 'X-SPREE-TOKEN' => 'galleon' }
headers: { Authorization: 'Bearer galleon' }
}.to_not change { UserAddress.count }

expect(response.status).to eq(200)
Expand All @@ -110,7 +110,7 @@ module Spree
expect {
delete "/api/users/#{user.id}/address_book",
params: { address_id: address.id },
headers: { 'X-SPREE-TOKEN' => 'galleon' }
headers: { Authorization: 'Bearer galleon' }
}.to change { user.reload.user_addresses.count }.from(1).to(0)

expect(response.status).to eq(200)
Expand All @@ -131,7 +131,7 @@ module Spree
other_user.save_in_address_book(ron_address_attributes, false)

get "/api/users/#{other_user.id}/address_book",
headers: { 'X-SPREE-TOKEN' => 'galleon' }
headers: { Authorization: 'Bearer galleon' }

json_response = JSON.parse(response.body)
expect(response.status).to eq(200)
Expand All @@ -150,7 +150,7 @@ module Spree
expect {
put "/api/users/#{other_user.id}/address_book",
params: { address_book: updated_harry_address.merge('id' => address.id) },
headers: { 'X-SPREE-TOKEN' => 'galleon' }
headers: { Authorization: 'Bearer galleon' }
}.to change { UserAddress.count }.from(1).to(2)

expect(response.status).to eq(200)
Expand All @@ -165,7 +165,7 @@ module Spree
expect {
delete "/api/users/#{other_user.id}/address_book",
params: { address_id: address.id },
headers: { 'X-SPREE-TOKEN' => 'galleon' }
headers: { Authorization: 'Bearer galleon' }
}.to change { other_user.reload.user_addresses.count }.from(1).to(0)

expect(response.status).to eq(200)
Expand All @@ -179,7 +179,7 @@ module Spree
other_user.save_in_address_book(harry_address_attributes, true)

get "/api/users/#{other_user.id}/address_book",
headers: { 'X-SPREE-TOKEN' => 'galleon' }
headers: { Authorization: 'Bearer galleon' }

expect(response.status).to eq(401)
end
Expand All @@ -193,7 +193,7 @@ module Spree
expect {
put "/api/users/#{other_user.id}/address_book",
params: { address_book: other_user_address.attributes.merge('address1' => 'Hogwarts') },
headers: { 'X-SPREE-TOKEN' => 'galleon' }
headers: { Authorization: 'Bearer galleon' }
}.not_to change { UserAddress.count }

expect(response.status).to eq(401)
Expand All @@ -208,7 +208,7 @@ module Spree
expect {
delete "/api/users/#{other_user.id}/address_book",
params: { address_id: address.id },
headers: { 'X-SPREE-TOKEN' => 'galleon' }
headers: { Authorization: 'Bearer galleon' }
}.not_to change { other_user.user_addresses.count }

expect(response.status).to eq(401)
Expand Down
2 changes: 1 addition & 1 deletion api/spec/requests/spree/api/store_credit_events_controller_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@

describe "GET mine" do
subject do
get spree.mine_api_store_credit_events_path(format: :json), headers: { 'X-Spree-Token' => api_key }
get spree.mine_api_store_credit_events_path(format: :json), headers: { Authorization: "Bearer #{api_key}" }
end

context "no current api user" do
Expand Down
2 changes: 1 addition & 1 deletion backend/app/assets/javascripts/spree/backend/option_type_autocomplete.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Spree.ready(function () {
url: Spree.routes.option_type_search,
quietMillis: 200,
datatype: 'json',
params: { "headers": { "X-Spree-Token": Spree.api_key } },
params: { "headers": { 'Authorization': 'Bearer ' + Spree.api_key } },
data: function (term) {
return {
q: { name_cont: term }
Expand Down
2 changes: 1 addition & 1 deletion backend/app/assets/javascripts/spree/backend/product_picker.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ $.fn.productAutocomplete = function (options) {
ajax: {
url: Spree.routes.admin_product_search,
datatype: 'json',
params: { "headers": { "X-Spree-Token": Spree.api_key } },
params: { "headers": { 'Authorization': 'Bearer ' + Spree.api_key } },
data: function (term, page) {
return {
q: {
Expand Down
2 changes: 1 addition & 1 deletion backend/app/assets/javascripts/spree/backend/taxons.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ Spree.ready(function() {
url: Spree.routes.taxons_search,
params: {
"headers": {
"X-Spree-Token": Spree.api_key
'Authorization': 'Bearer ' + Spree.api_key
}
},
data: function(term, page) {
Expand Down
2 changes: 1 addition & 1 deletion backend/app/assets/javascripts/spree/backend/user_picker.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ $.fn.userAutocomplete = function () {
ajax: {
url: Spree.routes.users_api,
datatype: 'json',
params: { "headers": { "X-Spree-Token": Spree.api_key } },
params: { "headers": { 'Authorization': 'Bearer ' + Spree.api_key } },
data: function (term) {
return {
q: {
Expand Down
2 changes: 1 addition & 1 deletion backend/app/assets/javascripts/spree/backend/variant_autocomplete.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
quietMillis: 500,
params: {
"headers": {
"X-Spree-Token": Spree.api_key
'Authorization': 'Bearer ' + Spree.api_key
}
},
data: function(term, page) {
Expand Down
2 changes: 1 addition & 1 deletion backend/app/assets/javascripts/spree/backend/views/order/customer_select.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ Spree.Views.Order.CustomerSelect = Backbone.View.extend({
placeholder: Spree.translations.choose_a_customer,
ajax: {
url: Spree.routes.users_api,
params: { "headers": { "X-Spree-Token": Spree.api_key } },
params: { "headers": { 'Authorization': 'Bearer ' + Spree.api_key } },
datatype: 'json',
data: function(term, page) {
return {
Expand Down
2 changes: 1 addition & 1 deletion core/app/assets/javascripts/spree.js.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ Spree.ajax = function(url, options) {
options = options || {};
options = $.extend(options, {
headers: {
"X-Spree-Token": Spree.api_key
'Authorization': 'Bearer ' + Spree.api_key
}
});
return $.ajax(url, options);
Expand Down
7 changes: 4 additions & 3 deletions guides/source/developers/api/overview.html.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,14 @@ role of `admin`.

### Requests

To make a request to the API, pass a `X-Spree-Token` header and a Spree API key
along with the request:
To make a request to the API, set a Bearer Authentication header with the Spree API key:

```bash
curl --header "X-Spree-Token: <key>" http://yourstore.com/api/products/1
curl --header "Authorization: Bearer <key>" http://yourstore.com/api/products/1
```

Note that for Solidus versions 2.7 and below a custom `X-Spree-Token: <key>` header is used.

Alternatively, you can pass through the token as a URL parameter if you are
unable to pass it through a header:

Expand Down

0 comments on commit 7ac4397

Please sign in to comment.