Browse files

Merge branch '0.2.0-wip' of https://github.com/twitter/clockworkraven

…into 0.2.0-wip
  • Loading branch information...
2 parents 9c22a7a + e22db2e commit 439d6bc32295682b5189619fefed3d6cea515f32 Dave Buchfuhrer committed Aug 17, 2012
View
9 app/controllers/application_controller.rb
@@ -21,13 +21,16 @@ class ApplicationController < ActionController::Base
def current_user
return @current_user if @current_user
+ # if an API key parameter was given, try to auth with that.
+ if params[:api_key]
+ return (@current_user = User.find_by_key(params[:api_key]))
+ end
+
# we only load the user from a session cookie if we're using the same
# database we were using when the cookie was issued
if session[:db_sig] == DatabaseSignature.generate
- @current_user = User.find_by_id(session[:user_id])
+ return (@current_user = User.find_by_id(session[:user_id]))
end
-
- return @current_user
end
private
View
15 app/controllers/users_controller.rb
@@ -14,7 +14,7 @@
class UsersController < ApplicationController
# Updating an account is only allowed with the password auth system.
- before_filter :require_password_auth, :except => :show
+ before_filter :require_password_auth, :except => [:show, :reset_key]
private
@@ -55,4 +55,17 @@ def update
end
end
end
+
+ # POST /account/reset_key
+ def reset_key
+ current_user.generate_key
+
+ respond_to do |format|
+ if current_user.save
+ format.html { redirect_to account_path, :notice => 'Your API key has been reset.' }
+ else
+ format.html { redirect_to account_path, :error => 'Could not reset API key.' }
+ end
+ end
+ end
end
View
7 app/views/users/show.html.haml
@@ -27,6 +27,13 @@
%span.email= current_user.email
%p
+ %b API Key:
+ %span.apikey= current_user.key
+ = link_to 'Reset', reset_key_path,
+ :class => 'btn btn-danger btn-mini', :method => 'post',
+ :confirm => "Are you sure? You will no longer be able to perform API requests with your old key."
+
+%p
%b Privileged:
%span.priv= current_user.privileged? ? 'Yes' : 'No'
%a{:href => '#', :rel => 'tooltip', :title => "Privileged users can submit production jobs that cost money. Unprivileged users can submit sandbox jobs, and can create production jobs and ask a privileged user to submit the job."}
View
1 config/routes.rb
@@ -58,6 +58,7 @@
get 'account' => 'users#show', :as => 'account'
get 'account/edit' => 'users#edit', :as => 'edit_account'
put 'account' => 'users#update', :as => 'update_account'
+ post 'account/reset_key' => 'users#reset_key', :as => 'reset_key'
# default: /evaluations
root :to => 'evaluations#index'
View
37 lib/tasks/users.rake
@@ -22,15 +22,23 @@ namespace :users do
task :change_password => :environment do
UserTasks.new.change_password
end
+
+ desc "Reset all API keys in the system"
+ task :reset_keys => :environment do
+ UserTasks.new.reset_keys
+ end
end
class UserTasks
NON_PASS_WARNING = <<END_S
WARNING:
You are not currently configured to use password authentication. Users created
-in this interface will not be usable unless you modify config/auth.yml to use
-password authentication. To do this, copy config/auth.example_password.yml
+in this interface will not be able to log in unless you modify config/auth.yml
+to use password authentication. To do this, copy config/auth.example_password.yml
to config/auth.yml.
+
+Note that users created this way will be able to use the API, even if you don't
+use password authentication.
END_S
def initialize
@@ -96,6 +104,13 @@ END_S
@in.choose do |menu|
menu.layout = :one_line
menu.header = "Successfully created user \"#{username}\""
+ menu.prompt = 'Show API key? '
+ menu.choice('yes') { puts "The user's API key is #{user.key}" }
+ menu.choice('no') { }
+ end
+
+ @in.choose do |menu|
+ menu.layout = :one_line
menu.prompt = 'Create another? '
menu.choice('yes') { add }
menu.choice('no') { }
@@ -121,7 +136,23 @@ END_S
menu.header = "Successfully changed password for \"#{username}\""
menu.prompt = 'Change another? '
menu.choice('yes') { change_password }
- menu.choice('no') { }
+ menu.choice('no') { }
+ end
+ end
+
+ def reset_keys
+ @in.choose do |menu|
+ menu.prompt = 'This will invalidate all API keys and prevent API calls using old keys. Are you sure you want to reset keys? '
+ menu.choice('yes') do
+ User.all.each do |u|
+ u.generate_key
+ u.save!
+ print '.'
+ end
+
+ puts "\nAPI keys have been reset."
+ end
+ menu.choice('no') {}
end
end
View
17 test/functional/controllers/logins_controller_test.rb
@@ -20,6 +20,7 @@ class NonLoginsControllerTest < ActionController::TestCase
setup do
@user = create :user
+ session.clear
end
test "no credentials" do
@@ -56,7 +57,7 @@ class NonLoginsControllerTest < ActionController::TestCase
assert_forbidden
end
- test "valid" do
+ test "valid user id" do
user = create :user
session[:db_sig] = DatabaseSignature.generate
session[:user_id] = user.id
@@ -65,6 +66,20 @@ class NonLoginsControllerTest < ActionController::TestCase
assert_response :success
end
+ test "invalid api key" do
+ user = create :user
+ get :index, :api_key => 'wrong'
+ assert_forbidden
+ end
+
+ test "valid api key" do
+ user = create :user
+ get :index, :api_key => user.key
+
+ get :index
+ assert_response :success
+ end
+
# asserts that the user is redirected to the login screen when trying to
# load a page
def assert_forbidden
View
10 test/functional/controllers/users_controller_test.rb
@@ -100,4 +100,14 @@ def assert_validations_fail attrs
assert_validations_fail :password => '1', :password_confirmation => ''
end
end
+
+ test "reset_key" do
+ old_key = @controller.current_user.key
+
+ post :reset_key
+
+ @controller.current_user.reload
+ assert_not_nil @controller.current_user.key
+ assert_not_equal old_key, @controller.current_user.key
+ end
end
View
1 test/functional/views/users/show_test.rb
@@ -26,6 +26,7 @@ class UsersShowTest < ActionController::TestCase
assert_select "span.username:content('#{@user.username}')"
assert_select "span.realname:content('#{@user.name}')"
assert_select "span.email:content('#{@user.email}')"
+ assert_select "span.apikey:content('#{@user.key}')"
assert_select "span.priv:content('No')"
end

0 comments on commit 439d6bc

Please sign in to comment.