rename authorize to require_login

authorize_admin -> require_admin

also add require_token which will ensure token has been used for auth.

14 files changed, 27 insertions, 24 deletions

diff --git a/billing/app/controllers/billing_admin_controller.rb b/billing/app/controllers/billing_admin_controller.rb
index cd6149f..e11d4ee 100644
--- a/billing/app/controllers/billing_admin_controller.rb
+++ b/billing/app/controllers/billing_admin_controller.rb
@@ -1,5 +1,5 @@
 class BillingAdminController < BillingBaseController
-  before_filter :authorize_admin
+  before_filter :require_admin
 
   def show
 
diff --git a/billing/app/controllers/credit_card_info_controller.rb b/billing/app/controllers/credit_card_info_controller.rb
index 717fa18..fbaa6f1 100644
--- a/billing/app/controllers/credit_card_info_controller.rb
+++ b/billing/app/controllers/credit_card_info_controller.rb
@@ -1,5 +1,5 @@
 class CreditCardInfoController < ApplicationController
-  before_filter :authorize, :set_user
+  before_filter :require_login, :set_user
 
   def edit
     @credit_card = Braintree::CreditCard.find(params[:id])
diff --git a/billing/app/controllers/customer_controller.rb b/billing/app/controllers/customer_controller.rb
index 901cb34..6cbcb44 100644
--- a/billing/app/controllers/customer_controller.rb
+++ b/billing/app/controllers/customer_controller.rb
@@ -1,5 +1,5 @@
 class CustomerController < BillingBaseController
-  before_filter :authorize, :fetch_customer
+  before_filter :require_login, :fetch_customer
 
   def show
     if @customer
diff --git a/billing/app/controllers/payments_controller.rb b/billing/app/controllers/payments_controller.rb
index 0b5abe7..fce6570 100644
--- a/billing/app/controllers/payments_controller.rb
+++ b/billing/app/controllers/payments_controller.rb
@@ -1,5 +1,5 @@
 class PaymentsController < BillingBaseController
-  before_filter :authorize, :only => [:index]
+  before_filter :require_login, :only => [:index]
 
   def new
     fetch_transparent_redirect
diff --git a/billing/app/controllers/subscriptions_controller.rb b/billing/app/controllers/subscriptions_controller.rb
index 01aaab4..f066b3c 100644
--- a/billing/app/controllers/subscriptions_controller.rb
+++ b/billing/app/controllers/subscriptions_controller.rb
@@ -1,5 +1,5 @@
 class SubscriptionsController < BillingBaseController
-  before_filter :authorize
+  before_filter :require_login
   before_filter :fetch_subscription, :only => [:show, :destroy]
   before_filter :confirm_cancel_subscription, :only => [:destroy]
   before_filter :confirm_self_or_admin, :only => [:index]
diff --git a/certs/app/controllers/certs_controller.rb b/certs/app/controllers/certs_controller.rb
index 62ef3fd..82cbc44 100644
--- a/certs/app/controllers/certs_controller.rb
+++ b/certs/app/controllers/certs_controller.rb
@@ -1,6 +1,6 @@
 class CertsController < ApplicationController
 
-  before_filter :login_if_required
+  before_filter :require_login, :unless => :anonymous_certs_allowed?
 
   # GET /cert
   def show
@@ -10,10 +10,9 @@ class CertsController < ApplicationController
 
   protected
 
-  def login_if_required
-    authorize unless APP_CONFIG[:allow_anonymous_certs]
+  def anonymous_certs_allowed?
+    APP_CONFIG[:allow_anonymous_certs]
   end
-
   #
   # this is some temporary logic until we store the service level in the user db.
   #
diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb
index c193ff4..d65ee43 100644
--- a/help/app/controllers/tickets_controller.rb
+++ b/help/app/controllers/tickets_controller.rb
@@ -4,7 +4,7 @@ class TicketsController < ApplicationController
   respond_to :html, :json
   #has_scope :open, :type => boolean
 
-  before_filter :authorize, :only => [:index]
+  before_filter :require_login, :only => [:index]
   before_filter :fetch_ticket, :only => [:show, :update, :destroy] # don't now have an edit method
   before_filter :fetch_user
   before_filter :set_title
diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb
index d831fbe..e83d6b2 100644
--- a/users/app/controllers/controller_extension/authentication.rb
+++ b/users/app/controllers/controller_extension/authentication.rb
@@ -15,7 +15,7 @@ module ControllerExtension::Authentication
     !!current_user
   end
 
-  def authorize
+  def require_login
     access_denied unless logged_in?
   end
 
@@ -38,7 +38,7 @@ module ControllerExtension::Authentication
     current_user && current_user.is_admin?
   end
 
-  def authorize_admin
+  def require_admin
     access_denied unless admin?
   end
 
diff --git a/users/app/controllers/controller_extension/token_authentication.rb b/users/app/controllers/controller_extension/token_authentication.rb
index cd5c074..ee24f73 100644
--- a/users/app/controllers/controller_extension/token_authentication.rb
+++ b/users/app/controllers/controller_extension/token_authentication.rb
@@ -11,6 +11,10 @@ module ControllerExtension::TokenAuthentication
     token.authenticate if token
   end
 
+  def require_token
+    access_denied unless token
+  end
+
   def logout
     super
     clear_token
diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb
index a5461cd..6b32d49 100644
--- a/users/app/controllers/users_controller.rb
+++ b/users/app/controllers/users_controller.rb
@@ -4,9 +4,9 @@
 
 class UsersController < UsersBaseController
 
-  before_filter :authorize, :only => [:show, :edit, :update, :destroy]
+  before_filter :require_login, :except => [:new]
+  before_filter :require_admin, :only => [:index, :deactivate, :enable]
   before_filter :fetch_user, :only => [:show, :edit, :update, :destroy, :deactivate, :enable]
-  before_filter :authorize_admin, :only => [:index, :deactivate, :enable]
 
   respond_to :html
 
diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb
index 0903888..a16c6e9 100644
--- a/users/app/controllers/v1/users_controller.rb
+++ b/users/app/controllers/v1/users_controller.rb
@@ -3,8 +3,8 @@ module V1
 
     skip_before_filter :verify_authenticity_token
     before_filter :fetch_user, :only => [:update]
-    before_filter :authorize, :only => [:update]
-    before_filter :authorize_admin, :only => [:index]
+    before_filter :require_login, :only => [:update, :index]
+    before_filter :require_admin, :only => [:index]
 
     respond_to :json
 
diff --git a/users/test/functional/application_controller_test.rb b/users/test/functional/application_controller_test.rb
index 94b77bd..c4c922b 100644
--- a/users/test/functional/application_controller_test.rb
+++ b/users/test/functional/application_controller_test.rb
@@ -7,21 +7,21 @@ class ApplicationControllerTest < ActionController::TestCase
     @controller.response = @response
   end
 
-  def test_authorize_redirect
-    @controller.send(:authorize)
+  def test_require_login_redirect
+    @controller.send(:require_login)
     assert_access_denied(true, false)
   end
 
-  def test_authorized
+  def test_require_login
     login
-    @controller.send(:authorize)
+    @controller.send(:require_login)
     assert_access_denied(false)
   end
 
-  def test_authorize_admin
+  def test_require_admin
     login
     @current_user.expects(:is_admin?).returns(false)
-    @controller.send(:authorize_admin)
+    @controller.send(:require_admin)
     assert_access_denied
   end
 
diff --git a/users/test/functional/v1/sessions_controller_test.rb b/users/test/functional/v1/sessions_controller_test.rb
index 4200e8f..df0d681 100644
--- a/users/test/functional/v1/sessions_controller_test.rb
+++ b/users/test/functional/v1/sessions_controller_test.rb
@@ -36,7 +36,7 @@ class V1::SessionsControllerTest < ActionController::TestCase
     post :create, :login => @user.login, 'A' => @client_hex
   end
 
-  test "should authorize" do
+  test "should authenticate" do
     request.env['warden'].expects(:authenticate!)
     @controller.stubs(:current_user).returns(@user)
     handshake = stub(:to_hash => {h: "ash"})
diff --git a/users/test/unit/unauthorized_user_test.rb b/users/test/unit/unauthenticated_user_test.rb
index 5b96ae1..e5fafb8 100644
--- a/users/test/unit/unauthorized_user_test.rb
+++ b/users/test/unit/unauthenticated_user_test.rb
@@ -1,6 +1,6 @@
 require 'test_helper'
 
-class UnauthorizedUserTest < ActiveSupport::TestCase
+class UnauthenticatedUserTest < ActiveSupport::TestCase
   # test "the truth" do
   #   assert true
   # end