Merge pull request #148 from azul/feature/api-quota-support

Feature/api quota support + current_user null pattern

18 files changed, 214 insertions, 115 deletions

diff --git a/app/controllers/controller_extension/authentication.rb b/app/controllers/controller_extension/authentication.rb
index 03d3989..1f73f38 100644
--- a/app/controllers/controller_extension/authentication.rb
+++ b/app/controllers/controller_extension/authentication.rb
@@ -8,11 +8,11 @@ module ControllerExtension::Authentication
   end
 
   def current_user
-    @current_user ||= token_authenticate || warden.user
+    @current_user ||= token_authenticate || warden.user || anonymous
   end
 
   def logged_in?
-    !!current_user
+    current_user.is_a? User
   end
 
   def require_login
@@ -42,7 +42,7 @@ module ControllerExtension::Authentication
   end
 
   def admin?
-    current_user && current_user.is_admin?
+    current_user.is_admin?
   end
 
   def require_admin
@@ -72,4 +72,10 @@ module ControllerExtension::Authentication
     request.env['warden.options'] &&
       request.env['warden.options'][:attempted_path]
   end
+
+  protected
+
+  def anonymous
+    AnonymousUser.new
+  end
 end
diff --git a/app/controllers/v1/certs_controller.rb b/app/controllers/v1/certs_controller.rb
index 64cfa7f..73409ef 100644
--- a/app/controllers/v1/certs_controller.rb
+++ b/app/controllers/v1/certs_controller.rb
@@ -4,7 +4,7 @@ class V1::CertsController < ApplicationController
 
   # GET /cert
   def show
-    @cert = ClientCertificate.new(:prefix => certificate_prefix)
+    @cert = ClientCertificate.new(:prefix => service_level.cert_prefix)
     render text: @cert.to_s, content_type: 'text/plain'
   end
 
@@ -13,38 +13,8 @@ class V1::CertsController < ApplicationController
   def anonymous_certs_allowed?
     APP_CONFIG[:allow_anonymous_certs]
   end
-  #
-  # this is some temporary logic until we store the service level in the user db.
-  #
-  # better logic might look like this:
-  #
-  # if logged_in?
-  #   service_level = user.service_level
-  # elsif allow_anonymous?
-  #   service_level = service_levels[:anonymous]
-  # else
-  #   service_level = nil
-  # end
-  #
-  # if service_level.bandwidth == 'limited' && allow_limited?
-  #   prefix = limited
-  # elsif allow_unlimited?
-  #   prefix = unlimited
-  # else
-  #   prefix = nil
-  # end
-  #
-  def certificate_prefix
-    if logged_in?
-      if APP_CONFIG[:allow_unlimited_certs]
-        APP_CONFIG[:unlimited_cert_prefix]
-      elsif APP_CONFIG[:allow_limited_certs]
-        APP_CONFIG[:limited_cert_prefix]
-      end
-    elsif !APP_CONFIG[:allow_limited_certs]
-      APP_CONFIG[:unlimited_cert_prefix]
-    else
-      APP_CONFIG[:limited_cert_prefix]
-    end
+
+  def service_level
+    current_user.effective_service_level
   end
 end
diff --git a/app/controllers/v1/messages_controller.rb b/app/controllers/v1/messages_controller.rb
index f71d0f1..85156b7 100644
--- a/app/controllers/v1/messages_controller.rb
+++ b/app/controllers/v1/messages_controller.rb
@@ -7,12 +7,11 @@ module V1
     respond_to :json
 
     def index
-      render json: (current_user ? current_user.messages : [] )
+      render json: current_user.messages
     end
 
     def update
-      message = Message.find(params[:id])
-      if (message and current_user)
+      if message = Message.find(params[:id])
         message.mark_as_read_by(current_user)
         message.save
         render json: true
diff --git a/app/controllers/v1/services_controller.rb b/app/controllers/v1/services_controller.rb
new file mode 100644
index 0000000..594940e
--- /dev/null
+++ b/app/controllers/v1/services_controller.rb
@@ -0,0 +1,8 @@
+class V1::ServicesController < ApplicationController
+
+  respond_to :json
+
+  def show
+    respond_with current_user.effective_service_level
+  end
+end
diff --git a/app/models/anonymous_service_level.rb b/app/models/anonymous_service_level.rb
new file mode 100644
index 0000000..4366a4a
--- /dev/null
+++ b/app/models/anonymous_service_level.rb
@@ -0,0 +1,30 @@
+class AnonymousServiceLevel
+
+  delegate :to_json, to: :config_hash
+
+  def cert_prefix
+    if APP_CONFIG[:allow_limited_certs]
+      APP_CONFIG[:limited_cert_prefix]
+    elsif APP_CONFIG[:allow_unlimited_certs]
+      APP_CONFIG[:unlimited_cert_prefix]
+    end
+  end
+
+  def description
+    if APP_CONFIG[:allow_anonymous_certs]
+      "anonymous access to the VPN"
+    else
+      "please login to access our services"
+    end
+  end
+
+  protected
+
+  def config_hash
+    { name: "anonymous",
+      description: description,
+      eip_rate_limit: APP_CONFIG[:allow_limited_certs]
+    }
+  end
+
+end
diff --git a/app/models/anonymous_user.rb b/app/models/anonymous_user.rb
new file mode 100644
index 0000000..360a577
--- /dev/null
+++ b/app/models/anonymous_user.rb
@@ -0,0 +1,27 @@
+# The nil object for the user class
+class AnonymousUser < Object
+
+  def effective_service_level
+    AnonymousServiceLevel.new
+  end
+
+  def is_admin?
+    false
+  end
+
+  def id
+    nil
+  end
+
+  def email_address
+    nil
+  end
+
+  def login
+    nil
+  end
+
+  def messages
+    []
+  end
+end
diff --git a/app/models/service_level.rb b/app/models/service_level.rb
index 299aaf1..5dd8838 100644
--- a/app/models/service_level.rb
+++ b/app/models/service_level.rb
@@ -4,16 +4,35 @@ class ServiceLevel
     @id = attributes[:id] || APP_CONFIG[:default_service_level]
   end
 
-  def self.authenticated_select_options
-    APP_CONFIG[:service_levels].map { |id,config_hash| [config_hash[:description], id] if config_hash[:name] != 'anonymous'}.compact
+  def self.select_options
+    APP_CONFIG[:service_levels].map do |id,config_hash|
+      [config_hash[:description], id]
+    end
   end
 
   def id
     @id
   end
 
+  delegate :to_json, to: :config_hash
+
+  def cert_prefix
+    if limited_cert?
+      APP_CONFIG[:limited_cert_prefix]
+    elsif APP_CONFIG[:allow_unlimited_certs]
+      APP_CONFIG[:unlimited_cert_prefix]
+    end
+  end
+
+  protected
+
+  def limited_cert?
+    APP_CONFIG[:allow_limited_certs] &&
+      (!APP_CONFIG[:allow_unlimited_certs] || config_hash[:eip_rate_limit])
+  end
+
   def config_hash
-    APP_CONFIG[:service_levels][@id]
+    @config_hash || APP_CONFIG[:service_levels][@id].with_indifferent_access
   end
 
 end
diff --git a/app/models/unauthenticated_user.rb b/app/models/unauthenticated_user.rb
deleted file mode 100644
index 0fc17d2..0000000
--- a/app/models/unauthenticated_user.rb
+++ /dev/null
@@ -1,6 +0,0 @@
-# The nil object for the user class
-class UnauthenticatedUser < Object
-
-  # will probably want something here to return service level as  APP_CONFIG[:service_levels][0] but not sure how will be accessing.
-
-end
diff --git a/app/views/users/_change_service_level.html.haml b/app/views/users/_change_service_level.html.haml
index 61e67d9..42315a2 100644
--- a/app/views/users/_change_service_level.html.haml
+++ b/app/views/users/_change_service_level.html.haml
@@ -8,11 +8,11 @@
     %legend= t(:service_level)
     - if @user != current_user
       = t(:desired_service_level)
-    = f.select :desired_service_level_code, ServiceLevel.authenticated_select_options, :selected => @user.desired_service_level.id
+    = f.select :desired_service_level_code, ServiceLevel.select_options, :selected => @user.desired_service_level.id
     - if @user != current_user
       %p
       = t(:effective_service_level)
-      = f.select :effective_service_level_code, ServiceLevel.authenticated_select_options, :selected => @user.effective_service_level.id
+      = f.select :effective_service_level_code, ServiceLevel.select_options, :selected => @user.effective_service_level.id
     .control-group
       .controls
         = f.submit t(:save), :class => 'btn', :data => {"loading-text" => "Saving..."}
diff --git a/config/defaults.yml b/config/defaults.yml
index e7d0f5e..47cb641 100644
--- a/config/defaults.yml
+++ b/config/defaults.yml
@@ -49,21 +49,15 @@ common: &common
 
 service_levels: &service_levels
   service_levels:
-    0:
-      name: anonymous
-      cert_prefix: "LIMITED"
-      description: "anonymous account, with rate limited VPN"
     1:
       name: free
-      cert_prefix: "LIMITED"
       description: "free account, with rate limited VPN"
-      cost: 0
-      quota: 100
+      eip_rate_limit: true
+      storage: 100
     2:
       name: premium
-      cert_prefix: "UNLIMITED"
       description: "premium account, with unlimited vpn"
-      cost:
+      rate:
         USD: 10
         EUR: 10
   default_service_level: 1
diff --git a/config/routes.rb b/config/routes.rb
index b930bd1..f612b47 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -25,6 +25,7 @@ LeapWeb::Application.routes.draw do
     resources :users, :only => [:create, :update, :destroy, :index]
     resources :messages, :only => [:index, :update]
     resource :cert, :only => [:show]
+    resource :service, :only => [:show]
   end
 
   scope "(:locale)", :locale => MATCH_LOCALE do
diff --git a/engines/support/app/controllers/tickets_controller.rb b/engines/support/app/controllers/tickets_controller.rb
index 4be3493..650f628 100644
--- a/engines/support/app/controllers/tickets_controller.rb
+++ b/engines/support/app/controllers/tickets_controller.rb
@@ -5,7 +5,8 @@ class TicketsController < ApplicationController
   #has_scope :open, :type => boolean
 
   before_filter :require_login, :only => [:index]
-  before_filter :fetch_ticket, :only => [:show, :update, :destroy] # don't now have an edit method
+  before_filter :fetch_ticket, :only => [:show, :update, :destroy]
+  before_filter :require_ticket_access, :only => [:show, :update, :destroy]
   before_filter :fetch_user
   before_filter :set_title
 
@@ -17,11 +18,11 @@ class TicketsController < ApplicationController
   def create
     @ticket = Ticket.new(params[:ticket])
 
-    @ticket.comments.last.posted_by = (logged_in? ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it.
+    #protecting posted_by isn't working, so this should protect it:
+    @ticket.comments.last.posted_by = current_user.id
     @ticket.comments.last.private = false unless admin?
-    @ticket.created_by = current_user.id if logged_in?
-    @ticket.email = current_user.email_address if logged_in? and current_user.email_address
-
+    @ticket.created_by = current_user.id
+    @ticket.email = current_user.email_address if current_user.email_address
     if @ticket.save
       flash[:notice] = t(:thing_was_successfully_created, :thing => t(:ticket))
 
@@ -58,7 +59,7 @@ class TicketsController < ApplicationController
       end
 
       if @ticket.comments_changed?
-        @ticket.comments.last.posted_by = (current_user ? current_user.id : nil)
+        @ticket.comments.last.posted_by = current_user.id
         @ticket.comments.last.private = false unless admin?
       end
 
@@ -120,19 +121,28 @@ class TicketsController < ApplicationController
     return ticket
   end
 
-  def ticket_access?
-    @ticket and (admin? or !@ticket.created_by or (current_user and current_user.id == @ticket.created_by))
-  end
-
   def fetch_ticket
     @ticket = Ticket.find(params[:id])
-    if !@ticket and admin?
-      redirect_to auto_tickets_path, :alert => t(:no_such_thing, :thing => 'ticket')
-      return
+    if !@ticket
+      if admin?
+        redirect_to auto_tickets_path,
+          alert: t(:no_such_thing, thing: 'ticket')
+      else
+        access_denied
+      end
     end
+  end
+
+  def require_ticket_access
     access_denied unless ticket_access?
   end
 
+  def ticket_access?
+    admin? or
+      @ticket.created_by.blank? or
+      current_user.id == @ticket.created_by
+  end
+
   def fetch_user
     if params[:user_id]
       @user = User.find(params[:user_id])
diff --git a/engines/support/app/views/tickets/new.html.haml b/engines/support/app/views/tickets/new.html.haml
index ba86ac3..65ed67b 100644
--- a/engines/support/app/views/tickets/new.html.haml
+++ b/engines/support/app/views/tickets/new.html.haml
@@ -2,22 +2,14 @@
 
 = render 'tickets/tabs'
 
-- if admin? && @user
-  - email = @user.email_address
-  - regarding = @user.login
-- elsif logged_in?
-  - email = current_user.email_address
-  - regarding = current_user.login
+- user = @user if admin?
+- user ||= current_user
 
 = simple_form_for @ticket, :validate => true, :html => {:class => 'form-horizontal'} do |f|
   = hidden_ticket_fields
   = f.input :subject
-  - if logged_in?
-    = f.input :email, input_html: {value: email}
-    = f.input :regarding_user, input_html: {value: regarding}
-  - else
-    = f.input :email
-    = f.input :regarding_user
+  = f.input :email, input_html: {value: user.email_address}
+  = f.input :regarding_user, input_html: {value: user.login}
   = f.simple_fields_for :comments, @comment do |c|
     = c.input :body, :label => t(:description), :as => :text, :input_html => {:class => "full-width", :rows=> 5}
     - if admin?
diff --git a/engines/support/app/views/tickets/show.html.haml b/engines/support/app/views/tickets/show.html.haml
index bbca4bf..4f3c127 100644
--- a/engines/support/app/views/tickets/show.html.haml
+++ b/engines/support/app/views/tickets/show.html.haml
@@ -7,6 +7,6 @@
       = render :partial => 'tickets/comment', :collection => @ticket.comments
       %tr
         %td.user
-          = logged_in? ? current_user.login : t(:anonymous)
+          = current_user.login || t(:anonymous)
         %td.comment
           = render 'tickets/new_comment_form'
diff --git a/test/functional/v1/certs_controller_test.rb b/test/functional/v1/certs_controller_test.rb
index 2c70e52..fb8e9c4 100644
--- a/test/functional/v1/certs_controller_test.rb
+++ b/test/functional/v1/certs_controller_test.rb
@@ -2,43 +2,45 @@ require 'test_helper'
 
 class V1::CertsControllerTest < ActionController::TestCase
 
-  test "send limited cert without login" do
-    with_config allow_limited_certs: true, allow_anonymous_certs: true do
-      cert = stub :to_s => "limited cert"
-      ClientCertificate.expects(:new).with(:prefix => APP_CONFIG[:limited_cert_prefix]).returns(cert)
+  test "send unlimited cert without login" do
+    with_config allow_anonymous_certs: true do
+      cert = expect_cert('UNLIMITED')
       get :show
       assert_response :success
       assert_equal cert.to_s, @response.body
     end
   end
 
-  test "send unlimited cert" do
-    with_config allow_unlimited_certs: true do
+  test "send limited cert" do
+    with_config allow_limited_certs: true do
       login
-      cert = stub :to_s => "unlimited cert"
-      ClientCertificate.expects(:new).with(:prefix => APP_CONFIG[:unlimited_cert_prefix]).returns(cert)
+      cert = expect_cert('LIMITED')
       get :show
       assert_response :success
       assert_equal cert.to_s, @response.body
     end
   end
 
-  test "login required if anonymous certs disabled" do
-    with_config allow_anonymous_certs: false do
-      get :show
-      assert_response :redirect
-    end
+  test "send unlimited cert" do
+    login effective_service_level: ServiceLevel.new(id: 2)
+    cert = expect_cert('UNLIMITED')
+    get :show
+    assert_response :success
+    assert_equal cert.to_s, @response.body
   end
 
-  test "send limited cert" do
-    with_config allow_limited_certs: true, allow_unlimited_certs: false do
-      login
-      cert = stub :to_s => "real cert"
-      ClientCertificate.expects(:new).with(:prefix => APP_CONFIG[:limited_cert_prefix]).returns(cert)
-      get :show
-      assert_response :success
-      assert_equal cert.to_s, @response.body
-    end
+  test "redirect if no eip service offered" do
+    get :show
+    assert_response :redirect
   end
 
+  protected
+
+  def expect_cert(prefix)
+    cert = stub :to_s => "#{prefix.downcase} cert"
+    ClientCertificate.expects(:new).
+      with(:prefix => prefix).
+      returns(cert)
+    return cert
+  end
 end
diff --git a/test/functional/v1/services_controller_test.rb b/test/functional/v1/services_controller_test.rb
new file mode 100644
index 0000000..e4058c0
--- /dev/null
+++ b/test/functional/v1/services_controller_test.rb
@@ -0,0 +1,31 @@
+require 'test_helper'
+
+class V1::ServicesControllerTest < ActionController::TestCase
+
+  test "anonymous user gets login required service info" do
+    get :show, format: :json
+    assert_json_response name: 'anonymous',
+      eip_rate_limit: false,
+      description: 'please login to access our services'
+  end
+
+  test "anonymous user gets vpn service info" do
+    with_config allow_anonymous_certs: true do
+      get :show, format: :json
+      assert_json_response name: 'anonymous',
+        eip_rate_limit: false,
+        description: 'anonymous access to the VPN'
+    end
+  end
+
+  test "user can see their service info" do
+    login
+    get :show, format: :json
+    assert_json_response name: 'free',
+      eip_rate_limit: true,
+      description: 'free account, with rate limited VPN',
+      storage: 100
+  end
+
+end
+
diff --git a/test/unit/anonymous_user_test.rb b/test/unit/anonymous_user_test.rb
new file mode 100644
index 0000000..6e94d39
--- /dev/null
+++ b/test/unit/anonymous_user_test.rb
@@ -0,0 +1,23 @@
+require 'test_helper'
+
+class AnonymousUserTest < ActiveSupport::TestCase
+
+  setup do
+    @anonymous = AnonymousUser.new
+  end
+
+  test "has nil values" do
+    assert_nil @anonymous.id
+    assert_nil @anonymous.email_address
+    assert_nil @anonymous.login
+  end
+
+  test "has no messages" do
+    assert_equal [], @anonymous.messages
+  end
+
+  test "has anonymous service level" do
+    assert @anonymous.effective_service_level.is_a? AnonymousServiceLevel
+  end
+
+end
diff --git a/test/unit/unauthenticated_user_test.rb b/test/unit/unauthenticated_user_test.rb
deleted file mode 100644
index e5fafb8..0000000
--- a/test/unit/unauthenticated_user_test.rb
+++ /dev/null
@@ -1,7 +0,0 @@
-require 'test_helper'
-
-class UnauthenticatedUserTest < ActiveSupport::TestCase
-  # test "the truth" do
-  #   assert true
-  # end
-end