summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorazul <azul@riseup.net>2014-04-25 12:15:37 +0200
committerazul <azul@riseup.net>2014-04-25 12:15:37 +0200
commit76ad25ba0ee344f185f8e8cdfe066685cd3b0447 (patch)
treed8122b5b5144c917f5e1924c1428a3a871e94149
parent2b6200f508ddb8e1c8a76fd3778881c39d787d8d (diff)
parentbe81b7430e0a2046125be7c3a4b01b8725f4afe6 (diff)
Merge pull request #148 from azul/feature/api-quota-support
Feature/api quota support + current_user null pattern
-rw-r--r--app/controllers/controller_extension/authentication.rb12
-rw-r--r--app/controllers/v1/certs_controller.rb38
-rw-r--r--app/controllers/v1/messages_controller.rb5
-rw-r--r--app/controllers/v1/services_controller.rb8
-rw-r--r--app/models/anonymous_service_level.rb30
-rw-r--r--app/models/anonymous_user.rb27
-rw-r--r--app/models/service_level.rb25
-rw-r--r--app/models/unauthenticated_user.rb6
-rw-r--r--app/views/users/_change_service_level.html.haml4
-rw-r--r--config/defaults.yml12
-rw-r--r--config/routes.rb1
-rw-r--r--engines/support/app/controllers/tickets_controller.rb36
-rw-r--r--engines/support/app/views/tickets/new.html.haml16
-rw-r--r--engines/support/app/views/tickets/show.html.haml2
-rw-r--r--test/functional/v1/certs_controller_test.rb46
-rw-r--r--test/functional/v1/services_controller_test.rb31
-rw-r--r--test/unit/anonymous_user_test.rb23
-rw-r--r--test/unit/unauthenticated_user_test.rb7
18 files changed, 214 insertions, 115 deletions
diff --git a/app/controllers/controller_extension/authentication.rb b/app/controllers/controller_extension/authentication.rb
index 03d3989..1f73f38 100644
--- a/app/controllers/controller_extension/authentication.rb
+++ b/app/controllers/controller_extension/authentication.rb
@@ -8,11 +8,11 @@ module ControllerExtension::Authentication
end
def current_user
- @current_user ||= token_authenticate || warden.user
+ @current_user ||= token_authenticate || warden.user || anonymous
end
def logged_in?
- !!current_user
+ current_user.is_a? User
end
def require_login
@@ -42,7 +42,7 @@ module ControllerExtension::Authentication
end
def admin?
- current_user && current_user.is_admin?
+ current_user.is_admin?
end
def require_admin
@@ -72,4 +72,10 @@ module ControllerExtension::Authentication
request.env['warden.options'] &&
request.env['warden.options'][:attempted_path]
end
+
+ protected
+
+ def anonymous
+ AnonymousUser.new
+ end
end
diff --git a/app/controllers/v1/certs_controller.rb b/app/controllers/v1/certs_controller.rb
index 64cfa7f..73409ef 100644
--- a/app/controllers/v1/certs_controller.rb
+++ b/app/controllers/v1/certs_controller.rb
@@ -4,7 +4,7 @@ class V1::CertsController < ApplicationController
# GET /cert
def show
- @cert = ClientCertificate.new(:prefix => certificate_prefix)
+ @cert = ClientCertificate.new(:prefix => service_level.cert_prefix)
render text: @cert.to_s, content_type: 'text/plain'
end
@@ -13,38 +13,8 @@ class V1::CertsController < ApplicationController
def anonymous_certs_allowed?
APP_CONFIG[:allow_anonymous_certs]
end
- #
- # this is some temporary logic until we store the service level in the user db.
- #
- # better logic might look like this:
- #
- # if logged_in?
- # service_level = user.service_level
- # elsif allow_anonymous?
- # service_level = service_levels[:anonymous]
- # else
- # service_level = nil
- # end
- #
- # if service_level.bandwidth == 'limited' && allow_limited?
- # prefix = limited
- # elsif allow_unlimited?
- # prefix = unlimited
- # else
- # prefix = nil
- # end
- #
- def certificate_prefix
- if logged_in?
- if APP_CONFIG[:allow_unlimited_certs]
- APP_CONFIG[:unlimited_cert_prefix]
- elsif APP_CONFIG[:allow_limited_certs]
- APP_CONFIG[:limited_cert_prefix]
- end
- elsif !APP_CONFIG[:allow_limited_certs]
- APP_CONFIG[:unlimited_cert_prefix]
- else
- APP_CONFIG[:limited_cert_prefix]
- end
+
+ def service_level
+ current_user.effective_service_level
end
end
diff --git a/app/controllers/v1/messages_controller.rb b/app/controllers/v1/messages_controller.rb
index f71d0f1..85156b7 100644
--- a/app/controllers/v1/messages_controller.rb
+++ b/app/controllers/v1/messages_controller.rb
@@ -7,12 +7,11 @@ module V1
respond_to :json
def index
- render json: (current_user ? current_user.messages : [] )
+ render json: current_user.messages
end
def update
- message = Message.find(params[:id])
- if (message and current_user)
+ if message = Message.find(params[:id])
message.mark_as_read_by(current_user)
message.save
render json: true
diff --git a/app/controllers/v1/services_controller.rb b/app/controllers/v1/services_controller.rb
new file mode 100644
index 0000000..594940e
--- /dev/null
+++ b/app/controllers/v1/services_controller.rb
@@ -0,0 +1,8 @@
+class V1::ServicesController < ApplicationController
+
+ respond_to :json
+
+ def show
+ respond_with current_user.effective_service_level
+ end
+end
diff --git a/app/models/anonymous_service_level.rb b/app/models/anonymous_service_level.rb
new file mode 100644
index 0000000..4366a4a
--- /dev/null
+++ b/app/models/anonymous_service_level.rb
@@ -0,0 +1,30 @@
+class AnonymousServiceLevel
+
+ delegate :to_json, to: :config_hash
+
+ def cert_prefix
+ if APP_CONFIG[:allow_limited_certs]
+ APP_CONFIG[:limited_cert_prefix]
+ elsif APP_CONFIG[:allow_unlimited_certs]
+ APP_CONFIG[:unlimited_cert_prefix]
+ end
+ end
+
+ def description
+ if APP_CONFIG[:allow_anonymous_certs]
+ "anonymous access to the VPN"
+ else
+ "please login to access our services"
+ end
+ end
+
+ protected
+
+ def config_hash
+ { name: "anonymous",
+ description: description,
+ eip_rate_limit: APP_CONFIG[:allow_limited_certs]
+ }
+ end
+
+end
diff --git a/app/models/anonymous_user.rb b/app/models/anonymous_user.rb
new file mode 100644
index 0000000..360a577
--- /dev/null
+++ b/app/models/anonymous_user.rb
@@ -0,0 +1,27 @@
+# The nil object for the user class
+class AnonymousUser < Object
+
+ def effective_service_level
+ AnonymousServiceLevel.new
+ end
+
+ def is_admin?
+ false
+ end
+
+ def id
+ nil
+ end
+
+ def email_address
+ nil
+ end
+
+ def login
+ nil
+ end
+
+ def messages
+ []
+ end
+end
diff --git a/app/models/service_level.rb b/app/models/service_level.rb
index 299aaf1..5dd8838 100644
--- a/app/models/service_level.rb
+++ b/app/models/service_level.rb
@@ -4,16 +4,35 @@ class ServiceLevel
@id = attributes[:id] || APP_CONFIG[:default_service_level]
end
- def self.authenticated_select_options
- APP_CONFIG[:service_levels].map { |id,config_hash| [config_hash[:description], id] if config_hash[:name] != 'anonymous'}.compact
+ def self.select_options
+ APP_CONFIG[:service_levels].map do |id,config_hash|
+ [config_hash[:description], id]
+ end
end
def id
@id
end
+ delegate :to_json, to: :config_hash
+
+ def cert_prefix
+ if limited_cert?
+ APP_CONFIG[:limited_cert_prefix]
+ elsif APP_CONFIG[:allow_unlimited_certs]
+ APP_CONFIG[:unlimited_cert_prefix]
+ end
+ end
+
+ protected
+
+ def limited_cert?
+ APP_CONFIG[:allow_limited_certs] &&
+ (!APP_CONFIG[:allow_unlimited_certs] || config_hash[:eip_rate_limit])
+ end
+
def config_hash
- APP_CONFIG[:service_levels][@id]
+ @config_hash || APP_CONFIG[:service_levels][@id].with_indifferent_access
end
end
diff --git a/app/models/unauthenticated_user.rb b/app/models/unauthenticated_user.rb
deleted file mode 100644
index 0fc17d2..0000000
--- a/app/models/unauthenticated_user.rb
+++ /dev/null
@@ -1,6 +0,0 @@
-# The nil object for the user class
-class UnauthenticatedUser < Object
-
- # will probably want something here to return service level as APP_CONFIG[:service_levels][0] but not sure how will be accessing.
-
-end
diff --git a/app/views/users/_change_service_level.html.haml b/app/views/users/_change_service_level.html.haml
index 61e67d9..42315a2 100644
--- a/app/views/users/_change_service_level.html.haml
+++ b/app/views/users/_change_service_level.html.haml
@@ -8,11 +8,11 @@
%legend= t(:service_level)
- if @user != current_user
= t(:desired_service_level)
- = f.select :desired_service_level_code, ServiceLevel.authenticated_select_options, :selected => @user.desired_service_level.id
+ = f.select :desired_service_level_code, ServiceLevel.select_options, :selected => @user.desired_service_level.id
- if @user != current_user
%p
= t(:effective_service_level)
- = f.select :effective_service_level_code, ServiceLevel.authenticated_select_options, :selected => @user.effective_service_level.id
+ = f.select :effective_service_level_code, ServiceLevel.select_options, :selected => @user.effective_service_level.id
.control-group
.controls
= f.submit t(:save), :class => 'btn', :data => {"loading-text" => "Saving..."}
diff --git a/config/defaults.yml b/config/defaults.yml
index e7d0f5e..47cb641 100644
--- a/config/defaults.yml
+++ b/config/defaults.yml
@@ -49,21 +49,15 @@ common: &common
service_levels: &service_levels
service_levels:
- 0:
- name: anonymous
- cert_prefix: "LIMITED"
- description: "anonymous account, with rate limited VPN"
1:
name: free
- cert_prefix: "LIMITED"
description: "free account, with rate limited VPN"
- cost: 0
- quota: 100
+ eip_rate_limit: true
+ storage: 100
2:
name: premium
- cert_prefix: "UNLIMITED"
description: "premium account, with unlimited vpn"
- cost:
+ rate:
USD: 10
EUR: 10
default_service_level: 1
diff --git a/config/routes.rb b/config/routes.rb
index b930bd1..f612b47 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -25,6 +25,7 @@ LeapWeb::Application.routes.draw do
resources :users, :only => [:create, :update, :destroy, :index]
resources :messages, :only => [:index, :update]
resource :cert, :only => [:show]
+ resource :service, :only => [:show]
end
scope "(:locale)", :locale => MATCH_LOCALE do
diff --git a/engines/support/app/controllers/tickets_controller.rb b/engines/support/app/controllers/tickets_controller.rb
index 4be3493..650f628 100644
--- a/engines/support/app/controllers/tickets_controller.rb
+++ b/engines/support/app/controllers/tickets_controller.rb
@@ -5,7 +5,8 @@ class TicketsController < ApplicationController
#has_scope :open, :type => boolean
before_filter :require_login, :only => [:index]
- before_filter :fetch_ticket, :only => [:show, :update, :destroy] # don't now have an edit method
+ before_filter :fetch_ticket, :only => [:show, :update, :destroy]
+ before_filter :require_ticket_access, :only => [:show, :update, :destroy]
before_filter :fetch_user
before_filter :set_title
@@ -17,11 +18,11 @@ class TicketsController < ApplicationController
def create
@ticket = Ticket.new(params[:ticket])
- @ticket.comments.last.posted_by = (logged_in? ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it.
+ #protecting posted_by isn't working, so this should protect it:
+ @ticket.comments.last.posted_by = current_user.id
@ticket.comments.last.private = false unless admin?
- @ticket.created_by = current_user.id if logged_in?
- @ticket.email = current_user.email_address if logged_in? and current_user.email_address
-
+ @ticket.created_by = current_user.id
+ @ticket.email = current_user.email_address if current_user.email_address
if @ticket.save
flash[:notice] = t(:thing_was_successfully_created, :thing => t(:ticket))
@@ -58,7 +59,7 @@ class TicketsController < ApplicationController
end
if @ticket.comments_changed?
- @ticket.comments.last.posted_by = (current_user ? current_user.id : nil)
+ @ticket.comments.last.posted_by = current_user.id
@ticket.comments.last.private = false unless admin?
end
@@ -120,19 +121,28 @@ class TicketsController < ApplicationController
return ticket
end
- def ticket_access?
- @ticket and (admin? or !@ticket.created_by or (current_user and current_user.id == @ticket.created_by))
- end
-
def fetch_ticket
@ticket = Ticket.find(params[:id])
- if !@ticket and admin?
- redirect_to auto_tickets_path, :alert => t(:no_such_thing, :thing => 'ticket')
- return
+ if !@ticket
+ if admin?
+ redirect_to auto_tickets_path,
+ alert: t(:no_such_thing, thing: 'ticket')
+ else
+ access_denied
+ end
end
+ end
+
+ def require_ticket_access
access_denied unless ticket_access?
end
+ def ticket_access?
+ admin? or
+ @ticket.created_by.blank? or
+ current_user.id == @ticket.created_by
+ end
+
def fetch_user
if params[:user_id]
@user = User.find(params[:user_id])
diff --git a/engines/support/app/views/tickets/new.html.haml b/engines/support/app/views/tickets/new.html.haml
index ba86ac3..65ed67b 100644
--- a/engines/support/app/views/tickets/new.html.haml
+++ b/engines/support/app/views/tickets/new.html.haml
@@ -2,22 +2,14 @@
= render 'tickets/tabs'
-- if admin? && @user
- - email = @user.email_address
- - regarding = @user.login
-- elsif logged_in?
- - email = current_user.email_address
- - regarding = current_user.login
+- user = @user if admin?
+- user ||= current_user
= simple_form_for @ticket, :validate => true, :html => {:class => 'form-horizontal'} do |f|
= hidden_ticket_fields
= f.input :subject
- - if logged_in?
- = f.input :email, input_html: {value: email}
- = f.input :regarding_user, input_html: {value: regarding}
- - else
- = f.input :email
- = f.input :regarding_user
+ = f.input :email, input_html: {value: user.email_address}
+ = f.input :regarding_user, input_html: {value: user.login}
= f.simple_fields_for :comments, @comment do |c|
= c.input :body, :label => t(:description), :as => :text, :input_html => {:class => "full-width", :rows=> 5}
- if admin?
diff --git a/engines/support/app/views/tickets/show.html.haml b/engines/support/app/views/tickets/show.html.haml
index bbca4bf..4f3c127 100644
--- a/engines/support/app/views/tickets/show.html.haml
+++ b/engines/support/app/views/tickets/show.html.haml
@@ -7,6 +7,6 @@
= render :partial => 'tickets/comment', :collection => @ticket.comments
%tr
%td.user
- = logged_in? ? current_user.login : t(:anonymous)
+ = current_user.login || t(:anonymous)
%td.comment
= render 'tickets/new_comment_form'
diff --git a/test/functional/v1/certs_controller_test.rb b/test/functional/v1/certs_controller_test.rb
index 2c70e52..fb8e9c4 100644
--- a/test/functional/v1/certs_controller_test.rb
+++ b/test/functional/v1/certs_controller_test.rb
@@ -2,43 +2,45 @@ require 'test_helper'
class V1::CertsControllerTest < ActionController::TestCase
- test "send limited cert without login" do
- with_config allow_limited_certs: true, allow_anonymous_certs: true do
- cert = stub :to_s => "limited cert"
- ClientCertificate.expects(:new).with(:prefix => APP_CONFIG[:limited_cert_prefix]).returns(cert)
+ test "send unlimited cert without login" do
+ with_config allow_anonymous_certs: true do
+ cert = expect_cert('UNLIMITED')
get :show
assert_response :success
assert_equal cert.to_s, @response.body
end
end
- test "send unlimited cert" do
- with_config allow_unlimited_certs: true do
+ test "send limited cert" do
+ with_config allow_limited_certs: true do
login
- cert = stub :to_s => "unlimited cert"
- ClientCertificate.expects(:new).with(:prefix => APP_CONFIG[:unlimited_cert_prefix]).returns(cert)
+ cert = expect_cert('LIMITED')
get :show
assert_response :success
assert_equal cert.to_s, @response.body
end
end
- test "login required if anonymous certs disabled" do
- with_config allow_anonymous_certs: false do
- get :show
- assert_response :redirect
- end
+ test "send unlimited cert" do
+ login effective_service_level: ServiceLevel.new(id: 2)
+ cert = expect_cert('UNLIMITED')
+ get :show
+ assert_response :success
+ assert_equal cert.to_s, @response.body
end
- test "send limited cert" do
- with_config allow_limited_certs: true, allow_unlimited_certs: false do
- login
- cert = stub :to_s => "real cert"
- ClientCertificate.expects(:new).with(:prefix => APP_CONFIG[:limited_cert_prefix]).returns(cert)
- get :show
- assert_response :success
- assert_equal cert.to_s, @response.body
- end
+ test "redirect if no eip service offered" do
+ get :show
+ assert_response :redirect
end
+ protected
+
+ def expect_cert(prefix)
+ cert = stub :to_s => "#{prefix.downcase} cert"
+ ClientCertificate.expects(:new).
+ with(:prefix => prefix).
+ returns(cert)
+ return cert
+ end
end
diff --git a/test/functional/v1/services_controller_test.rb b/test/functional/v1/services_controller_test.rb
new file mode 100644
index 0000000..e4058c0
--- /dev/null
+++ b/test/functional/v1/services_controller_test.rb
@@ -0,0 +1,31 @@
+require 'test_helper'
+
+class V1::ServicesControllerTest < ActionController::TestCase
+
+ test "anonymous user gets login required service info" do
+ get :show, format: :json
+ assert_json_response name: 'anonymous',
+ eip_rate_limit: false,
+ description: 'please login to access our services'
+ end
+
+ test "anonymous user gets vpn service info" do
+ with_config allow_anonymous_certs: true do
+ get :show, format: :json
+ assert_json_response name: 'anonymous',
+ eip_rate_limit: false,
+ description: 'anonymous access to the VPN'
+ end
+ end
+
+ test "user can see their service info" do
+ login
+ get :show, format: :json
+ assert_json_response name: 'free',
+ eip_rate_limit: true,
+ description: 'free account, with rate limited VPN',
+ storage: 100
+ end
+
+end
+
diff --git a/test/unit/anonymous_user_test.rb b/test/unit/anonymous_user_test.rb
new file mode 100644
index 0000000..6e94d39
--- /dev/null
+++ b/test/unit/anonymous_user_test.rb
@@ -0,0 +1,23 @@
+require 'test_helper'
+
+class AnonymousUserTest < ActiveSupport::TestCase
+
+ setup do
+ @anonymous = AnonymousUser.new
+ end
+
+ test "has nil values" do
+ assert_nil @anonymous.id
+ assert_nil @anonymous.email_address
+ assert_nil @anonymous.login
+ end
+
+ test "has no messages" do
+ assert_equal [], @anonymous.messages
+ end
+
+ test "has anonymous service level" do
+ assert @anonymous.effective_service_level.is_a? AnonymousServiceLevel
+ end
+
+end
diff --git a/test/unit/unauthenticated_user_test.rb b/test/unit/unauthenticated_user_test.rb
deleted file mode 100644
index e5fafb8..0000000
--- a/test/unit/unauthenticated_user_test.rb
+++ /dev/null
@@ -1,7 +0,0 @@
-require 'test_helper'
-
-class UnauthenticatedUserTest < ActiveSupport::TestCase
- # test "the truth" do
- # assert true
- # end
-end