Merge pull request #40 from azul/feature/token-auth

Token auth with a database of it's own

2 files changed, 56 insertions, 11 deletions

diff --git a/users/test/functional/v1/sessions_controller_test.rb b/users/test/functional/v1/sessions_controller_test.rb
index 1226c9d..0c4e325 100644
--- a/users/test/functional/v1/sessions_controller_test.rb
+++ b/users/test/functional/v1/sessions_controller_test.rb
@@ -11,6 +11,22 @@ class V1::SessionsControllerTest < ActionController::TestCase
     @client_hex = 'a123'
   end
 
+  test "renders json" do
+    get :new, :format => :json
+    assert_response :success
+    assert_json_error nil
+  end
+
+  test "renders warden errors" do
+    request.env['warden.options'] = {attempted_path: 'path/to/controller'}
+    strategy = stub :message => {:field => :translate_me}
+    request.env['warden'].stubs(:winning_strategy).returns(strategy)
+    I18n.expects(:t).with(:translate_me).at_least_once.returns("translation stub")
+    get :new, :format => :json
+    assert_response 422
+    assert_json_error :field => "translation stub"
+  end
+
   # Warden takes care of parsing the params and
   # rendering the response. So not much to test here.
   test "should perform handshake" do
@@ -20,18 +36,9 @@ class V1::SessionsControllerTest < ActionController::TestCase
     post :create, :login => @user.login, 'A' => @client_hex
   end
 
-  test "should send salt" do
-    User.expects(:find_by_login).with(@user.login).returns(@user)
-
-    post :create, :login => @user.login
-
-    assert_equal @user, assigns(:user)
-    assert_json_response salt: @user.salt
-  end
-
   test "should authorize" do
     request.env['warden'].expects(:authenticate!)
-    @controller.expects(:current_user).returns(@user)
+    @controller.stubs(:current_user).returns(@user)
     handshake = stub(:to_hash => {h: "ash"})
     session[:handshake] = handshake
 
@@ -39,7 +46,8 @@ class V1::SessionsControllerTest < ActionController::TestCase
 
     assert_nil session[:handshake]
     assert_response :success
-    assert_json_response handshake.to_hash.merge(id: @user.id)
+    assert json_response.keys.include?("id")
+    assert json_response.keys.include?("token")
   end
 
   test "logout should reset warden user" do
diff --git a/users/test/unit/token_test.rb b/users/test/unit/token_test.rb
new file mode 100644
index 0000000..bff6b71
--- /dev/null
+++ b/users/test/unit/token_test.rb
@@ -0,0 +1,37 @@
+require 'test_helper'
+
+class ClientCertificateTest < ActiveSupport::TestCase
+
+  setup do
+    @user = FactoryGirl.create(:user)
+  end
+
+  teardown do
+    @user.destroy
+  end
+
+  test "new token for user" do
+    sample = Token.new(:user_id => @user.id)
+    assert sample.valid?
+    assert_equal @user.id, sample.user_id
+  end
+
+  test "token id is secure" do
+    sample = Token.new(:user_id => @user.id)
+    other = Token.new(:user_id => @user.id)
+    assert sample.id,
+      "id is set on initialization"
+    assert sample.id[0..10] != other.id[0..10],
+      "token id prefixes should not repeat"
+    assert /[g-zG-Z]/.match(sample.id),
+      "should use non hex chars in the token id"
+    assert sample.id.size > 16,
+      "token id should be more than 16 chars long"
+  end
+
+  test "token checks for user" do
+    sample = Token.new
+    assert !sample.valid?, "Token should require a user record"
+  end
+
+end