summaryrefslogtreecommitdiff
path: root/users
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2012-12-08 16:05:40 +0100
committerAzul <azul@leap.se>2012-12-08 16:05:40 +0100
commit0f36c7931fe04bb3d6a3fd70a25fe1090f48e774 (patch)
tree705212a30f1487787abc8ccf345bc6e0566416e2 /users
parent8282b83c798ba4e5c1e26ec8243b82669b3ee6d4 (diff)
serve api version 1 in /1/
Just a very simple start for now. Do we want to use the api for the secure remote password auth from js?
Diffstat (limited to 'users')
-rw-r--r--users/app/controllers/v1/sessions_controller.rb28
-rw-r--r--users/app/controllers/v1/users_controller.rb13
-rw-r--r--users/config/routes.rb5
-rw-r--r--users/test/integration/api/account_flow_test.rb6
-rwxr-xr-xusers/test/integration/api/python/flow_with_srp.py2
5 files changed, 50 insertions, 4 deletions
diff --git a/users/app/controllers/v1/sessions_controller.rb b/users/app/controllers/v1/sessions_controller.rb
new file mode 100644
index 0000000..5b4a13b
--- /dev/null
+++ b/users/app/controllers/v1/sessions_controller.rb
@@ -0,0 +1,28 @@
+module V1
+ class SessionsController < ApplicationController
+
+ skip_before_filter :verify_authenticity_token
+
+ def new
+ @session = Session.new
+ if authentication_errors
+ @errors = authentication_errors
+ render :status => 422
+ end
+ end
+
+ def create
+ authenticate!
+ end
+
+ def update
+ authenticate!
+ render :json => session.delete(:handshake)
+ end
+
+ def destroy
+ logout
+ redirect_to root_path
+ end
+ end
+end
diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb
new file mode 100644
index 0000000..eda2fad
--- /dev/null
+++ b/users/app/controllers/v1/users_controller.rb
@@ -0,0 +1,13 @@
+module V1
+ class UsersController < ApplicationController
+
+ skip_before_filter :verify_authenticity_token, :only => [:create]
+
+ respond_to :json
+
+ def create
+ @user = User.create(params[:user])
+ respond_with @user
+ end
+ end
+end
diff --git a/users/config/routes.rb b/users/config/routes.rb
index 1d144b4..6de216f 100644
--- a/users/config/routes.rb
+++ b/users/config/routes.rb
@@ -1,5 +1,10 @@
Rails.application.routes.draw do
+ scope "/1", :module => "V1", defaults: {format: 'json'} do
+ resources :sessions, :only => [:new, :create, :update, :destroy]
+ resources :users, :only => [:create]
+ end
+
get "login" => "sessions#new", :as => "login"
get "logout" => "sessions#destroy", :as => "logout"
resources :sessions, :only => [:new, :create, :update, :destroy]
diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index add12fe..e425c35 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -26,7 +26,7 @@ class AccountFlowTest < ActiveSupport::TestCase
:password_verifier => @srp.verifier.to_s(16),
:password_salt => @srp.salt.to_s(16)
}
- post '/users.json', :user => @user_params
+ post '/1/users.json', :user => @user_params
@user = User.find_by_param(@login)
end
@@ -36,7 +36,7 @@ class AccountFlowTest < ActiveSupport::TestCase
# this test wraps the api and implements the interface the ruby-srp client.
def handshake(login, aa)
- post "/sessions.json", :login => login, 'A' => aa.to_s(16), :format => :json
+ post "/1/sessions.json", :login => login, 'A' => aa.to_s(16), :format => :json
response = JSON.parse(last_response.body)
if response['errors']
raise RECORD_NOT_FOUND.new(response['errors'])
@@ -46,7 +46,7 @@ class AccountFlowTest < ActiveSupport::TestCase
end
def validate(m)
- put "/sessions/" + @login + '.json', :client_auth => m.to_s(16), :format => :json
+ put "/1/sessions/" + @login + '.json', :client_auth => m.to_s(16), :format => :json
return JSON.parse(last_response.body)
end
diff --git a/users/test/integration/api/python/flow_with_srp.py b/users/test/integration/api/python/flow_with_srp.py
index b599252..f28aeda 100755
--- a/users/test/integration/api/python/flow_with_srp.py
+++ b/users/test/integration/api/python/flow_with_srp.py
@@ -16,7 +16,7 @@ def id_generator(size=6, chars=string.ascii_uppercase + string.digits):
return ''.join(random.choice(chars) for x in range(size))
# using globals for a start
-server = 'http://springbok.leap.se/1/'
+server = 'http://localhost:3000/1'
login = id_generator()
password = id_generator() + id_generator()