summaryrefslogtreecommitdiff
path: root/users
diff options
context:
space:
mode:
authorjessib <jessib@riseup.net>2013-04-25 10:03:20 -0700
committerjessib <jessib@riseup.net>2013-04-25 10:03:20 -0700
commit15d48c24e529e2f944b026749c5eb35eb4c5cfa7 (patch)
tree071ec86c0fbd85cce8cef0a417423ee8e99c39f0 /users
parent4927abe188c7615fe6844ae0e20144b116a52a99 (diff)
parent53e3198196033f2dd77c09be6919cbef72f3f5d8 (diff)
Merge pull request #40 from azul/feature/token-auth
Token auth with a database of it's own
Diffstat (limited to 'users')
-rw-r--r--users/app/controllers/v1/sessions_controller.rb3
-rw-r--r--users/app/models/token.rb17
-rw-r--r--users/test/functional/v1/sessions_controller_test.rb30
-rw-r--r--users/test/unit/token_test.rb37
4 files changed, 75 insertions, 12 deletions
diff --git a/users/app/controllers/v1/sessions_controller.rb b/users/app/controllers/v1/sessions_controller.rb
index 9365d76..e3459d6 100644
--- a/users/app/controllers/v1/sessions_controller.rb
+++ b/users/app/controllers/v1/sessions_controller.rb
@@ -23,6 +23,7 @@ module V1
def update
authenticate!
+ @token = Token.create(:user_id => current_user.id)
render :json => login_response
end
@@ -35,7 +36,7 @@ module V1
def login_response
handshake = session.delete(:handshake)
- handshake.to_hash.merge(:id => current_user.id)
+ handshake.to_hash.merge(:id => current_user.id, :token => @token.id)
end
end
diff --git a/users/app/models/token.rb b/users/app/models/token.rb
new file mode 100644
index 0000000..44a6dfe
--- /dev/null
+++ b/users/app/models/token.rb
@@ -0,0 +1,17 @@
+class Token < CouchRest::Model::Base
+
+ use_database :tokens
+
+ property :user_id, String, accessible: false
+
+ validates :user_id, presence: true
+
+ def initialize(*args)
+ super
+ self.id = SecureRandom.urlsafe_base64(32)
+ end
+
+ design do
+ end
+end
+
diff --git a/users/test/functional/v1/sessions_controller_test.rb b/users/test/functional/v1/sessions_controller_test.rb
index 1226c9d..0c4e325 100644
--- a/users/test/functional/v1/sessions_controller_test.rb
+++ b/users/test/functional/v1/sessions_controller_test.rb
@@ -11,6 +11,22 @@ class V1::SessionsControllerTest < ActionController::TestCase
@client_hex = 'a123'
end
+ test "renders json" do
+ get :new, :format => :json
+ assert_response :success
+ assert_json_error nil
+ end
+
+ test "renders warden errors" do
+ request.env['warden.options'] = {attempted_path: 'path/to/controller'}
+ strategy = stub :message => {:field => :translate_me}
+ request.env['warden'].stubs(:winning_strategy).returns(strategy)
+ I18n.expects(:t).with(:translate_me).at_least_once.returns("translation stub")
+ get :new, :format => :json
+ assert_response 422
+ assert_json_error :field => "translation stub"
+ end
+
# Warden takes care of parsing the params and
# rendering the response. So not much to test here.
test "should perform handshake" do
@@ -20,18 +36,9 @@ class V1::SessionsControllerTest < ActionController::TestCase
post :create, :login => @user.login, 'A' => @client_hex
end
- test "should send salt" do
- User.expects(:find_by_login).with(@user.login).returns(@user)
-
- post :create, :login => @user.login
-
- assert_equal @user, assigns(:user)
- assert_json_response salt: @user.salt
- end
-
test "should authorize" do
request.env['warden'].expects(:authenticate!)
- @controller.expects(:current_user).returns(@user)
+ @controller.stubs(:current_user).returns(@user)
handshake = stub(:to_hash => {h: "ash"})
session[:handshake] = handshake
@@ -39,7 +46,8 @@ class V1::SessionsControllerTest < ActionController::TestCase
assert_nil session[:handshake]
assert_response :success
- assert_json_response handshake.to_hash.merge(id: @user.id)
+ assert json_response.keys.include?("id")
+ assert json_response.keys.include?("token")
end
test "logout should reset warden user" do
diff --git a/users/test/unit/token_test.rb b/users/test/unit/token_test.rb
new file mode 100644
index 0000000..bff6b71
--- /dev/null
+++ b/users/test/unit/token_test.rb
@@ -0,0 +1,37 @@
+require 'test_helper'
+
+class ClientCertificateTest < ActiveSupport::TestCase
+
+ setup do
+ @user = FactoryGirl.create(:user)
+ end
+
+ teardown do
+ @user.destroy
+ end
+
+ test "new token for user" do
+ sample = Token.new(:user_id => @user.id)
+ assert sample.valid?
+ assert_equal @user.id, sample.user_id
+ end
+
+ test "token id is secure" do
+ sample = Token.new(:user_id => @user.id)
+ other = Token.new(:user_id => @user.id)
+ assert sample.id,
+ "id is set on initialization"
+ assert sample.id[0..10] != other.id[0..10],
+ "token id prefixes should not repeat"
+ assert /[g-zG-Z]/.match(sample.id),
+ "should use non hex chars in the token id"
+ assert sample.id.size > 16,
+ "token id should be more than 16 chars long"
+ end
+
+ test "token checks for user" do
+ sample = Token.new
+ assert !sample.valid?, "Token should require a user record"
+ end
+
+end