summaryrefslogtreecommitdiff
path: root/users
diff options
context:
space:
mode:
Diffstat (limited to 'users')
-rw-r--r--users/app/controllers/users_controller.rb3
-rw-r--r--users/app/controllers/v1/users_controller.rb11
-rw-r--r--users/config/routes.rb2
-rw-r--r--users/test/integration/api/account_flow_test.rb22
4 files changed, 32 insertions, 6 deletions
diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb
index 6cb438b..ad51354 100644
--- a/users/app/controllers/users_controller.rb
+++ b/users/app/controllers/users_controller.rb
@@ -1,8 +1,5 @@
class UsersController < ApplicationController
- skip_before_filter :verify_authenticity_token, :only => [:create]
-
-
before_filter :authorize, :only => [:show, :edit, :update, :destroy]
before_filter :fetch_user, :only => [:show, :edit, :update, :destroy]
before_filter :set_anchor, :only => [:edit, :update]
diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb
index eda2fad..617bd4b 100644
--- a/users/app/controllers/v1/users_controller.rb
+++ b/users/app/controllers/v1/users_controller.rb
@@ -1,13 +1,22 @@
module V1
class UsersController < ApplicationController
- skip_before_filter :verify_authenticity_token, :only => [:create]
+ skip_before_filter :verify_authenticity_token
+ before_filter :authorize, :only => [:update]
respond_to :json
def create
@user = User.create(params[:user])
+ respond_with @user # return ID instead?
+ end
+
+ def update
+ # For now, only allow public key to be updated via the API. Eventually we might want to store in a config what attributes can be updated via the API.
+ @user = User.find_by_param(params[:id])
+ @user.update_attributes params[:user].slice(:public_key) if params[:user].respond_to?(:slice)
respond_with @user
end
+
end
end
diff --git a/users/config/routes.rb b/users/config/routes.rb
index 4127862..2cd1740 100644
--- a/users/config/routes.rb
+++ b/users/config/routes.rb
@@ -5,7 +5,7 @@ Rails.application.routes.draw do
path: "/1/",
defaults: {format: 'json'} } do
resources :sessions, :only => [:new, :create, :update, :destroy]
- resources :users, :only => [:create]
+ resources :users, :only => [:create, :update]
end
end
diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index 268fb5e..4937814 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -23,7 +23,7 @@ class AccountFlowTest < ActiveSupport::TestCase
:password_salt => @srp.salt.to_s(16)
}
post 'http://api.lvh.me:3000/1/users.json', :user => @user_params
- @user = User.find_by_param(@login)
+ @user = User.find_by_login(@login)
end
def teardown
@@ -91,4 +91,24 @@ class AccountFlowTest < ActiveSupport::TestCase
assert_nil server_auth
end
+ test "update user" do
+ server_auth = @srp.authenticate(self)
+ test_public_key = 'asdlfkjslfdkjasd'
+ original_login = @user.login
+ put "http://api.lvh.me:3000/1/users/" + @user.id + '.json', :user => {:public_key => test_public_key, :login => 'failed_login_name'}, :format => :json
+ @user.reload
+ assert_equal test_public_key, @user.public_key
+ assert_equal original_login, @user.login
+ # eventually probably want to remove most of this into a non-integration functional test
+ # should not overwrite public key:
+ put "http://api.lvh.me:3000/1/users/" + @user.id + '.json', :user => {:blee => :blah}, :format => :json
+ @user.reload
+ assert_equal test_public_key, @user.public_key
+ # should overwrite public key:
+ put "http://api.lvh.me:3000/1/users/" + @user.id + '.json', :user => {:public_key => nil}, :format => :json
+ # TODO: not sure why i need this, but when public key is removed, the DB is updated but @user.reload doesn't seem to actually reload.
+ @user = User.find(@user.id) # @user.reload
+ assert_nil @user.public_key
+ end
+
end