From 90b64fdffdc33f0204af6ac2e315bd4be6bc200a Mon Sep 17 00:00:00 2001 From: jessib Date: Tue, 29 Jan 2013 11:42:46 -0800 Subject: Allow PUT API to update user. --- users/app/controllers/users_controller.rb | 3 --- users/app/controllers/v1/users_controller.rb | 10 +++++++++- users/config/routes.rb | 2 +- users/test/integration/api/account_flow_test.rb | 10 +++++++++- 4 files changed, 19 insertions(+), 6 deletions(-) diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 6cb438b..ad51354 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -1,8 +1,5 @@ class UsersController < ApplicationController - skip_before_filter :verify_authenticity_token, :only => [:create] - - before_filter :authorize, :only => [:show, :edit, :update, :destroy] before_filter :fetch_user, :only => [:show, :edit, :update, :destroy] before_filter :set_anchor, :only => [:edit, :update] diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb index eda2fad..e8e8f00 100644 --- a/users/app/controllers/v1/users_controller.rb +++ b/users/app/controllers/v1/users_controller.rb @@ -1,13 +1,21 @@ module V1 class UsersController < ApplicationController - skip_before_filter :verify_authenticity_token, :only => [:create] + skip_before_filter :verify_authenticity_token + before_filter :authorize, :only => [:update] respond_to :json def create @user = User.create(params[:user]) + respond_with @user # return ID instead? + end + + def update + @user = User.find_by_param(params[:id]) + @user.update_attributes(params[:user]) respond_with @user end + end end diff --git a/users/config/routes.rb b/users/config/routes.rb index 4127862..2cd1740 100644 --- a/users/config/routes.rb +++ b/users/config/routes.rb @@ -5,7 +5,7 @@ Rails.application.routes.draw do path: "/1/", defaults: {format: 'json'} } do resources :sessions, :only => [:new, :create, :update, :destroy] - resources :users, :only => [:create] + resources :users, :only => [:create, :update] end end diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb index 268fb5e..b763be5 100644 --- a/users/test/integration/api/account_flow_test.rb +++ b/users/test/integration/api/account_flow_test.rb @@ -23,7 +23,7 @@ class AccountFlowTest < ActiveSupport::TestCase :password_salt => @srp.salt.to_s(16) } post 'http://api.lvh.me:3000/1/users.json', :user => @user_params - @user = User.find_by_param(@login) + @user = User.find_by_login(@login) end def teardown @@ -91,4 +91,12 @@ class AccountFlowTest < ActiveSupport::TestCase assert_nil server_auth end + test "update user" do + server_auth = @srp.authenticate(self) + test_public_key = 'asdlfkjslfdkjasd' + put "http://api.lvh.me:3000/1/users/" + @user.id + '.json', :user => {:public_key => test_public_key}, :format => :json + @user.reload + assert_equal @user.public_key, test_public_key + end + end -- cgit v1.2.3 From afd5697f17a90654b6c058611896e3542a601ef5 Mon Sep 17 00:00:00 2001 From: jessib Date: Tue, 29 Jan 2013 12:09:38 -0800 Subject: A user's public_key is the only attribute they should be able to update via API. --- users/app/controllers/v1/users_controller.rb | 3 ++- users/test/integration/api/account_flow_test.rb | 10 +++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb index e8e8f00..9b5997d 100644 --- a/users/app/controllers/v1/users_controller.rb +++ b/users/app/controllers/v1/users_controller.rb @@ -12,8 +12,9 @@ module V1 end def update + # For now, only allow public key to be updated via the API. Eventually we might want to store in a config what attributes can be updated via the API. @user = User.find_by_param(params[:id]) - @user.update_attributes(params[:user]) + @user.update_attributes(:public_key => params[:user][:public_key]) respond_with @user end diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb index b763be5..653f7d9 100644 --- a/users/test/integration/api/account_flow_test.rb +++ b/users/test/integration/api/account_flow_test.rb @@ -96,7 +96,15 @@ class AccountFlowTest < ActiveSupport::TestCase test_public_key = 'asdlfkjslfdkjasd' put "http://api.lvh.me:3000/1/users/" + @user.id + '.json', :user => {:public_key => test_public_key}, :format => :json @user.reload - assert_equal @user.public_key, test_public_key + assert_equal test_public_key, @user.public_key + end + + test "cannot update login via api" do + server_auth = @srp.authenticate(self) + original_login = @user.login + put "http://api.lvh.me:3000/1/users/" + @user.id + '.json', :user => {:login => 'failed_login_name'}, :format => :json + @user.reload + assert_equal original_login, @user.login end end -- cgit v1.2.3 From 2d330838cf5a763d8de2bea752b4e37cf2caa249 Mon Sep 17 00:00:00 2001 From: jessib Date: Thu, 31 Jan 2013 13:09:00 -0800 Subject: Remove public key if the key is passed as nil, but not otherwise. There was a weird case with reloading the user in the test if the public key had been unset. --- users/app/controllers/v1/users_controller.rb | 2 +- users/test/integration/api/account_flow_test.rb | 20 ++++++++++++-------- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb index 9b5997d..617bd4b 100644 --- a/users/app/controllers/v1/users_controller.rb +++ b/users/app/controllers/v1/users_controller.rb @@ -14,7 +14,7 @@ module V1 def update # For now, only allow public key to be updated via the API. Eventually we might want to store in a config what attributes can be updated via the API. @user = User.find_by_param(params[:id]) - @user.update_attributes(:public_key => params[:user][:public_key]) + @user.update_attributes params[:user].slice(:public_key) if params[:user].respond_to?(:slice) respond_with @user end diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb index 653f7d9..4937814 100644 --- a/users/test/integration/api/account_flow_test.rb +++ b/users/test/integration/api/account_flow_test.rb @@ -94,17 +94,21 @@ class AccountFlowTest < ActiveSupport::TestCase test "update user" do server_auth = @srp.authenticate(self) test_public_key = 'asdlfkjslfdkjasd' - put "http://api.lvh.me:3000/1/users/" + @user.id + '.json', :user => {:public_key => test_public_key}, :format => :json - @user.reload - assert_equal test_public_key, @user.public_key - end - - test "cannot update login via api" do - server_auth = @srp.authenticate(self) original_login = @user.login - put "http://api.lvh.me:3000/1/users/" + @user.id + '.json', :user => {:login => 'failed_login_name'}, :format => :json + put "http://api.lvh.me:3000/1/users/" + @user.id + '.json', :user => {:public_key => test_public_key, :login => 'failed_login_name'}, :format => :json @user.reload + assert_equal test_public_key, @user.public_key assert_equal original_login, @user.login + # eventually probably want to remove most of this into a non-integration functional test + # should not overwrite public key: + put "http://api.lvh.me:3000/1/users/" + @user.id + '.json', :user => {:blee => :blah}, :format => :json + @user.reload + assert_equal test_public_key, @user.public_key + # should overwrite public key: + put "http://api.lvh.me:3000/1/users/" + @user.id + '.json', :user => {:public_key => nil}, :format => :json + # TODO: not sure why i need this, but when public key is removed, the DB is updated but @user.reload doesn't seem to actually reload. + @user = User.find(@user.id) # @user.reload + assert_nil @user.public_key end end -- cgit v1.2.3