From b6d14dc19dd350a807826e3e097738a36613e083 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Tue, 8 Apr 2014 11:49:14 +0200
Subject: moving users: app and test files

---
 app/controllers/v1/messages_controller.rb | 25 +++++++++++++++++
 app/controllers/v1/sessions_controller.rb | 45 +++++++++++++++++++++++++++++++
 app/controllers/v1/users_controller.rb    | 32 ++++++++++++++++++++++
 3 files changed, 102 insertions(+)
 create mode 100644 app/controllers/v1/messages_controller.rb
 create mode 100644 app/controllers/v1/sessions_controller.rb
 create mode 100644 app/controllers/v1/users_controller.rb

(limited to 'app/controllers/v1')

diff --git a/app/controllers/v1/messages_controller.rb b/app/controllers/v1/messages_controller.rb
new file mode 100644
index 0000000..f71d0f1
--- /dev/null
+++ b/app/controllers/v1/messages_controller.rb
@@ -0,0 +1,25 @@
+module V1
+  class MessagesController < ApplicationController
+
+    skip_before_filter :verify_authenticity_token
+    before_filter :require_token
+
+    respond_to :json
+
+    def index
+      render json: (current_user ? current_user.messages : [] )
+    end
+
+    def update
+      message = Message.find(params[:id])
+      if (message and current_user)
+        message.mark_as_read_by(current_user)
+        message.save
+        render json: true
+      else
+        render json: false
+      end
+    end
+
+  end
+end
diff --git a/app/controllers/v1/sessions_controller.rb b/app/controllers/v1/sessions_controller.rb
new file mode 100644
index 0000000..eae3a1e
--- /dev/null
+++ b/app/controllers/v1/sessions_controller.rb
@@ -0,0 +1,45 @@
+module V1
+  class SessionsController < ApplicationController
+
+    skip_before_filter :verify_authenticity_token
+    before_filter :require_token, only: :destroy
+
+    def new
+      @session = Session.new
+      if authentication_errors
+        @errors = authentication_errors
+        render :status => 422
+      end
+    end
+
+    def create
+      logout if logged_in?
+      if params['A']
+        authenticate!
+      else
+        @user = User.find_by_login(params['login'])
+        render :json => {salt: @user.salt}
+      end
+    end
+
+    def update
+      authenticate!
+      @token = Token.create(:user_id => current_user.id)
+      session[:token] = @token.id
+      render :json => login_response
+    end
+
+    def destroy
+      logout
+      head :no_content
+    end
+
+    protected
+
+    def login_response
+      handshake = session.delete(:handshake) || {}
+      handshake.to_hash.merge(:id => current_user.id, :token => @token.id)
+    end
+
+  end
+end
diff --git a/app/controllers/v1/users_controller.rb b/app/controllers/v1/users_controller.rb
new file mode 100644
index 0000000..8897d01
--- /dev/null
+++ b/app/controllers/v1/users_controller.rb
@@ -0,0 +1,32 @@
+module V1
+  class UsersController < UsersBaseController
+
+    skip_before_filter :verify_authenticity_token
+    before_filter :fetch_user, :only => [:update]
+    before_filter :require_admin, :only => [:index]
+    before_filter :require_token, :only => [:update]
+
+    respond_to :json
+
+    # used for autocomplete for admins in the web ui
+    def index
+      if params[:query]
+        @users = User.by_login.startkey(params[:query]).endkey(params[:query].succ)
+        respond_with @users.map(&:login).sort
+      else
+        render :json => {'error' => 'query required', 'status' => :unprocessable_entity}
+      end
+    end
+
+    def create
+      @user = Account.create(params[:user])
+      respond_with @user # return ID instead?
+    end
+
+    def update
+      @user.account.update params[:user]
+      respond_with @user
+    end
+
+  end
+end
-- 
cgit v1.2.3


From c1486cb9688d53c5ae266ff22ab279ead12eaa36 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Thu, 10 Apr 2014 12:45:21 +0200
Subject: move certs into toplevel

cleaned up all the engine stuff that was never really used.
Afterwards there is not that much left that makes it into the toplevel.
---
 app/controllers/v1/certs_controller.rb | 50 ++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 app/controllers/v1/certs_controller.rb

(limited to 'app/controllers/v1')

diff --git a/app/controllers/v1/certs_controller.rb b/app/controllers/v1/certs_controller.rb
new file mode 100644
index 0000000..64cfa7f
--- /dev/null
+++ b/app/controllers/v1/certs_controller.rb
@@ -0,0 +1,50 @@
+class V1::CertsController < ApplicationController
+
+  before_filter :require_login, :unless => :anonymous_certs_allowed?
+
+  # GET /cert
+  def show
+    @cert = ClientCertificate.new(:prefix => certificate_prefix)
+    render text: @cert.to_s, content_type: 'text/plain'
+  end
+
+  protected
+
+  def anonymous_certs_allowed?
+    APP_CONFIG[:allow_anonymous_certs]
+  end
+  #
+  # this is some temporary logic until we store the service level in the user db.
+  #
+  # better logic might look like this:
+  #
+  # if logged_in?
+  #   service_level = user.service_level
+  # elsif allow_anonymous?
+  #   service_level = service_levels[:anonymous]
+  # else
+  #   service_level = nil
+  # end
+  #
+  # if service_level.bandwidth == 'limited' && allow_limited?
+  #   prefix = limited
+  # elsif allow_unlimited?
+  #   prefix = unlimited
+  # else
+  #   prefix = nil
+  # end
+  #
+  def certificate_prefix
+    if logged_in?
+      if APP_CONFIG[:allow_unlimited_certs]
+        APP_CONFIG[:unlimited_cert_prefix]
+      elsif APP_CONFIG[:allow_limited_certs]
+        APP_CONFIG[:limited_cert_prefix]
+      end
+    elsif !APP_CONFIG[:allow_limited_certs]
+      APP_CONFIG[:unlimited_cert_prefix]
+    else
+      APP_CONFIG[:limited_cert_prefix]
+    end
+  end
+end
-- 
cgit v1.2.3