From 303ec07901af3798efc873cbe050aa5cb4ba7655 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 8 Jul 2014 11:00:40 +0200 Subject: use cucumber; initial ConfigsController --- app/controllers/v1/configs_controller.rb | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 app/controllers/v1/configs_controller.rb (limited to 'app/controllers/v1') diff --git a/app/controllers/v1/configs_controller.rb b/app/controllers/v1/configs_controller.rb new file mode 100644 index 0000000..a43861b --- /dev/null +++ b/app/controllers/v1/configs_controller.rb @@ -0,0 +1,11 @@ +class V1::ConfigsController < ApplicationController + + before_filter :require_login + + def index + end + + def show + end + +end -- cgit v1.2.3 From f1a8cefb810bef263d3a96edffbec511dbe15291 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 8 Jul 2014 12:48:33 +0200 Subject: send static list of configs for now Also added authentication steps to cucumber --- app/controllers/v1/configs_controller.rb | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'app/controllers/v1') diff --git a/app/controllers/v1/configs_controller.rb b/app/controllers/v1/configs_controller.rb index a43861b..b11b0a9 100644 --- a/app/controllers/v1/configs_controller.rb +++ b/app/controllers/v1/configs_controller.rb @@ -1,8 +1,17 @@ class V1::ConfigsController < ApplicationController + CONFIGS = { + services: { + soledad: "/1/configs/soledad-service.json", + eip: "/1/configs/eip-service.json", + smtp: "/1/configs/smtp-service.json" + } + } + before_filter :require_login def index + render json: CONFIGS end def show -- cgit v1.2.3 From b80be9832526ee956b3a73a634896c6cd8d2914e Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 14 Jul 2014 12:18:18 +0200 Subject: ApiController with API style auth require_login is require_token for the api controller It also skips the verify_authenticity_token before filter. So all Subclasses of the ApiController will only support token auth. Also made the V1::UsersController a bit more strict. Now way for admins to alter other users through the api. We don't support that yet so let's not allow it either. --- app/controllers/v1/certs_controller.rb | 2 +- app/controllers/v1/configs_controller.rb | 18 +++++++++--------- app/controllers/v1/messages_controller.rb | 7 ++----- app/controllers/v1/services_controller.rb | 4 +--- app/controllers/v1/sessions_controller.rb | 5 ++--- app/controllers/v1/smtp_certs_controller.rb | 2 +- app/controllers/v1/users_controller.rb | 14 +++++++++++--- 7 files changed, 27 insertions(+), 25 deletions(-) (limited to 'app/controllers/v1') diff --git a/app/controllers/v1/certs_controller.rb b/app/controllers/v1/certs_controller.rb index b6d1d0b..68d6586 100644 --- a/app/controllers/v1/certs_controller.rb +++ b/app/controllers/v1/certs_controller.rb @@ -1,4 +1,4 @@ -class V1::CertsController < ApplicationController +class V1::CertsController < ApiController before_filter :require_login, :unless => :anonymous_certs_allowed? diff --git a/app/controllers/v1/configs_controller.rb b/app/controllers/v1/configs_controller.rb index b11b0a9..537123f 100644 --- a/app/controllers/v1/configs_controller.rb +++ b/app/controllers/v1/configs_controller.rb @@ -1,12 +1,4 @@ -class V1::ConfigsController < ApplicationController - - CONFIGS = { - services: { - soledad: "/1/configs/soledad-service.json", - eip: "/1/configs/eip-service.json", - smtp: "/1/configs/smtp-service.json" - } - } +class V1::ConfigsController < ApiController before_filter :require_login @@ -17,4 +9,12 @@ class V1::ConfigsController < ApplicationController def show end + CONFIGS = { + services: { + soledad: "/1/configs/soledad-service.json", + eip: "/1/configs/eip-service.json", + smtp: "/1/configs/smtp-service.json" + } + } + end diff --git a/app/controllers/v1/messages_controller.rb b/app/controllers/v1/messages_controller.rb index 85156b7..a9b93a9 100644 --- a/app/controllers/v1/messages_controller.rb +++ b/app/controllers/v1/messages_controller.rb @@ -1,10 +1,7 @@ module V1 - class MessagesController < ApplicationController + class MessagesController < ApiController - skip_before_filter :verify_authenticity_token - before_filter :require_token - - respond_to :json + before_filter :require_login def index render json: current_user.messages diff --git a/app/controllers/v1/services_controller.rb b/app/controllers/v1/services_controller.rb index 594940e..114870f 100644 --- a/app/controllers/v1/services_controller.rb +++ b/app/controllers/v1/services_controller.rb @@ -1,6 +1,4 @@ -class V1::ServicesController < ApplicationController - - respond_to :json +class V1::ServicesController < ApiController def show respond_with current_user.effective_service_level diff --git a/app/controllers/v1/sessions_controller.rb b/app/controllers/v1/sessions_controller.rb index d88fcdc..a343d9b 100644 --- a/app/controllers/v1/sessions_controller.rb +++ b/app/controllers/v1/sessions_controller.rb @@ -1,8 +1,7 @@ module V1 - class SessionsController < ApplicationController + class SessionsController < ApiController - skip_before_filter :verify_authenticity_token - before_filter :require_token, only: :destroy + before_filter :require_login, only: :destroy def new @session = Session.new diff --git a/app/controllers/v1/smtp_certs_controller.rb b/app/controllers/v1/smtp_certs_controller.rb index 377a49c..fa53b26 100644 --- a/app/controllers/v1/smtp_certs_controller.rb +++ b/app/controllers/v1/smtp_certs_controller.rb @@ -1,4 +1,4 @@ -class V1::SmtpCertsController < ApplicationController +class V1::SmtpCertsController < ApiController before_filter :require_login before_filter :require_email_account diff --git a/app/controllers/v1/users_controller.rb b/app/controllers/v1/users_controller.rb index abaefd8..5c9e33f 100644 --- a/app/controllers/v1/users_controller.rb +++ b/app/controllers/v1/users_controller.rb @@ -1,10 +1,9 @@ module V1 - class UsersController < UsersBaseController + class UsersController < ApiController - skip_before_filter :verify_authenticity_token before_filter :fetch_user, :only => [:update] before_filter :require_admin, :only => [:index] - before_filter :require_token, :only => [:update] + before_filter :require_login, :only => [:index, :update] before_filter :require_registration_allowed, only: :create respond_to :json @@ -29,11 +28,20 @@ module V1 respond_with @user end + protected + def require_registration_allowed unless APP_CONFIG[:allow_registration] head :forbidden end end + def fetch_user + @user = User.find(params[:id]) + if @user != current_user + access_denied + end + end + end end -- cgit v1.2.3 From f07c952c870bfb8634ef0d80737b67a1eec760f6 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 14 Jul 2014 13:04:30 +0200 Subject: send config files from ConfigsController --- app/controllers/v1/configs_controller.rb | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) (limited to 'app/controllers/v1') diff --git a/app/controllers/v1/configs_controller.rb b/app/controllers/v1/configs_controller.rb index 537123f..0b2a64a 100644 --- a/app/controllers/v1/configs_controller.rb +++ b/app/controllers/v1/configs_controller.rb @@ -1,20 +1,34 @@ class V1::ConfigsController < ApiController + include ControllerExtension::JsonFile before_filter :require_login + before_filter :sanitize_filename, only: :show + before_filter :fetch_file, only: :show def index - render json: CONFIGS + render json: {services: service_paths} end def show + send_file end - CONFIGS = { - services: { - soledad: "/1/configs/soledad-service.json", - eip: "/1/configs/eip-service.json", - smtp: "/1/configs/smtp-service.json" - } + SERVICES = { + soledad: "soledad-service.json", + eip: "eip-service.json", + smtp: "smtp-service.json" } + protected + + def service_paths + Hash[SERVICES.map{|k,v| [k,"/1/configs/#{str}"] } ] + end + + def sanitize_filename + @filename = params[:id].downcase + @filename += '.json' unless @filename.ends_with?('.json') + access_denied unless SERVICES.values.include? name + @filename = Rails.root.join('public', '1', 'config', @filename) + end end -- cgit v1.2.3 From 67f70b31bd16b05759e1f8393f077ee17f2c34be Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 14 Jul 2014 15:49:31 +0200 Subject: move fetch_user into module so it can be mixed in We have an ApiController that wants to call #fetch_user. Since we can only inherit from one class i moved fetch_user into an extension. --- app/controllers/v1/users_controller.rb | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) (limited to 'app/controllers/v1') diff --git a/app/controllers/v1/users_controller.rb b/app/controllers/v1/users_controller.rb index 5c9e33f..bfa04fc 100644 --- a/app/controllers/v1/users_controller.rb +++ b/app/controllers/v1/users_controller.rb @@ -1,5 +1,6 @@ module V1 class UsersController < ApiController + include ControllerExtension::FetchUser before_filter :fetch_user, :only => [:update] before_filter :require_admin, :only => [:index] @@ -35,13 +36,5 @@ module V1 head :forbidden end end - - def fetch_user - @user = User.find(params[:id]) - if @user != current_user - access_denied - end - end - end end -- cgit v1.2.3 From bb10a669e1129c662ba01f223bd5a0ee7f2a0344 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 14 Jul 2014 18:00:14 +0200 Subject: fix controller refactor and features Also save debug log on failing features --- app/controllers/v1/configs_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers/v1') diff --git a/app/controllers/v1/configs_controller.rb b/app/controllers/v1/configs_controller.rb index 0b2a64a..accdf5a 100644 --- a/app/controllers/v1/configs_controller.rb +++ b/app/controllers/v1/configs_controller.rb @@ -22,7 +22,7 @@ class V1::ConfigsController < ApiController protected def service_paths - Hash[SERVICES.map{|k,v| [k,"/1/configs/#{str}"] } ] + Hash[SERVICES.map{|k,v| [k,"/1/configs/#{v}"] } ] end def sanitize_filename -- cgit v1.2.3