cadenero 0.0.2.b3 → 0.0.2.b4

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    NThlODkyY2YyMmNlYTBhYjc0ZjVmNTE1YmI0Mzg3NjQxMTI3ZDE3Ng==
+    YWFkM2QwNGFkNGJjNGVlOGM0ZmVkNDIzZDI2NTdlM2IwYTgxZjMxMQ==
   data.tar.gz: !binary |-
-    M2UzOWZjMDA5M2U3MGRjNTdjZWZiNzIwMjQ2NTEzOGI1ZDc4NGNiZg==
+    NzIyNDk3ZDdiMjE3ZWVmOTBmOWY0MTUxYTRhMDU1ZjEyYzE2MzViNg==
 !binary "U0hBNTEy":
   metadata.gz: !binary |-
-    ODYwNTExMGVkOTU5MzI2YWZmODI5YjgyY2E0OTQ3ODgzM2ViOTY5ZjVhNGMw
-    YWI0MGVjY2MzOGM3OGUxOTE2ODRmMDk0Yjg4ZjM4NWYzMWFiYTU0MmNiMDYz
-    ZDQ3Mjg1ZDkxZDNlMWZmOWU4YTNlMmEzYTA4MWE3ZjMxYTY4MTg=
+    ODUwOGQ0OGFlNmYwZjc1MzE4YjAxZTMwZGZhZDJlZTVkZmY3NmIxZGYxMWFm
+    OGFjYzkwYzI2ZTYyMzlkZjdkM2JjOGI4Y2I1Njg2ZDVkY2NkMDgyNTVhNTY1
+    ZmZiYTcyMWU1MTE4NGQ0MWUzMWVhYTg5YTc0MzdiODVmYjlkODI=
   data.tar.gz: !binary |-
-    ZGY1MWUyODM2NWU2OTA3MmZkYmY2YmEzZjU1MmYzODE0YWJjMWQzMmFkYTA3
-    YTU4Y2QyZGMyOTcxMWM5NjAyY2Q2MjZmOWM2Zjk4NzAzOWEwNjc4NzE2ZmU3
-    NDZkZjkwNmFhYTlhZTk2MmI0Y2E0OTIwMjkwNDE1YmNiNDZkNjI=
+    MjU0OWZjYTBhMWIxZjc5NmRjNDgwOTQ4MzU2M2ZjNWY3ZTM4NDk0Zjc4Yzlk
+    MWQ4MjllZWM0OTA3M2U3MmRlZDYwNDlkNTA2ZWY5NGJkNmQ3YmVjMzJkMjNl
+    YTRmNjI1MWRiNGYwZTM1NDRhMjdiNDBiYzA2NTI1NjhmZWUwMzg=

data/README.md

@@ -20,15 +20,17 @@ Authentication Engine for Rails.API multitenant RESTful APIs based on Warden. It
 
 ### Installing **Cadenero**
 
-Generate first your Rails.API app as usual using:
+Rails 3.2.13 is the master version used now by **Cadenero**, if you want to use Rails 4 goodness please use the branch "rails4"
+
+Generate first your Rails app as usual using:
 
 ```
-    $ rails-api new your_app --skip-test-unit
+    $ rails _3.2.13_ new your_app --skip-test-unit
 ```
 
 In the `Gemfile` add the following lines:
 ```ruby
-    gem 'cadenero', github: 'AgilTec/cadenero', branch: 'rails4'
+    gem 'cadenero', '~> 0.0.2.b4'
     gem 'pg'
 ```
 
@@ -97,12 +99,13 @@ Have fun!
 **Cadenero** creates the following versioned routes for exposing the authentication RESTful API
 
 ```
-        v1_root        /v1(.:format)          cadenero/v1/account/dashboard#index {:default=>:json}
-    v1_sessions POST   /v1/sessions(.:format) cadenero/v1/account/sessions#create {:default=>:json}
-                DELETE /v1/sessions(.:format) cadenero/v1/account/sessions#delete {:default=>:json}
-       v1_users POST   /v1/users(.:format)    cadenero/v1/account/users#create {:default=>:json}
-    v1_accounts POST   /v1/accounts(.:format) cadenero/v1/accounts#create {:default=>:json}
-           root        /                      cadenero/v1/account/dashboard#index {:default=>:json}
+            v1_root        /v1(.:format)           cadenero/v1/account/dashboard#index {:default=>:json}
+        v1_sessions POST   /v1/sessions(.:format)  cadenero/v1/account/sessions#create {:default=>:json}
+                    DELETE /v1/sessions(.:format)  cadenero/v1/account/sessions#delete {:default=>:json}
+           v1_users POST   /v1/users(.:format)     cadenero/v1/account/users#create {:default=>:json}
+                 v1 GET    /v1/users/:id(.:format) cadenero/v1/account/users#show {:default=>:json}
+        v1_accounts POST   /v1/accounts(.:format)  cadenero/v1/accounts#create {:default=>:json}
+               root        /                       cadenero/v1/account/dashboard#index {:default=>:json}
 ```
 
 You can check them running:

data/app/controllers/cadenero/v1/account/sessions_controller.rb

@@ -7,7 +7,7 @@ module Cadenero::V1
     def create
       if env['warden'].authenticate(:password, :scope => :user)
         #return the user JSON on success
-        render json: current_user, serializer: Cadenero::UserSerializer, status: :created
+        render json: current_user, status: :created
       else
         #return error mesage in a JSON on error
         render json: {errors: {user:["Invalid email or password"]}}, status: :unprocessable_entity

data/app/controllers/cadenero/v1/account/users_controller.rb

@@ -19,23 +19,22 @@ module Cadenero
       #   fulfilled and resulted in a new resource being created.
       def create
         account = Cadenero::V1::Account.where(subdomain: request.subdomain).first
-        @user = account.users.create(user_params)
+        @user = account.users.create(params[:user])
         force_authentication!(@user)
-        render json: @user, serializer: UserSerializer, status: :created
+        render json: @user, status: :created
       end
+      
       # Send as JSON the user that match the params[:user]
       def show
-        @user = account.users.where(user_params).first
+        @user = current_account.users.where(id: params[:id]).first
         render json: @user, status: :ok
       end
 
-      private
-      
-      # Permited parameters using strong parameters format
-      def user_params
-        params.require(:user).permit(:email, :password, :password_confirmation)
+      # Send as JSON the users for the current_account
+      def index
+        @users = current_account.users
+        render json: @users, status: :ok
       end
-
     end
   end
 end

data/app/controllers/cadenero/v1/accounts_controller.rb

@@ -20,12 +20,12 @@ module Cadenero
       # @return render JSON of [Cadenero::V1::Account] created and the status 201 Created: The request has been 
       #   fulfilled and resulted in a new resource being created.
       def create
-        @account = Cadenero::V1::Account.create_with_owner(account_params)
+        @account = Cadenero::V1::Account.create_with_owner(params[:account])
         if @account.valid?
           @account.create_schema
           @account.ensure_authentication_token!
           force_authentication!(@account.owner)
-          render json: @account, serializer: AccountSerializer, status: :created
+          render json: @account, status: :created
         else
           @data = {
             errors: @account.errors
@@ -33,13 +33,6 @@ module Cadenero
           render json: @data, status: :unprocessable_entity
         end
       end
-
-      private
-      
-      # Permited parameters using strong parameters format
-      def account_params
-        params.require(:account).permit(:name, :subdomain, owner_attributes: [:email, :password, :password_confirmation])
-      end
     end
   end
 end

data/app/extenders/controllers/application_controller_decorator.rb

@@ -30,7 +30,7 @@
 
 # Check to see if there is an authenticated user  
   def user_signed_in?
-    env['warden'].authenticated?(:user) unless env['warden'].nil?
+    env['warden'].authenticated?(:user)
   end
 
 # it the user is not authenticated returns a 422 and an informative error with the link for sign

data/app/extenders/middleware/robustness.rb

@@ -10,8 +10,6 @@ class Robustness
     @app.call(env)
   rescue Apartment::SchemaNotFound => ex
     [422, { 'Content-Type' => 'application/json' }, [ {errors: {subdomain:["Invalid subdomain"]}}.to_json ] ]  # suppose the message can be safely used
-  rescue ArgumentError => ex
-    [422, { 'Content-Type' => 'application/json' }, [ {errors: {subdomain:["Invalid subdomain"]}}.to_json ] ]  # suppose the message can be safely used
   rescue SecurityError => ex
     [403, { 'Content-Type' => 'application/json' }, [ ex.message ] ]
   ensure

data/app/models/cadenero/user.rb

@@ -1,6 +1,7 @@
 module Cadenero
   # Defines a user of one or more accounts for the multitenant  Rails App
   class User < ActiveRecord::Base
+    attr_accessible :email, :password, :password_confirmation
     has_secure_password
     has_many :accounts, class_name: "Cadenero::V1::Account", foreign_key: "owner_id"
     has_many :members, class_name: "Cadenero::Member"
@@ -8,7 +9,7 @@ module Cadenero
 
     # Obtain the authentication_token from the account to be use for the User
     def auth_token      
-      accounts[0].authentication_token if accounts[0]
+      accounts.map{|acc| acc.authentication_token}
     end
   
   end

data/app/models/cadenero/v1/account.rb

@@ -6,8 +6,10 @@ module Cadenero::V1
     has_many :users, :through => :members,  :class_name => "Cadenero::User"
     
     accepts_nested_attributes_for :owner
+    attr_accessible :name, :subdomain, :owner_attributes, :owner
     validates :subdomain, :presence => true, :uniqueness => true
     validates :owner, :presence => true
+    after_create :ensure_authentication_token!
 
     # Creates an account and assign the provided [Cadenero::User] as owner to the account
     # @param [Hash] params list 

data/config/routes.rb

@@ -8,10 +8,11 @@ Cadenero::Engine.routes.draw do
         post '/sessions', :to => "sessions#create", default: :json
         delete '/sessions', :to => "sessions#delete", default: :json
         post '/users', :to => "users#create", default: :json
-        get '/users', :to => "users#show", default: :json
+        get '/users', :to => "users#index", default: :json
+        get '/users/:id', :to => "users#show", as: :user, default: :json
       end
     end
-    post '/accounts', :to => "accounts#create", :as => :accounts, default: :json
+    post '/accounts', :to => "accounts#create", as: :accounts, default: :json
 
   end
   root :to => "v1/account/dashboard#index", default: :json

data/lib/cadenero/testing_support/authentication_helpers.rb

@@ -0,0 +1,93 @@
+module Cadenero
+  # Helper Methods for testing
+  module TestingSupport
+    # RSpec Helper for subdomains
+    module AuthenticationHelpers
+      # creates a dummy user for testing
+      # @return a dummy user JSON parameters for sign up
+      def create_account_user
+        @user ||= { email: "user@example.com", password: "password", password_confirmation: "password" }
+      end
+      # @param user [Cadenero::User]
+      # @return [JSON] a dummy user JSON parameters for sign in
+      def account_user(user)
+        @user = { email: user.email, password: "password" }
+      end
+
+      # find an account in the Database using the email of the owner
+      # @return [Cadenero::V1::Account] the corresponding account that was founded
+      def find_account_by_email
+        @account = Cadenero::V1::Account.where(name: create_account_user[:email]).first
+      end
+      
+      # find an account in the Database using the name of the owner
+      # @return [Cadenero::V1::Account] the corresponding account that was founded
+      def find_account_by_name
+        @account = Cadenero::V1::Account.where(name: @visitor[:name]).first
+      end
+
+      # sing in a user sending a POST
+      # @param url [String] the URL to be POSTed
+      # @param user [Cadenero::User] to be POSTed
+      # @return [Cadenero::V1::Account] the corresponding account that was founded
+      def sign_in_user(url, user)
+        post "#{url}", format: :json, user: user
+        find_account_by_email
+      end
+
+      # Expect that the JSON response from the server corresponds to the provided msg
+      # @param msg [JSON] the  errors: as JSON
+      def expected_json_errors(msg)
+        expect(last_response.body).to eql(msg)
+        expect(last_response.status).to eq 422    
+      end
+
+      # Expect that the JSON response will be a default error message when the user has not signed in yet
+      # the errors_redirect_ro_sign_in is defined if was not previously defined is a Spec
+      def check_error_for_not_signed_in_yet
+        errors_redirect_ro_sign_in ||= {errors: %Q{Please sign in. posting the user json credentials as: {"user": {"email": "testy2@example.com", "password": "changeme"}} to /v1/sessions}, links: "/v1/sessions"}.to_json
+        get cadenero.v1_root_url(:subdomain => account.subdomain)
+        expected_json_errors(errors_redirect_ro_sign_in)
+      end
+
+      # Sign up a dummy user for testing
+      # @return [Cadenero::V1::Account] the corresponding account that was founded
+      def sign_up_user(url)
+        post "#{url}/v1/users", format: :json, user: create_account_user
+        find_account_by_email
+      end
+
+      # Expect that a owner sign in successfuly to an account
+      # @param account [Cadenero::V1::Account]
+      # @return email [String] for the last response user
+      def successful_sign_in_owner(account)
+        sign_in_user sessions_url, account_user(account.owner)
+        expect(last_response.status).to eq 201
+        expect(json_last_response_body["user"]["account_ids"]).to eq [account.id]
+        expect(json_last_response_body).to have_content "auth_token"
+        expect(json_last_response_body["user"]["auth_token"]).to eq [account.authentication_token]
+        return json_last_response_body["user"]["email"]
+      end
+
+      # creates a dummy account for testing
+      # @return [JSON] a dummy account JSON parameters
+      def create_account
+        @visitor ||= { name: "Testy", subdomain: "test", owner_attributes:
+          {email: "testy@example.com", password: "changeme", password_confirmation: "changeme"} }
+      end
+
+      # Sign up a dummy account for testing
+      # @return [Cadenero::V1::Account] the corresponding account that was founded
+      def sign_up_account
+        post "/v1/accounts", format: :json, account: create_account
+        find_account_by_name
+      end
+
+      # Parse the last_response.body as JSON
+      # @return [JSON] for the last_response.body
+      def json_last_response_body
+        JSON.parse(last_response.body)
+      end
+    end
+  end
+end

data/lib/cadenero/version.rb

@@ -1,3 +1,3 @@
 module Cadenero
-  VERSION = "0.0.2.b3" # Current VERSION of Cadenero
+  VERSION = "0.0.2.b4" # Current VERSION of Cadenero
 end

data/spec/dummy/config/application.rb

@@ -2,12 +2,8 @@ require File.expand_path('../boot', __FILE__)
 
 require 'rails/all'
 
-if defined?(Bundler)
-  # If you precompile assets before deploying to production, use this line
-  Bundler.require(*Rails.groups(:assets => %w(development test)))
-  # If you want your assets lazily compiled in production, use this line
-  # Bundler.require(:default, :assets, Rails.env)
-end
+Bundler.require(*Rails.groups)
+require "cadenero"
 
 module Dummy
   class Application < Rails::Application
@@ -51,12 +47,17 @@ module Dummy
     # This will create an empty whitelist of attributes available for mass-assignment for all models
     # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
     # parameters by using an attr_accessible or attr_protected declaration.
-    #config.active_record.whitelist_attributes = true
+    config.active_record.whitelist_attributes = true
 
     # Enable the asset pipeline
     config.assets.enabled = true
 
     # Version of your assets, change this if you want to expire all your assets
     config.assets.version = '1.0'
+
+    config.generators do |g|
+      g.test_framework :rspec
+    end
   end
 end
+

data/spec/dummy/config/boot.rb

@@ -1,6 +1,10 @@
 require 'rubygems'
+gemfile = File.expand_path('../../../../Gemfile', __FILE__)
 
-# Set up gems listed in the Gemfile.
-ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
+if File.exist?(gemfile)
+  ENV['BUNDLE_GEMFILE'] = gemfile
+  require 'bundler'
+  Bundler.setup
+end
 
-require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE'])
+$:.unshift File.expand_path('../../../../lib', __FILE__)

data/spec/dummy/config/environments/development.rb

@@ -4,9 +4,13 @@ Dummy::Application.configure do
   # In the development environment your application's code is reloaded on
   # every request. This slows down response time but is perfect for development
   # since you don't have to restart the web server when you make code changes.
-  #config.ember.variant = :development
+  config.cache_classes = false
+
+  config.ember.variant = :development
+
+  # Log error messages when you accidentally call methods on nil.
+  config.whiny_nils = true
 
-  config.eager_load = false
   # Show full error reports and disable caching
   config.consider_all_requests_local       = true
   config.action_controller.perform_caching = false
@@ -20,6 +24,9 @@ Dummy::Application.configure do
   # Only use best-standards-support built into browsers
   config.action_dispatch.best_standards_support = :builtin
 
+  # Raise exception on mass assignment protection for Active Record models
+  config.active_record.mass_assignment_sanitizer = :strict
+
   # Log the query plan for queries taking more than this (works
   # with SQLite, MySQL, and PostgreSQL)
   config.active_record.auto_explain_threshold_in_seconds = 0.5

data/spec/dummy/config/environments/production.rb

@@ -4,8 +4,7 @@ Dummy::Application.configure do
   # Code is not reloaded between requests
   config.cache_classes = true
 
-  config.eager_load = true
-  #config.ember.variant = :production
+  config.ember.variant = :production
 
   # Full error reports are disabled and caching is turned on
   config.consider_all_requests_local       = false

data/spec/dummy/config/environments/test.rb

@@ -7,13 +7,15 @@ Dummy::Application.configure do
   # and recreated between test runs. Don't rely on the data there!
   config.cache_classes = true
 
-  config.eager_load = false
-  #config.ember.variant = :development
+  config.ember.variant = :development
 
   # Configure static asset server for tests with Cache-Control for performance
   config.serve_static_assets = true
   config.static_cache_control = "public, max-age=3600"
 
+  # Log error messages when you accidentally call methods on nil
+  config.whiny_nils = true
+
   # Show full error reports and disable caching
   config.consider_all_requests_local       = true
   config.action_controller.perform_caching = false
@@ -29,6 +31,9 @@ Dummy::Application.configure do
   # ActionMailer::Base.deliveries array.
   # config.action_mailer.delivery_method = :test
 
+  # Raise exception on mass assignment protection for Active Record models
+  config.active_record.mass_assignment_sanitizer = :strict
+
   # Print deprecation notices to the stderr
   config.active_support.deprecation = :stderr
 end

data/spec/dummy/config/initializers/secret_token.rb

@@ -2,7 +2,18 @@
 
 # Your secret key for verifying the integrity of signed cookies.
 # If you change this key, all old signed cookies will become invalid!
+
 # Make sure the secret is at least 30 characters and all random,
 # no regular words or you'll be exposed to dictionary attacks.
-Dummy::Application.config.secret_token = '2badc583f5ee641098da66a9330ca138b22302e4c6a8b0e67ca37ef180bd836406f056cf35bdf2c1214cd8835c55969e74fe8f589dde6b093bac703a32960807'
-Dummy::Application.config.secret_key_base = 'df98291699a229624c0907ad6236b289bc51369d1d1f2729b2c66cdad46b60cb2cb64b93d47b0d2fd9aa4f833bc8d4c98eaaed223f9d4b9ed684677f655611e8'
+# You can use `rake secret` to generate a secure secret key.
+
+# Make sure your secret_key_base is kept private
+# if you're sharing your code publicly.
+
+# Although this is not needed for an api-only application, rails4 
+# requires secret_key_base or secret_toke to be defined, otherwise an 
+# error is raised.
+# Using secret_token for rails3 compatibility. Change to secret_key_base
+# to avoid deprecation warning.
+# Can be safely removed in a rails3 api-only application.
+Dummy::Application.config.secret_token = 'df98291699a229624c0907ad6236b289bc51369d1d1f2729b2c66cdad46b60cb2cb64b93d47b0d2fd9aa4f833bc8d4c98eaaed223f9d4b9ed684677f655611e8'

data/spec/dummy/config/initializers/wrap_parameters.rb

@@ -0,0 +1,13 @@
+# Be sure to restart your server when you modify this file.
+#
+# This file contains settings for ActionController::ParamsWrapper
+
+# Enable parameter wrapping for JSON.
+# ActiveSupport.on_load(:action_controller) do
+#   wrap_parameters format: [:json] if respond_to?(:wrap_parameters)
+# end
+
+# To enable root element in JSON for ActiveRecord objects.
+# ActiveSupport.on_load(:active_record) do
+#  self.include_root_in_json = true
+# end

data/spec/dummy/log/development.log

@@ -357,3 +357,8 @@ Apartment::SchemaNotFound (One of the following schema(s) is invalid: ):
   Rendered /Users/manuelevidaurrea/Documents/work/agiltec/workspace/ruby/rails/cadenero/vendor/bundle/gems/actionpack-3.2.13/lib/action_dispatch/middleware/templates/rescues/_request_and_response.erb (16.8ms)
   Rendered /Users/manuelevidaurrea/Documents/work/agiltec/workspace/ruby/rails/cadenero/vendor/bundle/gems/actionpack-3.2.13/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb within rescues/layout (46.0ms)
 Connecting to database specified by database.yml
+Connecting to database specified by database.yml
+Connecting to database specified by database.yml
+Connecting to database specified by database.yml
+Connecting to database specified by database.yml
+Connecting to database specified by database.yml