cadenero 0.0.2.b6 → 0.0.2.b7

data/spec/features/accounts/sign_up_spec.rb

@@ -1,16 +1,14 @@
 require 'spec_helper'
-require 'cadenero/testing_support/authentication_helpers'
 
 feature 'Accounts' do
-  include Cadenero::TestingSupport::AuthenticationHelpers
 
   let(:errors_already_taken_subdomain)  {{ errors: {subdomain:["has already been taken"]} }.to_json} 
 
   scenario "creating an account" do
     sign_up_account
     expect(last_response.status).to eq 201
-    expect(json_last_response_body).to have_content "authentication_token"
-    expect(json_last_response_body["account"]["authentication_token"]).not_to eq nil
+    expect(json_last_response_body).to have_content "auth_token"
+    expect(json_last_response_body["account"]["auth_token"]).not_to eq nil
   end
 
   scenario "cannot create an account with an already used subdomain" do

data/spec/features/users/sign_in_spec.rb

@@ -1,86 +1,130 @@
 require 'spec_helper'
 require 'cadenero/testing_support/subdomain_helpers'
-require 'cadenero/testing_support/authentication_helpers'
 
 feature 'User sign in' do
   extend Cadenero::TestingSupport::SubdomainHelpers
-  include Cadenero::TestingSupport::AuthenticationHelpers
 
   let(:account) { FactoryGirl.create(:account_with_schema) }
-  let(:errors_redirect_ro_sign_in) {{errors: %Q{Please sign in. posting the user json credentials as: {"user": {"email": "testy2@example.com", "password": "changeme"}} to /v1/sessions}, links: "/v1/sessions"}.to_json}
+  let(:errors_redirect_ro_sign_in) {{errors: %Q{Please sign in. posting the user json credentials as: {"user": {"email": "testy2@example.com", "password": "changeme"}} or {"user": {"auth_token": d8Ff8uvupXQfChangeMe}} to /v1/sessions}, links: "/v1/sessions"}.to_json}
   let(:errors_invalid_email_or_password)  {{ errors: {user:["Invalid email or password"]} }.to_json} 
   let(:errors_invalid_subdomain)  {{ errors: {subdomain:["Invalid subdomain"]} }.to_json} 
   let(:sessions_url) { "http://#{account.subdomain}.example.com/v1/sessions" }
   let(:error_url) { "http://error.example.com/v1/sessions" }
   let(:root_url) { "http://#{account.subdomain}.example.com/v1" }
 
-  within_account_subdomain do
-    scenario "signs in as an account owner successfully" do
-      check_error_for_not_signed_in_yet
-      user_email = successful_sign_in_owner account
-      get root_url
-      expect(last_response.status).to eq 200
-      expect(json_last_response_body["message"]).to have_content user_email
-    end
+  context "with password strategy" do
+    within_account_subdomain do
+      scenario "signs in as an account owner successfully" do
+        check_error_for_not_signed_in_yet
+        user_email = successful_sign_in_owner_with_session account
+        get root_url
+        expect(last_response.status).to eq 200
+        expect(json_last_response_body["message"]).to have_content user_email
+      end
 
-    scenario "signs in as a user successfully" do
-      check_error_for_not_signed_in_yet
-      second_user_email = successful_sign_up_user_in_existing_account account, "_second"
-      second_user = Cadenero::User.where(email: second_user_email).first
-      successful_sign_in_user(account, account_user_params_json(second_user))
-      get root_url
-      expect(last_response.status).to eq 200
-      expect(json_last_response_body["message"]).to have_content second_user_email
-    end
+      scenario "signs in as a user successfully" do
+        check_error_for_not_signed_in_yet
+        second_user_email = successful_sign_up_user_in_existing_account_with_session account, "_second"
+        second_user = Cadenero::User.where(email: second_user_email).first
+        successful_sign_in_user_with_session(account, account_user_params_json(second_user))
+        get root_url
+        expect(last_response.status).to eq 200
+        expect(json_last_response_body["message"]).to have_content second_user_email
+      end
 
-    scenario "signout as an account owner successfully" do
-      user_email = successful_sign_in_owner account 
-      delete sessions_url, id: account.owner.id
-      expect(last_response.status).to eq 200
-      expect(json_last_response_body["message"]).to have_content "Successful logout"
-      check_error_for_not_signed_in_yet
-    end
+      scenario "signout as an account owner successfully" do
+        user_email = successful_sign_in_owner_with_session account 
+        delete sessions_url, id: account.owner.id
+        expect(last_response.status).to eq 200
+        expect(json_last_response_body["message"]).to have_content "Successful logout"
+        check_error_for_not_signed_in_yet
+      end
+
+      scenario "two users of the same account should have different auth_tokens" do
+        user_email = successful_sign_in_owner_with_session account
+        user_auth_token = json_last_response_body["user"]["auth_token"]
+        user = Cadenero::User.where(email: user_email).first
+        delete sessions_url, id: user.id
+        check_error_for_not_signed_in_yet
+        second_user_email = successful_sign_up_user_in_existing_account_with_session account, "_second"
+        second_user = Cadenero::User.where(email: second_user_email).first
+        successful_sign_in_user_with_session(account, account_user_params_json(second_user))
+        second_user_auth_token = json_last_response_body["user"]["auth_token"]
+        expect(second_user_auth_token).not_to eq([])
+        expect(user).not_to eq(second_user)
+        expect(user_auth_token).not_to eq(second_user_auth_token)
+      end
 
-    scenario "two users of the same account should have different auth_tokens" do
-      user_email = successful_sign_in_owner account
-      user_auth_token = json_last_response_body["user"]["auth_token"]
-      user = Cadenero::User.where(email: user_email).first
-      delete sessions_url, id: user.id
-      check_error_for_not_signed_in_yet
-      second_user_email = successful_sign_up_user_in_existing_account account, "_second"
-      second_user = Cadenero::User.where(email: second_user_email).first
-      successful_sign_in_user(account, account_user_params_json(second_user))
-      second_user_auth_token = json_last_response_body["user"]["auth_token"]
-      expect(second_user_auth_token).not_to eq([])
-      expect(user).not_to eq(second_user)
-      expect(user_auth_token).not_to eq(second_user_auth_token)
     end
 
-  end
+    context "without sign in" do
+      scenario "attempts sign in with an invalid password and fails" do
+        check_error_for_not_signed_in_yet
+        sign_in_user sessions_url, { email: "user@example.com", password: "" }
+        expected_json_errors(errors_invalid_email_or_password)
+      end
 
-  context "without sign in" do
-    scenario "attempts sign in with an invalid password and fails" do
-      check_error_for_not_signed_in_yet
-      sign_in_user sessions_url, { email: "user@example.com", password: "" }
-      expected_json_errors(errors_invalid_email_or_password)
-    end
+      scenario "attempts sign in with an invalid email address and fails" do
+        check_error_for_not_signed_in_yet
+        sign_in_user sessions_url, { email: "foo@example.com", password: "password"}
+        expected_json_errors(errors_invalid_email_or_password)
+      end
 
-    scenario "attempts sign in with an invalid email address and fails" do
-      check_error_for_not_signed_in_yet
-      sign_in_user sessions_url, { email: "foo@example.com", password: "password"}
-      expected_json_errors(errors_invalid_email_or_password)
-    end
+      scenario "cannot sign in if not a member of an existing subdomain" do
+        other_account = FactoryGirl.create(:account)
+        check_error_for_not_signed_in_yet
+        sign_in_user sessions_url, { email: other_account.owner.email, password: "password" }
+        expected_json_errors(errors_invalid_email_or_password)
+      end
 
-    scenario "cannot sign in if not a member of an existing subdomain" do
-      other_account = FactoryGirl.create(:account)
-      check_error_for_not_signed_in_yet
-      sign_in_user sessions_url, { email: other_account.owner.email, password: "password" }
-      expected_json_errors(errors_invalid_email_or_password)
-    end
+      scenario "cannot sign in if the subdomain does not exist" do 
+        sign_in_user error_url, account_user_params_json(account.owner)
+        expected_json_errors(errors_invalid_subdomain)
+      end
+    end     
+  end
 
-    scenario "cannot sign in if the subdomain does not exist" do 
-      sign_in_user error_url, account_user_params_json(account.owner)
-      expected_json_errors(errors_invalid_subdomain)
+  context "with token_authentication strategy" do
+    let(:account) { FactoryGirl.create(:account_with_schema) }
+    within_account_subdomain do
+      scenario "can access with the auth_token as signed in" do
+        user = account.owner
+        check_error_for_not_signed_in_yet
+        get root_url, {:auth_token => user.auth_token}
+        expect(last_response.status).to eq 200
+        expect(json_last_response_body["message"]).to have_content user.email
+      end
+      scenario "two users of the same account could access with their own auth_tokens" do
+        user = account.owner
+        check_error_for_not_signed_in_yet
+        second_user_email = successful_sign_up_user_in_existing_account_with_session account, "_second"
+        second_user = Cadenero::User.where(email: second_user_email).first
+        get root_url, {:auth_token => user.auth_token}
+        expect(last_response.status).to eq 200
+        expect(json_last_response_body["message"]).to have_content user.email
+        get root_url, {:auth_token => second_user.auth_token}
+        expect(last_response.status).to eq 200
+        expect(json_last_response_body["message"]).to have_content second_user.email
+      end
+      scenario "can not access with an auth_token from a user of other account" do
+        second_account = FactoryGirl.create(:account_with_schema)
+        user = second_account.owner
+        check_error_for_not_signed_in_yet
+        get root_url, {:auth_token => user.auth_token}
+        expected_json_errors(errors_redirect_ro_sign_in)
+      end
+      scenario "can access only with the auth_token as signed in and without cookies" do
+        user = account.owner
+        check_error_for_not_signed_in_yet
+        get root_url, {:auth_token => user.auth_token}
+        expect(last_response.status).to eq 200
+        expect(json_last_response_body["message"]).to have_content user.email
+        get "#{root_url}/users/#{user.id}", {}, 'HTTP_COOKIE' => '_session_id='
+        expected_json_errors(errors_redirect_ro_sign_in)
+        get "#{root_url}/users/#{user.id}", {:auth_token => user.auth_token}, 'HTTP_COOKIE' => '_session_id='
+        expect(last_response.status).to eq 200
+        expect(json_last_response_body["user"]["email"]).to eq(user.email)
+      end
     end
-  end 
+  end
 end

data/spec/features/users/sign_up_spec.rb

@@ -1,21 +1,19 @@
 require 'spec_helper'
-require 'cadenero/testing_support/authentication_helpers'
 
 feature "User signup" do
-  include Cadenero::TestingSupport::AuthenticationHelpers
 
   let!(:account) { FactoryGirl.create(:account_with_schema) }
   let(:root_url) { "http://#{account.subdomain}.example.com/" }
   scenario "under an account" do
-    user_email = successful_sign_up_user_in_existing_account account
+    user_email = successful_sign_up_user_in_existing_account_with_session account
     expect(user_email).to eq("user@example.com")
   end
 
   scenario "under two accounts" do
-    account_user_email = successful_sign_up_user_in_existing_account account
+    account_user_email = successful_sign_up_user_in_existing_account_with_session account
     owner = Cadenero::User.where(email: account_user_email).first
     second_account = FactoryGirl.create(:account_with_schema, owner: owner)
-    second_account_user_email = successful_sign_up_user_in_existing_account second_account
+    second_account_user_email = successful_sign_up_user_in_existing_account_with_session second_account
     get "#{root_url}v1/users/#{owner.id}"
     expect_subject_ids_to_have("user", "membership_ids", [second_account.id, account.id], 200)
     get "#{root_url}v1/users"

data/spec/spec_helper.rb

@@ -8,6 +8,7 @@ require 'factory_girl'
 require 'database_cleaner'
 require 'coveralls'
 require 'cadenero/testing_support/database_cleaning'
+require 'cadenero/testing_support/authentication_helpers'
 
 Coveralls.wear!
 
@@ -26,6 +27,7 @@ Dir[File.dirname(__FILE__) + "/support/**/*.rb"].each {|f| require f}
 RSpec.configure do |config|
   include ApiHelper
   config.include Cadenero::TestingSupport::DatabaseCleaning
+  config.include Cadenero::TestingSupport::AuthenticationHelpers, type: :feature
   # ## Mock Framework
   #
   # If you prefer to use mocha, flexmock or RR, uncomment the appropriate line:

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cadenero
 version: !ruby/object:Gem::Version
-  version: 0.0.2.b6
+  version: 0.0.2.b7
 platform: ruby
 authors:
 - Manuel Vidaurre
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-07-16 00:00:00.000000000 Z
+date: 2013-07-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails-api
@@ -213,6 +213,7 @@ files:
 - app/controllers/cadenero/v1/accounts_controller.rb
 - app/extenders/controllers/application_controller_decorator.rb
 - app/extenders/middleware/robustness.rb
+- app/models/cadenero/auth_token.rb
 - app/models/cadenero/member.rb
 - app/models/cadenero/user.rb
 - app/models/cadenero/v1/account.rb
@@ -220,6 +221,7 @@ files:
 - app/serializers/cadenero/user_serializer.rb
 - config/initializers/apartment.rb
 - config/initializers/warden/strategies/password.rb
+- config/initializers/warden/strategies/token_authentication.rb
 - config/initializers/warden.rb
 - config/routes.rb
 - db/migrate/20130612061604_create_cadenero_v1_accounts.rb