cadenero 0.0.2.b6 → 0.0.2.b7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/README.md +54 -9
- data/app/extenders/controllers/application_controller_decorator.rb +5 -1
- data/app/models/cadenero/auth_token.rb +35 -0
- data/app/models/cadenero/member.rb +1 -39
- data/app/models/cadenero/user.rb +1 -2
- data/app/models/cadenero/v1/account.rb +3 -46
- data/config/initializers/apartment.rb +3 -1
- data/config/initializers/warden/strategies/token_authentication.rb +35 -0
- data/config/initializers/warden.rb +1 -1
- data/db/migrate/20130612061604_create_cadenero_v1_accounts.rb +2 -2
- data/lib/cadenero/testing_support/authentication_helpers.rb +7 -7
- data/lib/cadenero/version.rb +1 -1
- data/spec/controllers/cadenero/v1/accounts_controller_spec.rb +1 -1
- data/spec/controllers/cadenero/v1/users_controller_spec.rb +1 -1
- data/spec/dummy/db/schema.rb +8 -8
- data/spec/dummy/db/seeds.rb +1 -1
- data/spec/dummy/log/development.log +37 -0
- data/spec/dummy/log/test.log +68034 -0
- data/spec/features/accounts/sign_up_spec.rb +2 -4
- data/spec/features/users/sign_in_spec.rb +106 -62
- data/spec/features/users/sign_up_spec.rb +3 -5
- data/spec/spec_helper.rb +2 -0
- metadata +4 -2
@@ -1,16 +1,14 @@
|
|
1
1
|
require 'spec_helper'
|
2
|
-
require 'cadenero/testing_support/authentication_helpers'
|
3
2
|
|
4
3
|
feature 'Accounts' do
|
5
|
-
include Cadenero::TestingSupport::AuthenticationHelpers
|
6
4
|
|
7
5
|
let(:errors_already_taken_subdomain) {{ errors: {subdomain:["has already been taken"]} }.to_json}
|
8
6
|
|
9
7
|
scenario "creating an account" do
|
10
8
|
sign_up_account
|
11
9
|
expect(last_response.status).to eq 201
|
12
|
-
expect(json_last_response_body).to have_content "
|
13
|
-
expect(json_last_response_body["account"]["
|
10
|
+
expect(json_last_response_body).to have_content "auth_token"
|
11
|
+
expect(json_last_response_body["account"]["auth_token"]).not_to eq nil
|
14
12
|
end
|
15
13
|
|
16
14
|
scenario "cannot create an account with an already used subdomain" do
|
@@ -1,86 +1,130 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
require 'cadenero/testing_support/subdomain_helpers'
|
3
|
-
require 'cadenero/testing_support/authentication_helpers'
|
4
3
|
|
5
4
|
feature 'User sign in' do
|
6
5
|
extend Cadenero::TestingSupport::SubdomainHelpers
|
7
|
-
include Cadenero::TestingSupport::AuthenticationHelpers
|
8
6
|
|
9
7
|
let(:account) { FactoryGirl.create(:account_with_schema) }
|
10
|
-
let(:errors_redirect_ro_sign_in) {{errors: %Q{Please sign in. posting the user json credentials as: {"user": {"email": "testy2@example.com", "password": "changeme"}} to /v1/sessions}, links: "/v1/sessions"}.to_json}
|
8
|
+
let(:errors_redirect_ro_sign_in) {{errors: %Q{Please sign in. posting the user json credentials as: {"user": {"email": "testy2@example.com", "password": "changeme"}} or {"user": {"auth_token": d8Ff8uvupXQfChangeMe}} to /v1/sessions}, links: "/v1/sessions"}.to_json}
|
11
9
|
let(:errors_invalid_email_or_password) {{ errors: {user:["Invalid email or password"]} }.to_json}
|
12
10
|
let(:errors_invalid_subdomain) {{ errors: {subdomain:["Invalid subdomain"]} }.to_json}
|
13
11
|
let(:sessions_url) { "http://#{account.subdomain}.example.com/v1/sessions" }
|
14
12
|
let(:error_url) { "http://error.example.com/v1/sessions" }
|
15
13
|
let(:root_url) { "http://#{account.subdomain}.example.com/v1" }
|
16
14
|
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
15
|
+
context "with password strategy" do
|
16
|
+
within_account_subdomain do
|
17
|
+
scenario "signs in as an account owner successfully" do
|
18
|
+
check_error_for_not_signed_in_yet
|
19
|
+
user_email = successful_sign_in_owner_with_session account
|
20
|
+
get root_url
|
21
|
+
expect(last_response.status).to eq 200
|
22
|
+
expect(json_last_response_body["message"]).to have_content user_email
|
23
|
+
end
|
25
24
|
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
25
|
+
scenario "signs in as a user successfully" do
|
26
|
+
check_error_for_not_signed_in_yet
|
27
|
+
second_user_email = successful_sign_up_user_in_existing_account_with_session account, "_second"
|
28
|
+
second_user = Cadenero::User.where(email: second_user_email).first
|
29
|
+
successful_sign_in_user_with_session(account, account_user_params_json(second_user))
|
30
|
+
get root_url
|
31
|
+
expect(last_response.status).to eq 200
|
32
|
+
expect(json_last_response_body["message"]).to have_content second_user_email
|
33
|
+
end
|
35
34
|
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
35
|
+
scenario "signout as an account owner successfully" do
|
36
|
+
user_email = successful_sign_in_owner_with_session account
|
37
|
+
delete sessions_url, id: account.owner.id
|
38
|
+
expect(last_response.status).to eq 200
|
39
|
+
expect(json_last_response_body["message"]).to have_content "Successful logout"
|
40
|
+
check_error_for_not_signed_in_yet
|
41
|
+
end
|
42
|
+
|
43
|
+
scenario "two users of the same account should have different auth_tokens" do
|
44
|
+
user_email = successful_sign_in_owner_with_session account
|
45
|
+
user_auth_token = json_last_response_body["user"]["auth_token"]
|
46
|
+
user = Cadenero::User.where(email: user_email).first
|
47
|
+
delete sessions_url, id: user.id
|
48
|
+
check_error_for_not_signed_in_yet
|
49
|
+
second_user_email = successful_sign_up_user_in_existing_account_with_session account, "_second"
|
50
|
+
second_user = Cadenero::User.where(email: second_user_email).first
|
51
|
+
successful_sign_in_user_with_session(account, account_user_params_json(second_user))
|
52
|
+
second_user_auth_token = json_last_response_body["user"]["auth_token"]
|
53
|
+
expect(second_user_auth_token).not_to eq([])
|
54
|
+
expect(user).not_to eq(second_user)
|
55
|
+
expect(user_auth_token).not_to eq(second_user_auth_token)
|
56
|
+
end
|
43
57
|
|
44
|
-
scenario "two users of the same account should have different auth_tokens" do
|
45
|
-
user_email = successful_sign_in_owner account
|
46
|
-
user_auth_token = json_last_response_body["user"]["auth_token"]
|
47
|
-
user = Cadenero::User.where(email: user_email).first
|
48
|
-
delete sessions_url, id: user.id
|
49
|
-
check_error_for_not_signed_in_yet
|
50
|
-
second_user_email = successful_sign_up_user_in_existing_account account, "_second"
|
51
|
-
second_user = Cadenero::User.where(email: second_user_email).first
|
52
|
-
successful_sign_in_user(account, account_user_params_json(second_user))
|
53
|
-
second_user_auth_token = json_last_response_body["user"]["auth_token"]
|
54
|
-
expect(second_user_auth_token).not_to eq([])
|
55
|
-
expect(user).not_to eq(second_user)
|
56
|
-
expect(user_auth_token).not_to eq(second_user_auth_token)
|
57
58
|
end
|
58
59
|
|
59
|
-
|
60
|
+
context "without sign in" do
|
61
|
+
scenario "attempts sign in with an invalid password and fails" do
|
62
|
+
check_error_for_not_signed_in_yet
|
63
|
+
sign_in_user sessions_url, { email: "user@example.com", password: "" }
|
64
|
+
expected_json_errors(errors_invalid_email_or_password)
|
65
|
+
end
|
60
66
|
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
end
|
67
|
+
scenario "attempts sign in with an invalid email address and fails" do
|
68
|
+
check_error_for_not_signed_in_yet
|
69
|
+
sign_in_user sessions_url, { email: "foo@example.com", password: "password"}
|
70
|
+
expected_json_errors(errors_invalid_email_or_password)
|
71
|
+
end
|
67
72
|
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
+
scenario "cannot sign in if not a member of an existing subdomain" do
|
74
|
+
other_account = FactoryGirl.create(:account)
|
75
|
+
check_error_for_not_signed_in_yet
|
76
|
+
sign_in_user sessions_url, { email: other_account.owner.email, password: "password" }
|
77
|
+
expected_json_errors(errors_invalid_email_or_password)
|
78
|
+
end
|
73
79
|
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
+
scenario "cannot sign in if the subdomain does not exist" do
|
81
|
+
sign_in_user error_url, account_user_params_json(account.owner)
|
82
|
+
expected_json_errors(errors_invalid_subdomain)
|
83
|
+
end
|
84
|
+
end
|
85
|
+
end
|
80
86
|
|
81
|
-
|
82
|
-
|
83
|
-
|
87
|
+
context "with token_authentication strategy" do
|
88
|
+
let(:account) { FactoryGirl.create(:account_with_schema) }
|
89
|
+
within_account_subdomain do
|
90
|
+
scenario "can access with the auth_token as signed in" do
|
91
|
+
user = account.owner
|
92
|
+
check_error_for_not_signed_in_yet
|
93
|
+
get root_url, {:auth_token => user.auth_token}
|
94
|
+
expect(last_response.status).to eq 200
|
95
|
+
expect(json_last_response_body["message"]).to have_content user.email
|
96
|
+
end
|
97
|
+
scenario "two users of the same account could access with their own auth_tokens" do
|
98
|
+
user = account.owner
|
99
|
+
check_error_for_not_signed_in_yet
|
100
|
+
second_user_email = successful_sign_up_user_in_existing_account_with_session account, "_second"
|
101
|
+
second_user = Cadenero::User.where(email: second_user_email).first
|
102
|
+
get root_url, {:auth_token => user.auth_token}
|
103
|
+
expect(last_response.status).to eq 200
|
104
|
+
expect(json_last_response_body["message"]).to have_content user.email
|
105
|
+
get root_url, {:auth_token => second_user.auth_token}
|
106
|
+
expect(last_response.status).to eq 200
|
107
|
+
expect(json_last_response_body["message"]).to have_content second_user.email
|
108
|
+
end
|
109
|
+
scenario "can not access with an auth_token from a user of other account" do
|
110
|
+
second_account = FactoryGirl.create(:account_with_schema)
|
111
|
+
user = second_account.owner
|
112
|
+
check_error_for_not_signed_in_yet
|
113
|
+
get root_url, {:auth_token => user.auth_token}
|
114
|
+
expected_json_errors(errors_redirect_ro_sign_in)
|
115
|
+
end
|
116
|
+
scenario "can access only with the auth_token as signed in and without cookies" do
|
117
|
+
user = account.owner
|
118
|
+
check_error_for_not_signed_in_yet
|
119
|
+
get root_url, {:auth_token => user.auth_token}
|
120
|
+
expect(last_response.status).to eq 200
|
121
|
+
expect(json_last_response_body["message"]).to have_content user.email
|
122
|
+
get "#{root_url}/users/#{user.id}", {}, 'HTTP_COOKIE' => '_session_id='
|
123
|
+
expected_json_errors(errors_redirect_ro_sign_in)
|
124
|
+
get "#{root_url}/users/#{user.id}", {:auth_token => user.auth_token}, 'HTTP_COOKIE' => '_session_id='
|
125
|
+
expect(last_response.status).to eq 200
|
126
|
+
expect(json_last_response_body["user"]["email"]).to eq(user.email)
|
127
|
+
end
|
84
128
|
end
|
85
|
-
end
|
129
|
+
end
|
86
130
|
end
|
@@ -1,21 +1,19 @@
|
|
1
1
|
require 'spec_helper'
|
2
|
-
require 'cadenero/testing_support/authentication_helpers'
|
3
2
|
|
4
3
|
feature "User signup" do
|
5
|
-
include Cadenero::TestingSupport::AuthenticationHelpers
|
6
4
|
|
7
5
|
let!(:account) { FactoryGirl.create(:account_with_schema) }
|
8
6
|
let(:root_url) { "http://#{account.subdomain}.example.com/" }
|
9
7
|
scenario "under an account" do
|
10
|
-
user_email =
|
8
|
+
user_email = successful_sign_up_user_in_existing_account_with_session account
|
11
9
|
expect(user_email).to eq("user@example.com")
|
12
10
|
end
|
13
11
|
|
14
12
|
scenario "under two accounts" do
|
15
|
-
account_user_email =
|
13
|
+
account_user_email = successful_sign_up_user_in_existing_account_with_session account
|
16
14
|
owner = Cadenero::User.where(email: account_user_email).first
|
17
15
|
second_account = FactoryGirl.create(:account_with_schema, owner: owner)
|
18
|
-
second_account_user_email =
|
16
|
+
second_account_user_email = successful_sign_up_user_in_existing_account_with_session second_account
|
19
17
|
get "#{root_url}v1/users/#{owner.id}"
|
20
18
|
expect_subject_ids_to_have("user", "membership_ids", [second_account.id, account.id], 200)
|
21
19
|
get "#{root_url}v1/users"
|
data/spec/spec_helper.rb
CHANGED
@@ -8,6 +8,7 @@ require 'factory_girl'
|
|
8
8
|
require 'database_cleaner'
|
9
9
|
require 'coveralls'
|
10
10
|
require 'cadenero/testing_support/database_cleaning'
|
11
|
+
require 'cadenero/testing_support/authentication_helpers'
|
11
12
|
|
12
13
|
Coveralls.wear!
|
13
14
|
|
@@ -26,6 +27,7 @@ Dir[File.dirname(__FILE__) + "/support/**/*.rb"].each {|f| require f}
|
|
26
27
|
RSpec.configure do |config|
|
27
28
|
include ApiHelper
|
28
29
|
config.include Cadenero::TestingSupport::DatabaseCleaning
|
30
|
+
config.include Cadenero::TestingSupport::AuthenticationHelpers, type: :feature
|
29
31
|
# ## Mock Framework
|
30
32
|
#
|
31
33
|
# If you prefer to use mocha, flexmock or RR, uncomment the appropriate line:
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cadenero
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.2.
|
4
|
+
version: 0.0.2.b7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Manuel Vidaurre
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2013-07-
|
11
|
+
date: 2013-07-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails-api
|
@@ -213,6 +213,7 @@ files:
|
|
213
213
|
- app/controllers/cadenero/v1/accounts_controller.rb
|
214
214
|
- app/extenders/controllers/application_controller_decorator.rb
|
215
215
|
- app/extenders/middleware/robustness.rb
|
216
|
+
- app/models/cadenero/auth_token.rb
|
216
217
|
- app/models/cadenero/member.rb
|
217
218
|
- app/models/cadenero/user.rb
|
218
219
|
- app/models/cadenero/v1/account.rb
|
@@ -220,6 +221,7 @@ files:
|
|
220
221
|
- app/serializers/cadenero/user_serializer.rb
|
221
222
|
- config/initializers/apartment.rb
|
222
223
|
- config/initializers/warden/strategies/password.rb
|
224
|
+
- config/initializers/warden/strategies/token_authentication.rb
|
223
225
|
- config/initializers/warden.rb
|
224
226
|
- config/routes.rb
|
225
227
|
- db/migrate/20130612061604_create_cadenero_v1_accounts.rb
|